Data Protection Officer - Brazil

Position Overview:

The Data Protection Officer (DPO) is responsible for ensuring the company’s compliance with the General Data Protection Law (LGPD) and other relevant privacy regulations. This role involves developing and maintaining data protection policies, conducting audits and risk assessments, managing data breach responses, managing data privacy related customer requests and serving as the primary point of contact for regulatory authorities.

Responsibilities:

•  Compliance Management.
•  Ensure compliance with the General Data Protection Law (LGPD) and other relevant privacy regulations.
  ○ Monitor changes in data protection laws and update company practices accordingly.
• Policy Development:
  ○ Develop and maintain comprehensive data protection policies and procedures.
  ○ Ensure all employees are trained on data protection policies and procedures.
•  Audits and Risk Assessments:
  ○ Conduct regular audits and risk assessments of data processing activities.
  ○ Identify and mitigate potential data protection risks.
• Data Breach Management:
  ○ Manage the response to data breaches, including notification to the National Data Protection Authority (ANPD) and affected individuals.
  ○ Develop and implement data breach response plans.
• Regulatory Liaison:
  ○ Serve as the point of contact between the company and regulatory authorities for all data protection matters.
  ○ Prepare and submit required reports to regulatory authorities.
• Training and Awareness:
  ○ Conduct training sessions and awareness programs for employees on data protection and privacy practices.
  ○ Promote a culture of data protection within the organization.
•  Data Subject Rights:
  ○ Ensure the company respects and facilitates the exercise of data subject rights under the LGPD.
  ○ Handle requests from data subjects regarding their personal data.

Qualifications:

• Bachelor’s degree in Information Technology, Law, Information Security, or a related field.
• Professional certification in data protection (e.g., CIPP, CIPM) and IT management (e.g.,ITIL, PMP) is preferred.
• Minimum of 5 years of experience in data protection, privacy management, and IT operations.
• Strong knowledge of the General Data Protection Law (LGPD) and other relevant privacy regulations.
• Excellent analytical, organizational, and communication skills.
• Proficiency in data protection software, IT management tools, and cybersecurity measures.

Skills and Competencies:

• Attention to detail and accuracy.
• Ability to work independently and as part of a team.
• Strong problem-solving and decision-making abilities.
• High level of integrity and confidentiality.
• Strong leadership and project management skills.
• Certifications such as CIPP/E, CIPM, or other relevant data protection certifications.
• Experience in a similar role within the Brazilian market.
• Proficiency in Portuguese and English.

Relationships :

• This position will work closely with the Brazil Country Manager and Legal Team, as well as Group Finance Functions including Tax, Financial Accounting and Commercial Finance

Location:

The selected candidate must be based in Brazil, São Paulo.