Position: Data Protection Officer
Last date to apply: 25th November, 2020
As one of the leading employers in the country, Jazz epitomizes the philosophy that each Jazz employee is passionately living a better every day inspired and enabled by visionary leadership, a unique professional culture, a flourishing lifestyle, and continuous learning and development.
Our Team & You
As one of the largest private sector organizations in Pakistan, our objective is to continue to change the lives of our 64 million customers for the better. This is an opportunity for someone who wants to be part of something transformative, someone who can play a critical role in driving our success. Together, we can empower millions more with the tools necessary to progress in an increasingly digital economy.
What the first 30-60-90 days in the job will look like?
-Within 30 days you will:
· Attend and graduate from our company-wide on boarding process along with a detailed orientation program where you will learn about Jazz’s core values, business, and products.
· Develop understanding of your division, function, its structure, and your role within the team.
· Meet the relevant stakeholders concerning your team.
· Develop understanding of company policies and procedures relating to data privacy and due diligence etc. of the company and its subsidiaries.
· Get familiarized with various online tools and portals used by the Legal Affairs department.
· Get acquainted with external and internal stakeholders in order to provide assistance from a data privacy perspective.
-Within 60 days, you will:
· Through on-going work, experience and self-learning, acquire a good understanding of technology, digital products and services and developments in this space.
· Monitor and track all new local privacy rules, and analyze new local privacy rules to ascertain impact and changes on the business and other functions in the Opco.
· Be familiar and regularly review jointly with key stakeholders local data flows in respective local OpCos to ensure their compliance with local privacy rules.
· Demonstrate an understanding how data & privacy impact the objectives of the key stakeholders, and pro-actively engage to ensure data & privacy issues are taken into account in developing these objectives.
· Coordinate with relevant teams to ascertain all data security controls are in place to eliminate risks.
-Within 90 days to onwards you will:
· Manage and investigate customer privacy breach complaints. Guide relevant departments/teams and develop awareness on how to protect and handle customer information as per organizational policies and laws.
· Engage with local key stakeholders and business counterparts in order to ensure incorporation of the privacy by design in new products development.
· Conduct periodic audits of implemented data security controls and ensure implementation of necessary detective and preventive measures.
· Review organizational policies and procedures, identify gaps and recommend changes to processes accordingly keeping best practices in view.
· Collaborate with CRA to lobby along with industry and help Government to formulate regulations for cyber-crimes.
· Be able to apply both local privacy rules and international best practice to both Group strategic digital projects and Opco business initiatives, demonstrating an ability to structure own legal analysis and applying these to develop solutions through commercial and legal insights.
· Be able to take part in investigation process to solve problems for the organization/employee/customer.
· Be able to facilitate in formalization of team for any agreement, service launch or hiring of vendor/supplier in coordination with supply chain management team.
· Be able to coordinate with relevant teams to respond to data requests received from regulatory authorities on timely basis to avoid violation of court laws.
A Bit About You:
We are looking for someone who has delivered on challenging projects and has taken end to end responsibility from planning to roll out within corporate environment with a strong technical knowledge of technology platforms, inclusive of systems, network devices, and security solutions.
Be well versed with all current legislation, regulations and material developments relating to data protection and also other sectorial legislation (Telecoms, E-Communications, and Messengers etc.) as they relate to data and privacy (“Local Privacy Rules”).
A Bit About Us:
The team is part of the Data Privacy Department within the Legal Affairs Division which is one of the most innovative, exciting and competent department in the Market. The team is responsible for managing data protection portfolio at Jazz.
The structure of the team you will join is:
· A 02 member team (including the department head).
· You will be reporting to Chief Legal Officer.
The main priorities of the team as a whole are:
Manage risk identification, assess, mitigate and report to internal stakeholders.
Design, implement and govern data protection framework, including compliance activity on all aspects of data protection within Jazz.
Proactively identify and assess threats to IT systems and data warehouse and ensure reporting & evaluations of incidents.
Ensure confidential data is protected and violations of policy is recorded and investigated.
To collaborate and produce effective business results, the role requires
Interface with external partners, customers, and other 3rd parties for matters involving information security and information risk management.
The two (02) specific tasks that team was working on in the last 6 months with results.
Oversee the day to day administration and management of information security tools, both in-sourced and outsourced, as well as third-party/managed security service providers.
· Drive awareness sessions with regards to privacy compliance and data protection.
The must have past experiences the candidate should have.
Experience of handling and dealing with various internal/external stakeholders.
Minimum 5 to 6 years of experience in Telecom/IT industry.
The must have technologies the candidate should have.
Windows OS, Linux, Cisco iOS/NX-OS, relational databases, and other core enterprise technologies.
Essential skills must have:
· Comprehensive knowledge of Information Security and data privacy structure and SOPs.
· In-depth knowledge of Legal and Regulatory requirements.
· Practical knowledge of Project Management
· Detailed knowledge of IT audit processes and risk assessment processes.
Strong communication, interpersonal and negotiation skills.
· Bachelor's degree in Computer Science, Management or an IT-related discipline.
· CISA (Certified Information Systems Auditor).
· CISSP (Certified Information Systems Security Professional) or CPP (Certified Protection Professional).