PAMB | Manager 2, Information, Technology & Privacy Risk

Prudential’s purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured, for our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support our people’s career ambitions. We pledge to make Prudential a place where you can Connect, Grow, and Succeed.

Job Summary:
As the delegated “second line of defence” by providing assurance and oversight on information, technology, and privacy risks that might pose a threat to the business. To take the lead in providing expert advice and coach relevant parties from the business to ensure all relevant policies/guidelines/standards are being adhered to.

Principal Duties & Responsibilities:

1. Advisory

• Provide oversight and assurance within the business that processes, tools and technologies are operating effectively to mitigate risks to information and information technology assets
• Provide oversight and assurance that local regulatory and legal requirements that affect our information and information technology assets are being effectively met.
• Establish appropriate local guidelines and procedures and ensure local policies are in place so that all local regulatory requirements relating to information and information technology security, and data privacy are met.
• Coordinate and support the implementation of group wide information and technology, and privacy policies and guidelines
• Monitor the implementation of information and technology security, and data protection standards, policies and procedures within the organization.
• Support operational functions as required to manage risks to information and technology, appropriately by providing advice and guidance on information risk issues to all projects and initiatives.

2. Awareness and Culture

• Coordinate completion of training and awareness.
• Initiate, facilitate and promote activities to foster information risk and privacy awareness within the organization.
• Provide advice, guidance and regular training for staffs on local policies, standards, processes, procedures and issues relating to the information risk and data privacy.

3. Monitoring and Reporting

• Coordinate and submit regular reporting requirements to PCA Information Risk and Privacy.
• Coordinate and report (through normal Local Unit reporting framework) half year Turnbull and end year Governance exemptions related to information risk.
• Coordinate and support completion of PCA led Functional and Risk reviews and on site visit programme as set out in the annual timetable.
• Provide regular reporting on the status of information and data privacy risk to the appropriate PAMB senior management forums.
• Conduct regular review, timely reporting and escalation of information and information technology risk activities. 

• Implement compliance assessment programmes to ensure compliance with regulatory requirements and best practices related to information systems security and data privacy.
• Participates in the development, implementation, and ongoing compliance monitoring of all business associate agreements to ensure that all privacy concerns, requirements and responsibilities are addressed.

4. Collaboration with other stakeholders

• Work closely with Internal Audit, compliance and legal departments on information security and data privacy related matters.
• Act as liaison person for regulatory examination on information security and data privacy related audits.
• Providing security authorization for requests from functions for exemptions to standard access and use of tools and technologies.

5. Data Privacy

• Implement a Privacy framework with a reporting line to the relevant function.
• To keep up to date the Privacy policies and procedures including the breach management policy and to disseminate new rules/regulations on privacy to staff.
• Analyse the types of breaches of Privacy law or regulation within the organisation.
• Create and maintain procedures for staff.
• Provide advice on issues relating to Privacy law and relevant legislation, e.g. for projects, programmes and data sharing
• Conduct reviews of data for compliance.
• Advise all staff arranging for data to be processed by the business by outside contractors, on the statutory requirements of any Privacy law or Regulation to be included in contracts.
• Ensure that Privacy aspects are properly covered in the governance documents of all systems processing personal data.
• Monitor the implementation of Privacy standards, policies and procedures within the organisation.
• Provide Privacy advice, support and regular training for staff.
• Keeping up to date with relevant developments, identifying significant trends.
• Works with legal counsel and his/her immediate supervisor to ensure the business maintains appropriate privacy and confidentiality consent & authorization forms, information notices and materials reflecting current organization and legal practices and requirements.
• Oversees, directs, delivers, or ensures delivery of privacy training and orientation to all Staff, volunteers, medical and professional staff and applicable business associates.
• Participates in the development, implementation, and on-going compliance monitoring of all business associate agreements to ensure that all privacy concerns, requirements and responsibilities are addressed.
• Initiates, facilitates and promotes activities to foster information privacy awareness within the organization and related entities.
• Maintains current knowledge of applicable privacy laws, regulations and accreditation standards, and monitors advancements in information privacy technologies to ensure organizational adaptation and compliance.
• Liaise with the regulator for potential inquiries or information requested.

Job Specification:   

a. Qualifications

• Degree in Information Security / Information Risk or Information Technology.

b. Experience

• At least 5 years related working experience, working knowledge in Information Security/ Risk sector is highly encouraged.

c. Knowledge            

• Relevant IT management skills e.g. project management, application management and development, and operations will be an added advantage.
• Able to interpret and apply the regulator guidelines and best practices on Information Security, Data Privacy and Information Risk requirements is a must.

• Ability to assess risks of the business as a whole.
• Good and clear communicator with all levels of staff.
• Possess the ability to work under pressure as well as independently under minimal supervision.
• High level understanding of technical controls, to be able to question and assess whether appropriate and in line with requirements.
• Must be self-motivated with the ability to work under minimum supervision.
• Proven management and leadership skills.

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.