Senior Privacy Manager

About IDP

IDP is the global leader in international education services, delivering global success to students, test takers and our partners, through trusted human relationships, digital technology and customer research. An Australian-listed company, we operate in more than 60 countries around the world.

Our team is comprised of over 7,000 people of various nationalities, ages and cultural backgrounds. Our team is united by our purpose to transform lives through international education. 

Learn more at www.careers.idp.com

Role purpose

Privacy and Data Protection are a priority for IDP and integral to putting the customer at the heart of everything we do. Ensuring that we look after our customer and employee data responsibly across the business and treat customers fairly in our dealings with them are key to this.

We have on offer a role within the Privacy & Compliance Team which will be responsible for ensuring coordinated management of global compliance and privacy activities across IDP. The Privacy team works with stakeholders across the business to ensure all activity is connected to and aligned with IDP’s Privacy objectives. The primary purpose of this role is to assist in the operation, enhancement, and maintenance of the IDP Privacy Framework. However, as the privacy framework is part of the wider compliance framework, there is also opportunity to support wider compliance initiatives as required.

This is a permanent opportunity based out of our Pasig office at Philippines. 

Privacy framework

Privacy framework and assets

• Ensure all business processes and assets have been captured and are up to date in the Personal Data Inventory

• Identify, analyse, treat, and report on privacy compliance risks and breaches in the Privacy Register

• Draft/update frameworks, guidelines, policies, procedures, and other such documents as required based on the internal or external changes.

• Manage and maintain the Privacy Management Software – One Trust

Privacy advise and privacy by design

• Provide advice and input for new initiatives by recommending the appropriate application of Privacy by Design Principles

• Review Privacy Impact Assessments to identify risks and make recommendations

• Lead regulatory change implementation projects for new and changing laws

• Review and update privacy collection statements, notices, and consents

• Provide data lifecycle guidance regarding records and retention periods

• Support Data Subject Rights processes that privacy team perform

• Provide oversight and monitoring of Data Subject Rights Processes handled by the business

• Translate complex privacy legislation into clear and easy understand advice for the business.

• Support procurement teams in vendor assessments over any potential privacy risks

• Advise the business in managing privacy requests/queries and complaints

Risk and Controls

Risk & incident management

• Assist with identification and remediation of risks and incidents involving personal information
• Contribute to senior management reporting on the privacy program or privacy related incidents and\or risks

Control testing and assurance

• Perform control testing reviews and assurance activities
• Support business in implementing controls

Others

Training and awareness

• Support the development and maintenance of the privacy awareness and training program

• Monitor training completion and program effectiveness

Stakeholder engagement

• Work with local and regional Privacy representatives to manage privacy compliance requirements.

• Work with System or Business Owners to understand business objectives and identify and resolve any privacy related concerns or matters.

• Provide insight into privacy related matters to the wider IDP business

Wider compliance activities

• Support ad-hoc compliance projects/initiatives

• Support compliance team in training and awareness of compliance framework activities

About you

Required experience:
Someone with sound understanding of privacy law, privacy by design and privacy regulator guidance globally with a foundational knowledge of the European Union’s General Data Protection Regulation (GDPR) or any other highly complex privacy laws
Flexible to work with all global stakeholders and their different needs
Experience with implementing regulatory change projects
Experience with undertaking privacy impact assessments, developing proportionate remediation plans, and providing advice to the business about applying the principles of privacy by design.
Understanding of the information lifecycle, IT systems and data with regards to data fields/elements, data types and system integrations / migrations.
A positive attitude, well organised, hands on, practical and results focused team player who recognises and values the different perspectives and skills your colleagues bring
Proven ability to constructively challenge the status quo, look for better ways to do things and passionately advocate continuous improvement 
Demonstrated strong strategic thinking, with attention to detail capability
Motivated with the ability to adapt quickly and able to manage multiple activities in accordance with delivery requirements and timelines.
Proven ability to understand and provide incisive, reliable, pragmatic and commercially sound advice or solutions to complex business issues 
Strong written and verbal communication skills
Proven ability to build and maintain relationships with internal and external stakeholders and influence & negotiate change. 
Act with integrity and show care for customers and the people you work with.
Desirable requirements:
Experience working with a global workforce
Experience with OneTrust, Camms or other GRC software
Experience in centralised and decentralised office networks
Experience with Compliance Frameworks
Any relevant Privacy Professional certification