Under the supervision of the Assistant Director, UDPO, the Compliance Officer for Privacy II is responsible for compliance management, incident management, complaints resolution in support of the operations of the Office. The position also performs research and capacity building, and office management support.

Main Duties and Responsibilities:

I. Compliance Management

• Registers the University’s data processing systems with the National Privacy Commission (NPC), and notifies the agency of any automated decision-making system of the University
• Monitors the data protection concerns of other offices in the University, as assigned by the Assistant Director
• Coordinates with various stakeholders (e.g. NPC, other data protection authorities, regulators, etc.) during compliance checks, data protection-related cases, investigations, and other similar activities
• Coordinates with both internal and external stakeholders when carrying out data protection-related work
• Assists in organizing and preparing preparatory and consultative meetings with stakeholders
• Prepares materials, reserves venues, and orders food for meetings headed/organized by the Office
• Coordinates arrangements for guests of the Office (e.g. parking slots, entry, egress, etc.)

II. Incident Management and Complaints Resolution

• Prepares Security Incident Response Team Assessment Reports and submits to the Assistant Director for review and approval
• Coordinates with University offices/units when addressing security incidents or data protection-related complaints
• Gathers information and materials on data privacy, data protection, and other related topics when resolving issues/concerns encountered by the University that involve data privacy
• Drafts responses for the resolution of common data protection-related issues and inquiries
• Reviews and drafts data sharing agreements, subcontracting or outsourcing agreements, and other similar contracts relating to data protection
• Monitors the data protection concerns of other offices/units of the University and provides advice as needed

III. Research and Capacity Building

• Coordinates with various stakeholders in the resolution of policy questions and other legal issues relative to data protection
• Analyzes news and reports on issues and provides advice on their anticipated impact/s on the data protection framework of the University
• Serves as a resource speaker on topics involving data protection in trainings, workshops, and similar activities
• Prepares information, education, and communication materials on data protection
• Monitors the news for key data protection issues that may affect or impact the University
• Collects, analyzes, drafts, and reviews internal and external policies relating to data privacy and submits to the Assistant Director for review

IV. Office Management Support

• Attends meetings, conferences, hearings, consultations, and other similar work-related events on behalf of the Office
• Prepares minutes of the meeting, progress reports, post-activity reports, and other documentation materials for events or activities involving the Office
• Takes photos and audio recordings of events or activities where the Office is involved
• Prepares office-related materials such as memoranda, templates, activity designs, concept notes, studies, and slide presentations and submits to the Assistant Director for review

V. Performs other work-related tasks as may be required by the Immediate

Supervisor and authorized representative.

• Critical and Analytical Thinking: Ability to make sound judgment; Ability to connect patterns and see the implications of actions to other systems/processes, analyze situations and information, and come up with recommendations
• Communication Skills: Excellent verbal and written communication skills, including public speaking
• Organization and Prioritization of Work: Ability to effectively plan and coordinate the delivery of required outcomes, according to importance and urgency; keen to details
• Coordination Skills: Ability to proactively coordinate, mediate, and manage actions in relation to others
• Technical Acumen: Substantive knowledge of data protection laws and regulations, ability to conduct privacy impact assessments
• Integrity: High degree of integrity with ethics and values aligned with that of the University; Ability to stand firm on difficult issues if required
• Initiative: Strong initiative; Ability to work independently with minimal supervision
• Active Listening: Giving full attention to what other people are saying, taking time to understand the points being made, asking questions as appropriate, and not interrupting at inappropriate time

Education and Experience Requirements

• Bachelor’s Degree
• At least five (5) years of relevant work experience, at least two (2) years of work experience in data protection
• Holder of Certified Information Privacy Professional Certificate (CIPP), Certificate Information Privacy Technologist Certificate (CIPT), and other relevant certifications is preferred but not required