The Privacy Officer is responsible for driving the Company’s Privacy and Information Governance Program throughout the organization. Generally, the role is to provide timely, efficient, results-oriented decision-making and provide professional advice on Privacy and Information Governance issues relating to a broad range of corporate, insurance and commercial matters with international dimensions to ensure that the legal, regulatory and contractual requirements for the organisation are met.
The Privacy Officer must be forward looking with a strategic and analytical approach to their work. The role holder should be able to consistently demonstrate creative, objective and lateral thinking when working under pressure.
The role requires subject matter expertise in assuring that BGLA creates and maintains an appropriate and effective framework in place in respect of data privacy and information risk- management and governance.
He/she must be fully committed to meeting the objectives of their own role and for ensuring that these align with Bupa’s overall business ethos, strategy and ambitions.
Addressing Privacy risk in the business operations of BGLA, The jobholder will be required to look at information governance issues facing BGLA companies, and the impact of data handling on our partnerships around the world. This will include:
- Working with the businesses to appropriately address compliance with applicable laws, regulatory requirements, Bupa Privacy and Information Security policies and industry practice such as NYMITY, ISO 27001and PCI-DSS.
- Responsibility for reporting and assurance to appropriate internal governance groups and meetings within BGLA and International Markets
The jobholder will also have direct responsibility for carrying out all necessary compliance monitoring activity on BGLA’s Information Security framework and arrangements – this compliance monitoring activity shall be carried out in line with any applicable direction from Bupa Group, International Markets and the BGLA Risk and Compliance Director. To the extent that any such compliance monitoring activity involves the review of privacy controls established directly by the jobholder, the jobholder shall discuss with the BGLA Risk and Compliance Director the most appropriate way to ensure that any review/monitoring is carried out with the requisite degree of 2nd Line of Defence independence.
- Actively manage relationships with colleagues at all levels to understand BGLA’s compliance with relevant legal, regulatory and Group policies relating to information management. Acting as BGLA’s subject matter expert with regard to any Privacy initiatives.
- Represent Bupa Global Latin America on any Corporate Centre, Market unit or cross business committees/forums relating to Privacy and Information Governance (as required).
- Be accountable for facilitating implementation and embedding of the required Privacy program policies and procedures for BGLA staff, third parties, temporary staff and Consultancy & Advice.
- Provide guidance and subject matter expertise to ensure the potential impact of solutions in respect of the Privacy framework are understood at all levels across the business unit.
- On discovery of any actual or suspected breaches of legislation, regulatory requirements or Bupa policies relating to information risk:
- To take leadership of the investigation and delegate investigative and remedial action where appropriate, keeping senior management informed; and
- Ensure that recommendations are produced regarding follow-up actions to prevent any recurrence.
- Ensure the business takes ownership for and effectively delivers on relevant follow up actions.
- To act as a subject matter expert and provide specialist advice to the Executive Team and Risk Management Committee, if required, particularly in relation to any breaches of Bupa’s Privacy practices.
- Play an active role in the communication, development and explanation of Privacy requirements to first-line management and staff.
- Drafting guidance material on information handling for use by managers and staff.
- Where necessary deliver training.
The Ideal Candidate
- Five (5) to Seven (7) years of experience in Privacy, Information Governance or records management.
- Bachelor’s degree required, Master’s or Juris Doctorate preferred.
- CIPP, CIPM, and/or CIPT certification.
- External accreditation/ certification in Information Risk and/or Information Governance related initiatives.
- Extensive and proven experience in development of policies and procedures within the financial services and or healthcare sector.
- Excellent oral and written communications.
- Excellent organization, time management and initiative
About the Company
Bupa Global is an Equal Opportunity Employer
Bupa is an equal opportunity employer and in compliance with the law prohibits discrimination against applicants and employees based on the following characteristics: veteran status, uniformed service member status, sex, race, color, ancestry, national origin, religion, age, marital status, sexual orientation, pregnancy, childbirth and related conditions, familial status, citizenship, sickle cell trait, AIDS/HIV status (actual or perceived), genetic information, testing or characteristics or any other legally recognized status entitled to protection under federal, state, and local anti-discrimination laws. Bupa’s Equal Employment Opportunity Policy applies to all applicants and employees with respect to all terms and conditions of employment, including recruitment, hiring, training, compensation, transfer, layoff recall, benefits, promotion and separation.