Assistant Vice President

KEY RESPONSIBILITIES

Responsibility

Core activities

Framework

Privacy Assessments

• Conduct and maintain privacy processes including data protection impact assessments (DPIA) and Data Processing Assessments (DPA).
• Support the ongoing effort to update record of processing assessments (ROPA) for IT applications.
• Maintain records of processing activities (ROPA) and safeguards such as privacy by design, to ensure compliance to regulatory requirements.
• NO

POPIA, GDPR, CCPA, LGPD Brazil, EU SCCs

Privacy Policies and Procedures

• Help mature policies, processes, and procedures to manage data processing (e.g., purpose, scope, roles, and responsibilities) consistent with risk strategy, to protect personal and sensitive data-
• Understand the current state of privacy maturity within and maintain measurement of the impact of the Privacy Program on maturity-

NIST, ISO/IEC 29100:201 ISO27001, ISO27017, SOCI, SOCII, SOCII

Personal Data Governance

• Implement and integrate data privacy and governance practices across to address regulatory compliance and protect sensitive information.
• Facilitate the management and governance of personal data to protect individuals privacy, increase manageability and enable the implementation of privacy principles (for example data quality, data minimisation, data retention)

Varonis Implementation however towards data classification and labelling

NIST, ISO

Remark:

Third Party Privacy Assessment

• Assess privacy posture of new vendors and detail associated privacy risks.
• Support business on details Data Processing Agreements.
• GAP analysis of technical and organizational measures (TOMS).
• Audit clause reviews.
• Sub processor risk analysis.

SOCI, SOCII, Sox

No experience of conducting the assessment.

Have been part of reviewing DPA.

.

Policy & Procedure Management

• Assist in the review and maintenance of the repository of IT policies and procedures. Ensure IT policies and procedures are updated as and when required, while ensuring privacy impacts are considered.

POPIA, GDPR, CCPA, LGPD Brazil, EU SCCs

Data protection policy, privacy notice.

To conduct and facilitate reviews of IT privacy controls based on standard methodologies and an understanding of technical infrastructure, IT & privacy risk and cyber security

• Facilitate reviews of IT risk compliance work programs with technical teams
• Carry out reviews to a professional standard
• Issue agreed review finding reports
• Facilitate the remediation process for gaps / weaknesses identified
• Identify areas of improvement
• Evaluate the design and the effectiveness of current security controls from an IT Risk & Compliance perspective

NIST, ISO/IEC 29100:201 ISO27001, ISO27017, SOCI, SOCII, SOCII

Cross competency collaboration

Work with Legal Compliance on privacy matters relating to personal data processing.

• Collaborate with key business functions on IT privacy matters (Security, Legal, Procurement, HR, IT)- No

Assist with evidence provision and query response turnaround -No

POPIA, GDPR, CCPA, LGPD Brazil, EU SCCs

Assist with the ongoing monitoring of the IT Compliance Programs

• Ongoing Monitoring of compliance to IT control & security requirements for designated systems- No

Assist with the remediation process for gaps / weaknesses identifiedNo

CobIT, SOx 404, ISO27001, ISO27018, ISO27017, ISO27005, ISO31000, NIST

Assist with the review and monitoring of the IT privacy risk assessments & reviews

Assist with IT privacy risk assessments and reviews people systems-

IAPP, ISO27001, ISO27017, ISO27701, Region Specific Regulatory Requirements, GDPR, CCPA, POPIA, LGPD Brazil, SCCs