Contribute to the management, investigation and reporting of privacy complaints and privacy breaches within the department.Position Overview:
The position is located in the ITB Privacy and Safer Technologies directorate and is within the privacy team. The Privacy Team provides high level privacy advice to corporate and regional business units, as well as schools regarding the department's statutory privacy compliance obligations. The team also provides routine privacy advice regarding risk and mitigation strategies particularly relating to corporate and enterprise products, and assesses policy, procedure, processes, initiatives and projects as required in consultation with various other compliance activities within the department.The position reports to the Director/Manager, Privacy and will work as part of the privacy team which is comprised of a Manager, Principal Privacy Officer, two Senior Privacy Officers, and a Privacy Officer.Key Tasks / Responsibilities:
Contribute to the management, investigation and reporting of privacy complaints and privacy breaches within the department in accordance with the department's statutory compliance obligations. Liaise as necessary with identified business units regarding the circumstances of the complaint or breach and ultimately provide a report to the complainant/business unit regarding the outcome of such investigations and any remedial activities to be undertaken.Coordinate with departmental stakeholders, including Information Custodians, Regional Directors, Principals, and senior executives to ensure privacy management practices are undertaken in accordance with this guidance and relevant legislation, regulation, and industry better practice.Partner with ICT enabled and non-ICT enabled projects, and business units to govern privacy impact assessments for project and business unit initiatives. Use sustainable and defensible processes for identifying potential risk events, quantifying and documenting the probability of occurrence, the impact on the business, and actions to be performed to mitigate the risk and reduce the potential impact on the business.Undertake other privacy-related activities as requested by the Director/Manager of the department's privacy function.Capabilities / Desirable Attributes:
Extensive working knowledge of state and federal privacy legislation, and demonstrated knowledge in the delivery of privacy management better practice.Experience identifying privacy risk and privacy risk assessment, development of risk mitigation strategies.Experience managing client complaints and expectations in a statutory compliance environment.Demonstrated capacity to work effectively under pressure, handle competing priorities, analyze complex issues, and provide high-level advice while meeting externally imposed deadlines.Demonstrated highly developed written communication skills including the preparation of briefings, submissions, and reports on complex issues, as well as developing communications materials for a range of channels to support good governance and decision making.Knowledge or ability to rapidly acquire knowledge of proposed changes to Queensland Privacy legislation.Mandatory Requirements:
Minimum 3 years' experience investigating and managing privacy complaints and privacy breaches under the commonwealth or Queensland privacy framework.Demonstrated experience in providing high-level privacy advice to senior management.Demonstrated experience in undertaking complex Privacy Impact Assessments (PIA) working with Information technology business areas.Extensive knowledge or ability to rapidly acquire knowledge of the Commonwealth and Queensland Privacy legislation and framework.SFIA Alignments:
Strategy and Architecture - Personal Data Protection - Implementing and operating a framework of controls and management strategies to promote compliance with personal data legislation (level 6 PEDP).Strategy and Architecture - Information Assurance - Protecting against and managing risks related to the use, storage, and transmission of data and information systems (level 6 INAS).Strategy and Architecture - Delivering independent, risk-based assessments of the effectiveness of processes, the controls, and the compliance environment of an organisation (level 6 AUDT).
#J-18808-Ljbffr