â¢Monitors PIC / PIPs compliance with Data Privacy Act, its IRR, issuances and other applicable laws and policies.
â¢Checks compliance with data privacy legal requirement and recommend accreditations and certifications when necessary
â¢Leads the conduct of Privacy Impact Assessment and recommend programs and measures to guarantee protection of personal information
â¢Advise the PIC or PIP regarding complaints and / or the exercise by data subject of their rights
â¢Ensure proper handling of data breach and security incident management
â¢Inform and cultivate awareness on privacy and data protection
â¢Spearhead the development, review and / or revision of policies, guidelines, projects or programs relating to privacy and data protection by adopting a privacy design approach
â¢Serve as the main point of contact for all data privacy and protection concerns
â¢Establish and maintain ISMS requirements in accordance to ISO 27001 : 2013
â¢Evaluate performance of the ISMS with regards to effectiveness and suitability with the International Standard and reports the results to the Steering Committee and submits recommendations for improvements
â¢Communicate to all members of the organization the importance of ISMS, policies, processes and related documentations
â¢Recommends ISMS audits and initiates Management Reviews on a regular basis
â¢Coordinates with business process owners the identification and updating of information security assets and risks
â¢Reviews the effectiveness of corrective and preventive actions until closure of the non-compliances
â¢Safeguard company information
â¢Ensure the appropriate information security programs are defined and implemented to achieve security objectives and targets.
â¢Ensure compliance with applicable legislation and other legal requirements.
â¢Allocate and secure required resources for information security program implementation and maintenance
â¢Communicate with certifying body