Data Privacy Associate at Roche

The Position

• Roche Diabetes Care in Midrand is seeking a Data Privacy Associate on a 18 month fixed term contract, to be responsible for advising on the legal responsibilities regarding compliance with national and international privacy laws and data security.

Accountabilities

Accountability: Strategic direction & governance

• Provide Assistance in setting the data privacy strategy, as well as the privacy risk and control threshold for the organization.
• Assist in driving compliance to all data privacy laws and regulations and address these requirements early on in new technologies.
• Develop and oversee the application of data privacy policies and standards and maintain these annually.
• Enable compliance with data privacy regulations and foster a data protection culture within the organization.
• Pro-actively conduct data protection impact assessments for the Group’s products, projects and processes.
• Provide guidance on data privacy risk management with key stakeholders and suppliers.
• Partner with organization and Technology to ensure data privacy issues are considered at the outset of new projects, products and initiatives.
• Monitor the evolving data privacy regulatory landscape to keep visibility on trends, and best practices to adequately address current policies or standards.
• Inform and Monitor the organizations Data Privacy risk appetite and changes to it.
• Assist in the develop and maintaining an appropriate operating model to ensure that the data privacy policy requirements are implemented with adequate oversight from the Global Privacy Office.
• Assess the risk on all requests for dispensations, waivers and breaches, and escalate to the Global Privacy Office for consideration.
• Participate in investigations, reviews, approvals, incidents and exceptions to address matters impacting the risk

Accountability: Oversight & reporting

• Monitor compliance with data protection regulations and organization policies
• Continuous engagement with the various regulators and keeping up to date with data privacy regulations.
• Support the data incident response and data breach notification procedures
• Timeously validate and respond to data subject requests received at local level and from Global Privacy Office
• Provide assistance in overseeing data privacy incident and breach procedures and response, including investigation, documentation, reporting, maintenance of records and the implementation of corrective action.
• Oversee the development and/or implementation of training on the policies and standards to deliver compliance and to foster a data privacy culture.
• Assists in the management of and reporting on the status of data privacy risk to internal and, where relevant, external stakeholders, including regulatory bodies.

Accountability: Stakeholder management

• Act as an ambassador with colleagues, regulators and other stakeholders with a view to establishing a leading function within the organization.
• Be registered with relevant regulatory or professional bodies
• Advise stakeholders on the management of relevant data risks, by participating in product/project/change approval and review processes.
• Ensure that proactive and risk-based advice is delivered through effective partnership with others at all levels – the front-office and other infrastructure functions.

Education And Experience Required

• Degree in Legal or NQF Level 6 Equivalent (3 - 5) years’ experience in Compliance, Data Risk Management

Knowledge & Skills:

• Knowledge of Data Privacy Risk Management, Control and Assurance
• Knowledge of relevant local and international regulatory environment including data privacy
• Knowledge of data governance and risk governance frameworks
• Knowledge of Compliance best practice
• Strong leadership Skills
• Intellectual and analytical Skills
• Good verbal and written communication Skills
• Conflict Management skills
• Change Management Skills
• Sound judgment and strategic abilities