Data Protection Officer/Compliance Officer, Cyprus - Limassol

Finance / FinTech
Ref: 348 Date Posted: Monday 01 Aug 2022
LinkedIn ShareShare

Our client in the innovative tech sector is looking to recruit an experienced Data Protection Officer (DPO) and Compliance Officer (CO) to meet its obligations under the European Union (EU) General Data Protection Regulation (GDPR), other local data protection laws worldwide (Privacy Laws) and for ensuring general compliance with agreements with app stores, laws and regulations. Reporting to the Chief Operating Officer and General Counsel, the DPO/CO will monitor compliance and data practices internally to ensure the business and its functions comply with the applicable requirements. The DPO/CO will be responsible for drafting and reviewing policies, staff training, data protection impact assessments, and internal audits. The DPO/CO will also serve as the primary contact for supervisory authorities and individuals whose data is processed by the organisation.

Essential Duties and Responsibilities: In this role, you will work closely with the Legal and Information Security functions to develop, implement and monitor policies and standards applicable to the business and in compliance with App stores, Group Policies, GDPR and Privacy Laws in general.

Duties will include:

  • Implementing measures and a privacy governance framework to manage data use in compliance with the GDPR, including developing templates for data collection, assisting with data mapping, and vendor management reviews.
  • Working with key internal stakeholders in the review of projects and related data to ensure compliance with laws, regulations, guidelines, local data privacy laws, and where necessary, complete and advise on data privacy impact assessments.
  • Serving as the primary point of contact and liaison for the Cyprus Data Commissioner and other EEA Data Protection Authorities on all data protection related matters under the GDPR.
  • Reviewing vendor contracts (including Model Clauses) and consents needed to implement projects in partnership with the firm’s Information Security functions, and ensuring filing requirements with local regulators are achieved.
  • Participating in the Data Privacy / Information Governance Committee.
  • Managing and conducting ongoing reviews of the companies internal policies and privacy governance framework.
  • Monitoring changes to applicable laws, regulations, privacy laws and making recommendations to the Data Privacy / Information Governance Committee when appropriate.
  • Setting standards and reviewing policies and procedures globally that meet the requirements under the GDPR and any localization requirements in countries of operation.
  • Developing and delivering privacy training to various business functions.
  • Developing strategies and initiatives to ensure engagement with key internal and external stakeholders.
  • Coordinating and conducting data privacy audits.
  • Collaborating with the Information Security function(s) to raise employee awareness of data privacy and security issues, and providing training on the subject matter.
  • Collaborating with the Information Security function(s) to maintain records of all data assets and exports, and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and responding to subject access requests (SARs).
  • Ensuring that the companies IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including in relation to the retention and destruction of data).

Position Specifications Education:

  • Law degree from an accredited law school required.
  • Hold at least one Data Protection and/or Privacy certification is preferred.

Work Experience:

  • 3-5 years PQE experience required.
  • Experience in EU data privacy laws.
  • Minimum 2 years’ experience within a compliance department, with recent experience in privacy compliance.
  • Experience in drafting and implementing internal policies and compliance training.

Knowledge, Skills, and Abilities:

  • Strong knowledge of EU data privacy and data protection regulation, and a good understanding of other major privacy frameworks and evolving legislation worldwide.
  • Sufficient knowledge of information technology and data management systems required.
  • Well-developed and professional interpersonal skills; ability to interact effectively with people at all organisational levels of the firm.
  • Ability to work unsupervised, exercise leadership, and influence change.
  • Excellent writing and presentation skills.
  • Strong change and project management skills, including the ability to manage time well, prioritise effectively, and handle multiple deadlines.
  • Ability to undertake large, long-term projects, develop alternative methods to complete them, and implement solutions.
  • Ability to use independent judgment and discretion when making majority of decisions.
  • Detail-oriented approach needed to recommend and implement strategic improvements on a range of data privacy and data protection issues.
  • Ability to handle confidential and sensitive information with the appropriate discretion.
  • The statements contained in this position description are not necessarily all-inclusive; additional duties may be assigned and requirements may vary from time to time.

Benefits:

  • Besides the engaging tasks, support from experienced colleagues, and the opportunity to realize your own ideas, challenge, and drive, we offer:
  • High salary with performance bonuses;
  • Modern office and equipment;
  • Snacks and drinks;
  • Attendance of key industry events;
  • Medical insurance;
  • Sports reimbursement;
  • English lessons;
  • Fast-paced and easy-going environment.

If you are interested in the above position, please press Apply below or email your CV to terri.neofitou@emeraldzebra.cy