PepsiCo ищет Руководителя направления по безопасности и обработке персональных данных.
Job Description:
- Setting-up and maintain the optimum governance model to keep up compliance with the Russian DP Law and support BUCCA management with similar activities via coordinators on sites
- Leading quarterely Information Security and Data Privacy Committees from DP perspectives
- Leading the DP activities, presenting a quarterly recap of metrics, incidents and needs to senior management
- Leading and driving the remediation points after DP Internal Audit assignement via robust project plan till complete resolution
- Leading relevant data breach investigation and the notification process to data subjects
- Maintaining a record of all personal data processing activities where required
- Documenting overall data sensitivity, technologies third parties involved and how the data flows between them
- Run Data Protection Impact Assessments and partners with legal, IT and information security function to formulate mitigation plans
- Oversee the administration of Data Subject Access Rights Requests with DP administrators/coordinators and Business Functions
- Collaborate with Internal Controls (IPEX) functions to embed current privacy standards and controls into BAU and overall ways of working of the Business and external partners
- Support all Functions on Standard Data Privacy Questions by providing specific collaterals
- Works with Legal, IT and IS and contract owners to manage due diligence on key suppliers (e.g. providing all information Legal needs to assess a relationship) ensuring appropriate contractual protections
- Leading regular risk assessments on DP matters, keeping Risk and Controls Matrix up to date, as well as relevant controls documentation
- Being a right had support for the Risk Owner of DP risk on the Russian Heat Map
- Coordinating unstructured Data Classification activities for Russia and BUCCA
- Coordinate or lead relevant DP audits
- Cooperate and coordinate (where needed) external and internal audits
- Be a first point of contact with governmental authorities in this matter, representing interests of company
Qualifications/Requirements:
- Good Business acumen
- IT savvy
- Very good knowledge of Russian legislation and requore,ent regarding Data Privacy
- Good knowledge of Europeen GDPR
- Experience with similar projects
- Excellent communication and facilitation skills
- Russian and fluent English is a must (both verbal and written)
- Good understanding of Internal Controls and information security standards and applicable frameworks, as well as Enterprise Risk Management
- Deep understanding of DP processes and governance
- Higher education
- Minimum 5-7 years of experience with related area/or IT/Information Security/Legal/IT controls