Our vacancies

Search Jobs  

Privacy Officer

Please Note: The application deadline for this job has now passed.

Job Introduction

Provide leadership and direction across Bupa Global Latin America (BGLA) on managing data privacy and information governance issues consistent with Bupa’s Privacy Principles and Requirements (including regulatory compliance, risk management, record retention and management and data quality) with support from attorney colleagues, to advise BGLA management and staff on data privacy law, regulation and best practices relevant to BGLA business (including HIPAA, GDPR, and local equivalents).

He/she works with Regional staff to coordinate a consistent framework and approach to data privacy and information risk and governance to ensure that plans are consistent and co-ordinated across BGLA and with International Markets, including oversight and delivery of self-assessments and/or reporting requirements to ensure that information handling policies, procedures, processes, training etc. used across BGLA are appropriate for the business and consistent with Bupa’s Privacy Policy to keep senior management at BGLA appraised of material weaknesses in or failings of internal controls or non-compliance with Regulatory requirements and BUPA Group policies in relation to information management. He/she will deliver, in conjunction with the Risk function, effective, relevant and timely reports on findings from any information handling incidents.


Role Responsibility

Addressing Privacy risk in the business operations of BGLA, The jobholder will be required to look at information governance issues facing BGLA companies, and the impact of data handling on our partnerships around the world. This will include:

  • Working with the businesses to appropriately address compliance with applicable laws, regulatory requirements, Bupa Privacy and Information Security policies and industry practice such as NYMITY, ISO 27001and PCI-DSS.
  • Setting direction on matters related to notice, data handling, data-sharing and cross-border data transmission, in line with the Bupa Privacy Policy and Strategy, as part of an effective first line of defence function within BGLA
  • Responsibility for reporting and assurance to appropriate internal governance groups and meetings within BGLA and International Markets.

The jobholder will also have direct responsibility for carrying out all necessary compliance monitoring activity on BGLA’s Information Security framework and arrangements – this compliance monitoring activity shall be carried out in line with any applicable direction from Bupa Group, International Markets and the BGLA Risk and Compliance Director.  To the extent that any such compliance monitoring activity involves the review of privacy controls established directly by the jobholder, the jobholder shall discuss with the BGLA Risk and Compliance Director the most appropriate way to ensure that any review/monitoring is carried out with the requisite degree of 2nd Line of Defence independence.


  • Actively manage relationships with colleagues at all levels to understand BGLA’s compliance with relevant legal, regulatory and Group policies relating to information management.  Acting as BGLA’s subject matter expert with regard to any Privacy initiatives.
  • Represent Bupa Global Latin America on any Corporate Centre, Market unit or cross business committees/forums relating to Privacy and Information Governance (as required).
  • Be accountable for facilitating implementation and embedding of the required Privacy program  policies and procedures for BGLA staff, third parties, temporary staff and.

Consultancy & Advice

  • Provide guidance and subject matter expertise to ensure the potential impact of solutions in respect of the Privacy framework are understood at all levels across the business unit.
  • On discovery of any actual or suspected breaches of legislation, regulatory requirements or Bupa policies relating to information risk:
    • To take leadership of the investigation and delegate investigative and remedial action where appropriate, keeping senior management informed; and
    • Ensure that recommendations are produced regarding follow-up actions to prevent any recurrence.
    • Ensure the business takes ownership for and effectively delivers on relevant follow up actions.
  • To act as a subject matter expert and provide specialist advice to the Executive Team and Risk Management Committee, if required, particularly in relation to any breaches of Bupa’s Privacy practices.
  • Play an active role in the communication, development and explanation of Privacy requirements to first-line management and staff.
  • Drafting guidance material on information handling for use by managers and staff.

The Ideal Candidate

  • Five (5) to Seven (7) years of experience in Privacy, Information Governance or records management
  • Bachelor’s degree required, Master’s or Juris Doctorate preferred
  • CIPP, CIPM, and/or CIPT certification
  • External accreditation/ certification in Information Risk and/or Information Governance  related initiatives
  • Extensive and proven experience in development of policies and procedures within the financial services and or healthcare sector
  • Excellent oral and written communications
  • Excellent organization, time management and initiative


This website is using cookies to improve your browsing experience. If you navigate to another page without changing the settings below you consent to this. Read more about cookies.