Chief Data Protection Officer

Summary

Reporting to the Director General, the incumbent is responsible for overseeing the Jamaica Civil Aviation Authority’s (JCAA’s) compliance with the Data Protection Act and attendant regulations by ensuring efficient systems, controls and tools are in place to avert and or mitigate breaches and incidents and to safeguard the privacy of data subjects (including employees, regulatory clients and air navigation services customers). S/he is also expected to champion and work closely with stakeholders (including the Management, the Board of Directors, employees and other data subjects, and the Government of Jamaica Information Commissioner) to inculcate a strong data protection and privacy culture within the Authority. S/he is also responsible for data protection and privacy training, data protection impact assessments, and data protection compliance audits.

Responsibilities

• • Evaluate the existing Data Protection Framework within the Authority and design, develop and lead the implementation of data protection and privacy management measures that ensures the Authority’s compliance with applicable data protection legislation, regulations, and relevant standards
• • Develop and maintain relevant JCAA’s data protection policies, processes, and procedures/guidelines and privacy statements in consultation with key stakeholders in support of the achievement of organisational strategic objectives; maintaining an appropriate review cycle and effective communication across teams of process operators and enforcing time-bound remedial plans as necessary.
• • Monitor the aviation industry landscape to keep abreast of trends and best practices in data protection and privacy; aligning JCAA capabilities in data protection and risk mitigation measures, strategy, programme, policies and procedures proactively, and establishing the JCAA Data Protection Roadmap.
• • Lead in the assessment and adoption of measures to comply with legislative or regulatory changes; and as subject-matter-expert, recommending necessary adjustments to the JCAA’s internal framework to ensure risks are mitigated and organisational compliance is assured on an on-going basis.
• • Provide expert specialist advice, support and recommendations to decision-makers and employees on data protection matters to include individual rights requests, breach management, data sharing, handling and protection.
• • Work collaboratively with the Legal, Internal Audit, Research, Planning and Risk Assessment and Information Technology Departments to develop, analyse and deliver innovative approaches to strengthening enterprise resilience to breaches and incidents across the JCAA. This includes sharing resources, knowledge and expertise to promote regulatory compliance, risk management, strategic planning, business continuity and continuous improvement.
• • Serve as the primary point of contact and liaison for all data protection and privacy issues, complaints, queries and requests with the Government of Jamaica Information Commissioner and other data protection authorities; keeping accurate records.
• • Design, promulgate and manage the implementation of the JCAA’s data protection and data privacy strategy, as it relates to data protection and breach management (including incident detection, response, and recovery).
• • Design protocols and tools for data protection management, coordinating and conducting data privacy audits, compliance checks, incident reviews.
• • Partner with the Information Technology Department to maintain data and information security tools and technology. Manage systems that ensure appropriate assignment of responsibilities in relation to the management of data and information and the processing and protection of ‘personal data’.
• • Establish and maintain various data protection and privacy policy committees and technical working groups as needed that provide policy insight and make recommendations for the implementation of improved procedures and systems.
• • Design and deliver programme to raise employee awareness of data protection and privacy measures, to promote a culture of data protection compliance within the JCAA.
• • Provide leadership through the setting of objectives, the development of performance plans based on the delegation and communication and conduct interim and annual performance appraisals.
• • Keep staff abreast of adjustments and new developments in respect of policies, procedures, strategies, service standard requirements and other pertinent matters impacting their contribution towards the Authority’s goals, productivity, and personal/staff and customer satisfaction.

Required Skills

• Key Technical Competencies:

  • • In depth knowledge of information risk concepts/relating business needs to security controls
  • • Sound knowledge in data protection laws and practices
  • • Sound knowledge of industry best practices for information security, data management systems and data protection
  • • Working knowledge of management principles and practice
  • • Experience in a legal, audit, information security, compliance or risk management role
  • • Experience with Microsoft Windows operating systems, Office 365, and Microsoft Projects

• Key Non-Technical Competencies:

  • • Highly proactive and able to work independently
  • • Demonstrated experience working and interfacing with cross functional teams
  • • Excellent verbal and written communication skills, demonstrating the ability to document data protection policy, privacy statements, reports and other technical documentation with clarity and accuracy
  • • Strong systems thinking and analytical approaches to problem-solving
  • • Very good presentation and listening skills
  • • Excellent interpersonal skills to include patience

Qualifications

• • A Bachelor’s Degree in Law, Compliance, IT Security, IT audit or equivalent qualifications from an accredited tertiary institution
• • At least one (1) Data Protection and/or Privacy Certification (CIPP, CIPT, CIPM or equivalent) would be an asset.
• • At least 7 years’ experience within a data protection, information security, privacy management, legal compliance, risk management or operations management function to include supervisory management
• • Experience in managing information security, data protection and privacy compliance
• • Experience in developing policy and compliance training
• • Experience in working in a regulated industry

Additional Information and Instructions

Applicants who satisfy the job requirements should submit electronic applications by March 31, 2025, using the online portal. Cover Letters should be addressed to: DIRECTOR GENERAL JAMAICA CIVIL AVIATION AUTHORITY 4 WINCHESTER ROAD KINGSTON 10 We thank all applicants for their interest. However, only shortlisted candidates will be contacted.

About Jamaica Civil Aviation Authority

A Statutory Body and portfolio entity of the Ministry of Science, Energy, Telecommunications & Transport.

Share This Job