Data Protection Officer (GMG/SEG 2)

Summary

Under the general direction of the Executive Director, the Data Protection Officer is responsible for ensuring the Ministry operates in accordance with the Data Protection Act 2020. The incumbent is also responsible for providing technical advice and for coordinating all aspects relating to data privacy. S/he will play a critical role in safeguarding the privacy rights of individuals for whom data are held or processed by the NCE and will ensure that sensitive data are protected in accordance with the law. 💰 salary range $4,266,270 - $5,737,658 JMD per annum

Responsibilities

• Key Outputs:

  • • Adherence to External Regulations (Data Protection Act) and internal controls.
  • • Development and implementation of a Data Protection framework and strategy.
  • • Conducting Data Protection impact assessments.
  • • Identification of breaches and preparation of notifications.
  • • Preparation and submission of reports.
  • • Continuous monitoring of compliance.
  • • Monitoring adherence/compliance with standards.
  • • Evaluation of governance and accountability mechanisms and formulation of recommendations.
  • • Conducting research and analysis and documenting findings.
  • • Development and implementation of continuous improvement strategies.
  • • Provision of advice and recommendations.
  • • Conducting/facilitating sensitization sessions.
  • • Development of strategic and annual operational plans.
  • • Individual work plan, mid-year review, and annual performance appraisal report.

• Technical/Professional:

  • • Implements measures and a privacy governance framework to manage data use in compliance with the Data Protection Act, 2020, including developing templates for data collection and assisting with data mapping.
  • • Ensures that the National Council on Education (NCE) processes personal data in compliance with data protection standards, the Data Protection Act, and acceptable practices.
  • • Liaises with the Office of the Information Commissioner (OIC) to resolve any doubt about how the provisions of the Data Protection Act and any Regulations made thereunder are to be applied.
  • • Ensures that any contravention of the data protection standards or any provisions of the Data Protection Act by the NCE is dealt with in accordance with the provisions of the Data Protection Act.
  • • Keeps abreast of Jamaican data protection laws and regulations, industry best practices, and international data protection laws, including the European Union’s General Data Protection Regulation (GDPR), the Electronic Privacy Act, and other international data protection laws.
  • • Notifies, in writing, the Data Controller of any contravention of the data protection standards or any provisions of the Data Protection Act.
  • • Investigates and responds to data security breaches or security incidents promptly, ensuring appropriate notices are provided to the regulatory authorities, affected individuals, and other relevant parties as required by law.
  • • Reports any contravention by the NCE of the data protection standards or any provisions of the Data Protection Act to the OIC, if the contravention is not rectified within a reasonable time after the notification.
  • • Assists data subjects in the exercise of their rights under the Data Protection Act, in relation to the NCE.
  • • Develops internal policies and procedures related to the processing of personal data.
  • • Makes recommendations for the appropriate organizational and technical measures to ensure the security of personal data.
  • • Serves as the primary contact for the OIC on issues relating to the processing of data, and to consult, where appropriate, with regard to any other matter.
  • • Develops and implements standard operating procedures (SOPs) for addressing all complaints pertaining to the NCE’s privacy policies and procedures.
  • • Provides advice/information to the NCE and its employees on their obligations under the Data Protection Act and state data protection provisions.
  • • Manages and conducts ongoing reviews of the NCE’s Data Protection Framework.
  • • Disseminates current information on policies, procedures, and legislation for the NCE’s staff to be aware of and to promote the quality culture.
  • • Develops and implements approved certification mechanisms to exhibit compliance.
  • • Monitors and evaluates recommendations implemented for addressing weaknesses and deficiencies in relation to the processing of personal data.
  • • Prepares reports and presentations on analyses and findings.
  • • Conducts a data protection impact assessment in respect of all personal data in the custody or control of the NCE.
  • • Conducts periodic assessments to identify potential risks, gaps, or breaches in data protection and develops strategies to mitigate these risks.
  • • Conducts sensitization sessions for staff on the components of the Data Protection Act, Regulations, and policies.
  • • Collaborates with the Ministry’s ICT Division in the maintenance of a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims, or notifications and responds to subject access requests.
  • • Collaborates with the relevant officers from the Internal Audit Unit, Legal Services Unit, and other key stakeholders to monitor, implement, and analyze compliance programs.
  • • Monitors to ensure that the NCE’s ICT systems and procedures conform with the relevant data privacy and protection laws, regulations, and policy.
  • • Participates in the collection of data, analyzes, and reports on key performance measures.
  • • Provides responses to comments and queries from data subjects in relation to the processing of personal data.
  • • Provides regular reporting to the Executive Director and the Executive Team of the NCE on data protection activities, compliance status, and emerging privacy risks.
  • • Monitors changes to local privacy laws and makes recommendations where necessary.

• Strategic Planning:

  • • Prepares annual strategic and operational plans for the data protection portfolio.
  • • Prepares monthly, quarterly, and annual management reports in keeping with the Public Bodies Management and Accountability Act (amended 2011).
  • • Ensures that key performance targets are met in keeping with the Councils’ business plan.
  • • Represents the Council at conferences and stakeholder meetings where necessary.

• Other:

  • • Performs any other duty as assigned by the Executive Director.

• Performance Standards:

  • • External regulations (Data Protection Act) and internal controls adhered to in accordance with the legislative framework.
  • • Data protection framework and strategy developed and implemented in accordance with the legislative framework.
  • • Data Protection impact assessments conducted within agreed timeframes.
  • • Breaches identified and notifications prepared within agreed timeframes.
  • • Reports prepared and submitted within agreed timeframes.
  • • Continuous monitoring conducted in accordance with the legislative framework.
  • • Adherence/compliance with standards monitored in accordance with legislative frameworks.
  • • Governance and accountability mechanisms evaluated and recommendations made.
  • • Research and analysis conducted and findings documented in accordance with legislative frameworks.
  • • Continuous improvement strategies developed and implemented in accordance with the legislative framework.
  • • Technical advice and recommendations provided within agreed timeframes.
  • • Sensitization sessions conducted within agreed timeframes.

Required Skills

• Core:

  • • Excellent oral and written communication.
  • • Excellent presentation skills.
  • • Excellent analytical, critical thinking, decision-making, and problem-solving skills.
  • • Excellent planning and organizational skills.
  • • Excellent interpersonal skills that foster a harmonious working environment.
  • • Strong customer service skills with a focus on quality.
  • • High level of integrity and confidentiality.

• Technical:

  • • Sound knowledge of applicable laws, policies, regulations, and procedures.
  • • Good knowledge of auditing techniques and practices.
  • • Good knowledge of risk management techniques and strategies.
  • • Knowledge of the Corporate Governance Framework for Public Bodies in Jamaica.
  • • Sound knowledge and understanding of GOJ (Government of Jamaica) policies and programs and the machinery of government.
  • • Understanding of data management and information security principles, including encryption, access controls, and risk management.
  • • Strong quantitative and qualitative analytical skills.
  • • Knowledge of change management principles and practices.
  • • Strong environmental scanning, analytical, and interpretive skills.
  • • Strong negotiating and persuasive skills.
  • • Experience in conducting data protection impact assessments and developing privacy policies, procedures, and guidelines.
  • • Experience with handling data breaches, critical incidents, and the ability to effectively interact with the Office of the Information Commissioner.
  • • Proficiency in the use of relevant computer applications.

Qualifications

• • A Bachelor’s Degree in Computer Science, Audit, or an equivalent qualification from a recognized tertiary institution.
• • Certification in Information Security, Data Protection, and/or Privacy Certification such as CIPP, CIPT, ISEB (preferred).
• • Exposure to legal training would be an asset.
• • Sound knowledge of the Data Protection Act and other applicable data protection policies.
• • One (1) year of related work experience.

Additional Information and Instructions

• Authority To:

  • • Recommend security procedures and maintenance for Data Protection.
  • • Report breaches to the OIC (Office of the Information Commissioner).
  • • Develop and review data protection policies.
  • • Maintain a risk and breach register.
  • • Take remedial action for breaches.
  • • Conduct/facilitate training and sensitization sessions relating to data protection.
  • • Conduct Data Protection Security Audits.
  • • Recommend appropriate standards.
  • • Recommend improvements in the corporate governance framework.
  • • Recommend changes to the regulatory framework.
  • • Access highly personal, confidential, and sensitive data/information.

• Specific Conditions Associated with the Job:

  • • Normal office working environment.
  • • May be required to work beyond normal work hours in order to meet deadlines.
  • • May be required to work on public holidays/weekends.
  • • Possession of a valid driver’s license and a reliable motor vehicle.

Applications accompanied by Résumés should be submitted no later than Friday, 11th April, 2025 to: The Executive Director The National Council on Education 37 Arnold Road Kingston 5 Telephone: 922-1400-9, Extensions: 2031-2034 OR Email: nce.careers@nce.org.jm We thank all applicants for expressing an interest; however, only short-listed candidates will be contacted.

Share This Job