DATA PROTECTION AND COMPLIANCE MANAGER

Job Overview

The Data Protection and Compliance Manager oversees the company's compliance framework, ensuring adherence to all applicable laws, regulations, and internal policies. Serving as the designated Data Protection Officer (DPO) under the Data Privacy Act of 2012 (RA 10173), the role ensures the lawful, secure, and transparent processing of personal and sensitive information. It provides both strategic oversight and hands-on management to embed compliance and data protection into the company's culture and operations across all entities of Velez Group.

Responsibilities

1. Corporate Compliance Management

• Establish and maintain a robust compliance framework that aligns with all regulatory and accreditation standards across the organization.
• Develop, implement, and maintain the organization's compliance program, policies, and procedures.
• Monitor compliance with laws, regulations, and accreditation/certification requirements affecting all entities.
• Coordinate with external regulators, auditors, and accrediting bodies.
• Ensure timely submission of compliance-related reports and statutory filings.

2. Data Privacy & Protection (DPO Function)

• Act as the primary authority on data privacy, ensuring all entities strictly comply with the Data Privacy Act of 2012.
• Serve as the organization's Data Protection Officer (DPO) registered with the National Privacy Commission (NPC).
• Develop, review, and implement data privacy policies, guidelines, and standard operating procedures.
• Ensure lawful processing, storage, and sharing of personal and sensitive information of employees, patients, students, and stakeholders.
• Monitor and respond to data subject rights requests and data breach incidents, ensuring proper documentation and reporting to NPC.
• Act as the point of contact for NPC and other regulatory authorities on data protection matters.

3. Risk Assessment, Audits & Training

• Proactively identify vulnerabilities and foster a culture of compliance through continuous monitoring and employee education.
• Conduct compliance audits, risk assessments, and internal investigations as required.
• Conduct privacy impact assessments, audits, and risk reviews.
• Provide training and awareness sessions to employees on compliance-related policies.
• Lead awareness campaigns and training for employees on data privacy responsibilities.

4. Cross-Functional Leadership & Continuous Improvement

• Integrate compliance seamlessly into daily business operations by leading staff and collaborating with key department heads.
• Lead and mentor compliance officers and staff.
• Collaborating with IT, HR, Legal, Operations, and other business units to ensure compliance and data protection requirements are consistently applied.
• Provide regular compliance and data privacy reports to senior management.
• Drive continuous improvement initiatives to strengthen compliance and data protection frameworks.

Qualifications & Personnel Specifications

Education & Certifications

• Bachelor's degree in law, Business Administration, or related field.
• Certification or formal training in Compliance, Data Privacy is an advantage.

Work Experience

• Minimum of 5–7 years of experience in compliance, data protection, or related roles.
• Experience preferably in healthcare, academe, or shared services industries.
• Experience in conducting audits, risk assessments, and compliance investigations.

Core Knowledge & Skills

• Strong knowledge of the Data Privacy Act of 2012 (RA 10173), NPC guidelines, and other relevant regulatory requirements.
• Excellent leadership, communication, and stakeholder management skills.
• High ethical standards, strong analytical skills, and ability to handle sensitive and confidential information.