What will you do - Responsibilities:
Compliance to Information/data regulations
Work with regional and country-specific subject matter experts as well as our Corporate Data Protection Officer to identify developments in information security/protection laws and regulations that may impact company information security policies and practices. Define policy and procedure to drive regulatory IT compliance.
Proactive Governance
Work with our IT teams to identify the impact of regulatory non-compliance for new and existing data processing. Liaise with all our IT colleagues including our own security team to ensure we are efficient enablers of change whilst driving privacy by design principles. Ensure that efficient IT regulatory governance processes are defined and implemented globally and that IT personnel is fully educated and trained on responsibilities to meet regulatory compliance.
Risk & Controls Management
Conduct IT risk assessments based on our legal teams interpretation of regulations to ensure we have adequate controls in place to efficiently demonstrate compliance globally.
Technology Solutions
Work with our TSC to research technology solutions from existing and new providers to minimize the risk of personal data loss or non-compliance to regulations aiming to automate decision making wherever possible. Manage the implementation through collaboration with necessary IT teams.
IT Data Breach Register and IT Personal Data Inventory
Manage the IT data breach register to ensure that incidents are tracked to support data breach reporting and to be in compliance with the company data privacy policy. Manage the IT Personal Data Inventory to ensure that IT can demonstrate clearly which technology is used to process personal data for which data subjects across JTI, and to further ensure that the appropriate Technical and Operational Measures are in place to protect that data processing.
Personal Data Breach reporting and Security Investigations
The employee will be responsible to design and implementation a sustainable data incident response process to support comply with regulations. To manage data incident response activities where required for local or cross entity incidents and to ensure continuity of service by training IT colleagues on data incident response responsibilities. In the event of a data breach to inform Information Security management of the extent of the breach in as short a time frame as possible. In the event of a data breach incident the incumbent will be required to conduct an investigation to determine the remediation and control activities required to prevent reoccurrence.
Controls Verification
Provide support to the Compliance Manager by periodically conducting data privacy audits to verify the effectiveness of the IT controls. Providing feedback and working in collaboration on improvements to the controls framework and to ensure timely risk mitigation.
Digital Investigations
Provide a highly confidential service to Legal, Compliance and P&C by performing E Discovery and document investigations to provide detailed reports to strict standards which are admissible in a court of law.
