Provide leadership and direction across Bupa Global Latin America (BGLA) on managing data privacy and information governance issues consistent with Bupa’s Privacy Principles and Requirements (including regulatory compliance, risk management, record retention and management and data quality) with support from attorney colleagues, to advise BGLA management and staff on data privacy law, regulation and best practices relevant to BGLA business (including HIPAA, GDPR, and local equivalents).
Addressing Privacy risk in the business operations of BGLA, The jobholder will be required to look at information governance issues facing BGLA companies, and the impact of data handling on our partnerships around the world. This will include:
- Working with the businesses to appropriately address compliance with applicable laws, regulatory requirements, Bupa Privacy and Information Security policies and industry practice such as NYMITY, ISO 27001and PCI-DSS.
- Responsibility for reporting and assurance to appropriate internal governance groups and meetings within BGLA and International Markets.
The jobholder will also have direct responsibility for carrying out all necessary compliance monitoring activity on BGLA’s Information Security framework and arrangements – this compliance monitoring activity shall be carried out in line with any applicable direction from Bupa Group, International Markets and the BGLA Risk and Compliance Director. To the extent that any such compliance monitoring activity involves the review of privacy controls established directly by the jobholder, the jobholder shall discuss with the BGLA Risk and Compliance Director the most appropriate way to ensure that any review/monitoring is carried out with the requisite degree of 2nd Line of Defence independence.
- Actively manage relationships with colleagues at all levels to understand BGLA’s compliance with relevant legal, regulatory and Group policies relating to information management. Acting as BGLA’s subject matter expert with regard to any Privacy initiatives.
- Represent Bupa Global Latin America on any Corporate Centre, Market unit or cross business committees/forums relating to Privacy and Information Governance (as required).
- Be accountable for facilitating implementation and embedding of the required Privacy program policies and procedures for BGLA staff, third parties, temporary staff and.
Consultancy & Advice
- Provide guidance and subject matter expertise to ensure the potential impact of solutions in respect of the Privacy framework are understood at all levels across the business unit.
- On discovery of any actual or suspected breaches of legislation, regulatory requirements or Bupa policies relating to information risk:
- To take leadership of the investigation and delegate investigative and remedial action where appropriate, keeping senior management informed; and
- Ensure that recommendations are produced regarding follow-up actions to prevent any recurrence.
- Ensure the business takes ownership for and effectively delivers on relevant follow up actions.
- To act as a subject matter expert and provide specialist advice to the Executive Team and Risk Management Committee, if required, particularly in relation to any breaches of Bupa’s Privacy practices.
- Play an active role in the communication, development and explanation of Privacy requirements to first-line management and staff.
- Drafting guidance material on information handling for use by managers and staff.
The Ideal Candidate
- Five (5) to Seven (7) years of experience in Privacy, Information Governance or records management
- Bachelor’s degree required, Master’s or Juris Doctorate preferred
- CIPP, CIPM, and/or CIPT certification
- External accreditation/ certification in Information Risk and/or Information Governance related initiatives
- Extensive and proven experience in development of policies and procedures within the financial services and or healthcare sector
- Excellent oral and written communications
- Excellent organization, time management and initiative