※Applicants must have permission to work in Japan and required fluent ~ native level Japanese.
The Country Privacy Advisor (CPA) will oversee implementation of a fit-for-purpose compliance programme and internal controls framework for all data privacy related matters in accordance with laws and regulations in the countries for which they are responsible and in accordance with the instructions of, and under the supervision of, the EU Data Protection Officer (EU DPO).The CPA provides leadership in driving local compliance activities across all legal entities, being the EU DPO's local contact for the relevant data privacy authority (DPA) and building an effective partnership with other CPAs.
- Enterprise Country Compliance
- Supporting the EU DPO and the Privacy Center of Excellence (in partnership with Privacy Legal Counsel) in deploying the enterprise-wide privacy compliance programme locally, in line with all our internal policies, regulations and timelines set by the laws and regulations in the countries for which they are responsible.
- Reporting on progress and gaps to the Country Executive Board (CEB) which is formed of Country General Managers and the site director of all legal entities
- Reviewing new or changes to privacy laws or privacy policies, standards, tools and Standard Operating Procedures (SOPs).
- Reviewing the role-based target audience for training
- Advising local process owners and third party managers in applying the 'Privacy by design' principles at the outset of country projects and in respect of the performance of privacy impact assessments (PIAs) by those local process owners and third party managers.
- Supporting the closure of local corrective and preventative actions (CAPAs) coming from PIAs, internal audits, external investigations, independent business monitoring (IBM), regulatory changes.
- Implementing the instructions of, and consulting with and seeking further instruction from (to the extent necessary, in accordance with the framework of instructions developed by the EU DPO), the EU DPO, and providing any support and/or reports requested by the EU DPO
- Regulatory management: the EU DPO is accountable for our relationship with the local data privacy authorities (DPAs). The CPA acts as the EU DPO's local representative to facilitate the EU DPO's relationship with the local DPAs in their countries.
- Respond to enquiries and complaints from data subjects or the DPA under the instructions of and on behalf of the EU DPO.
- Making notifications to DPAs on behalf of the EU DPO and in accordance with the applicable SOP;
- Reviewing changes to local privacy laws together with the legal counsel and supporting local CAPA plan remediations.
- Educate PLs, RPOs and the EU DPO on privacy risks specific to the countries for which they are responsible.
- Regional Governance: the CPAs are active members of a Regional Network chaired by the RPO
- Provide updates on the country monitoring activities to the CPA regional Network (10 Meetings/year), as well as to the EU DPO as required.
- Share and gather good practices from the countries for which they are responsible with other CPAs and the EU DPO.
- Bachelor's Degree in Business Administration, Law, security or compliance
- CIPP (/E or /M or /A) or equivalent certification in a compliance or security area (e.g. CISSP, CISA)
- Minimum of 5 years' experience in designing Controls and successfully managing risks, data protection compliance while demonstrating knowledge of business operations, security and supporting information systems.
- Demonstrable experience in interacting with regulators
- The job holder will require the technical and regulatory credibility to represent company externally with regulators. It will also require the executive presence to gain trust from local management and data subjects.
- Experience of what constitutes an effective control framework and supporting compliance programmes,
- Ability to work effectively and sensitively in a highly matrixed organisation
- Connected with peers in the industry to allow sharing of best practices
- Ability to provide strategic advice as well as operational solutions.
- High level of personal integrity, and the ability to professionally handle highly confidential matters and exude the appropriate level of judgment and maturity.
- Strong problem-solving skills that are pragmatic, which demonstrates a strong understanding of business processes and information systems.
- Strong interpersonal skills with the ability to influence individuals at all levels of the organization
- Excellent written and verbal communication skills; ability to communicate Legal and risk-related concepts to technical and non-technical audience
[Preferred Knowledge, Skills and Abilities]
- Masters of Business Administration, Law degree, CIPP (E/M/A), CISSP or CISA
- Local role within a highly matrixed GSK organization.
※Experiences and skills will be considered
Please click "apply" if you are interested in the job.
We will review your profile and contact you within five business days should we find that you satisfy the requirements of the hiring company.
Further details about the company and position will be notified at a later date.