Global Privacy Manager at Discovery Limited

About VitalityGroup
Vitality Group, a subsidiary of Discovery Limited offers a wellness platform program to global insurance companies that provides innovative health to foster healthier and happier lives. Vitality Group is responsible for the expansion of the Vitality Shared-Value Insurance business model beyond South Africa and the UK, serving to fully leverage the assets and intellectual property of Discovery beyond its primary markets.

Vitality Group operates a business providing wellness solutions to employer groups in the United States and partners with leading Insurers across the world to launch and grow Vitality Shared-Value Insurance in their markets. Vitality Group is also responsible for Discovery’s 25 percent equity investment in Ping An Health, the largest comprehensive medical insurer in China. Vitality Group’s businesses jointly reach more than 10 million members across 24 countries (Austria, Australia, Canada, China, France, Germany, Hong Kong, Japan, Malaysia, Pakistan, Philippines, Singapore, South Africa, South Korea, Sri Lanka, Thailand, the United Kingdom, the United States, New Zealand, Ecuador and Vietnam).

Key Purpose

To support our legal, compliance and security teams. The position requires strong leadership and organizational skills, clear communication, problem solving skills, flexibility, excellent interpersonal skills, and the ability to work well with all levels of the organization, including team members in various offices around the world.

Areas of responsibility may include but not limited to

• Responsible for implementing a streamlined Privacy by Design program across Vitality’s global offices and offerings
• Responsible for creating and implementing a privacy governance framework to manage data use in compliance with relevant national legislation , certifications and industry standards whether in the US, South Africa, EU or other jurisdictions, including developing templates for data collection, assisting with data mapping, and vendor management reviews
• Works with key internal stakeholders in the review of projects and related data to ensure compliance with local data privacy laws, and where necessary, complete and advise on privacy impact assessments
• Serves as the primary point of contact for data privacy queries in the business
• Responsible for supporting Vendor Management and Legal’s review of contracts (including Model Clauses) and consents needed to implement projects in partnership with Information Security functions and ensuring filing requirements with local regulators are achieved
• Responsible for liasing and streamlining the privacy and security efforts across Vitality’s global offices and offerings
• Responsible for conducting and managing the global Data Protection and Information Security Steering Committee
• Responsible for managing and conducting ongoing reviews of Vitality’s data privacy governance framework in conjunction with security efforts
• Responsible for setting standards and reviewing policies and procedures globally that meet the requirements local data protection laws and any localization requirements in countries of operation
• Responsible for supporting and guiding the development and delivery of privacy & security training to various business functions
• Responsible for developing strategies and initiatives to ensure engagement with key internal and external stakeholders
• Responsible for coordinating and conducting data privacy audits
• Collaborates with the Information Security function(s) to raise employee awareness of data privacy and security issues and providing training on the subject matter
• Collaborates with the Information Security function(s) to maintain records of all data assets and exports, and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and responding to subject access requests (SARs)
• Ensures that Vitality’s systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including in relation to the retention and destruction of data)
• Works with designated internal legal counsel and, where necessary, outside counsel to help advise on local data privacy law issues
• Other duties as assigned

 

Personal Attributes And Skills

• Drives Results
• Values Driven
• Optimistic
• Learns on the Fly
• Resilient
• Instils Trust
• People Savvy
• Problem Solver
• Manages complexity
• Balances Stakeholders
• Transparency
• Multitasking
• Organizational skills
• Analytics


 

Education
Education and Experience

• Bachelors Degree

 

Experience

• 5 years' experience within a compliance, legal, audit and/or risk function, with recent experience in data privacy and security compliance
• Hold at least one Data Protection and/or Privacy certification such as, CIPP, CIPT, ISEB, etc., (preferred)
• Experience implementing a Privacy Framework
• Extensive experience in regional data privacy laws, including GDPR, HIPAA, POPI and CCPA
• Experience in developing and operationalizing policy
• Working knowledge of information technology and data management systems required
• Experience of working in a large, global organization
• Experience working in a regulated industry (preferred)
• Knowledge of PC applications, including MS Office
• Excellent writing and presentation skills
• Strong knowledge of data privacy and data protection regulation, and a good understanding of other major privacy frameworks and evolving legislation worldwide