The Privacy Risk & Compliance Officer, formerly known as PRCO, is responsible for the overall administration and execution of the global compliance, risk and privacy programs for the country and or subsidiary.This position reports directly into the country management structure and has a direct line reporting relationship to the Regional Privacy Officer, the Head of Risk and the Head of Compliance.

• Matric or Equivalent (Essential)
• Professional qualifications in either security, privacy, compliance or risk management
• Proven senior leadership experience in Privacy and Compliance (Essential)
• Proficient in Microsoft Office including a good working knowledge of PowerPoint and Excel

Responsibilities will include but not limited to:

The PRCO is responsible and accountable for the following activities as well as other activities at the direction of the local leadership team or the Regional Privacy Officer, the Head of Risk and the Head of Compliance.

Privacy Management

• Privacy Notice/Consent Form Communication and Reporting – Ensure all new hires receive privacy notice/consent upon hire and all employees receive updated notices and consents as needed, working with local HR and recruiting teams.
• Monitor and Track communication/disclosure of appropriate notices (when required) to ensure they are received by all employees
• Monitor and tracking of distribution and receipt of consent (when required)
• Evaluate and coordinate with the Global Privacy, Risk & Compliance Office on the communication of any privacy notice and/or consent

• Ongoing monitoring of all personal data processing activities for the country or subsidiary and escalating new or changes to existing personal data processing activity to the Global Privacy & Compliance Office.

• Records of Processing (ROP) Completion & Ongoing Updates
• Ensure completion of ROP’s within OneTrust for Controller & Processor ROP’s, including:
• Ensure new or changes to existing personal data processing activities are appropriately documented and/or updated (controller and processor)

• Ensure new local clients or changes to existing local client processing activities are appropriately documented and/or updated
• In coordination with local/regional IT, review IT ROP’s to ensure accuracy, completeness, and are regularly updated
• In coordination with the appropriate SAM, ensure that data processing activities associated with new global clients are documented in the ROP Processor and changes to existing global client processing activities are appropriately documented and updated in the ROP Processor
• In coordination with local/regional Functions, ensure that new personal data processing activities are appropriately documented in the ROP Controller and is regularly updated with any changes to existing activities.

Records of Processing (ROP) Quality Review

• Review completed ROP’s to ensure completeness and accuracy
• Coordinate with functional team leads as necessary to ensure accuracy

Client Contracts

• In coordination with SAM or local Account Managers, ensure existing clients have been notified regarding data privacy amendments, the negotiation process has been initiated, and client contracts have been updated with data privacy amendments as needed
• In coordination with Business Development, SAM, or local Account Managers, as appropriate, ensure liaison with the Legal Department so that contracts with new clients include the appropriate data privacy and compliance provisions.
• Report to the Global Privacy, Risk & Compliance Office as requested on the status of client contract data privacy and compliance provisions negotiations.

Vendor Due Diligence Review

• Ensure the Privacy and Compliance Due Diligence processes are conducted on all existing, as well as new vendors for the country or subsidiary – working with both local and global procurement
• In accordance with the process established by the Global Privacy & Compliance Office, review and approve completed Vendor Due Diligence Questionnaires, or escalate as needed to appropriate the SVP of Privacy or CPO and Regional Privacy Officer,
• In coordination with local Procurement, ensure that the Privacy and Compliance Due Diligence processes are completed prior to any new vendor contract execution

Reporting

• Provide specific reporting metrics as required by the Global Privacy, Risk & Compliance Office on a regular, consistent basis.

New Business

• Support client bid activity, assisting with pre-sale conversations about all elements of PRCO role and business policies
• Support client due diligence activity
• Deliver all go live activity to the TP control framework

Compliance Management

• Ensure the implementation, maintenance and monitoring of the Global Compliance Framework within the area of responsibility.
• Ongoing monitoring and tracking of applicable local laws, regulations and legal obligations in the fields of risk, compliance and privacy, and report new or amendments to applicable laws, regulations, or legal obligations in the fields of risk, compliance and privacy to the Global Privacy, Risk & Compliance Office, as requested.
• Act as point of contact for BCR/GDPR and other privacy and compliance related audits.
• Regularly measure and analyze the performance of Privacy, Risk and Compliance systems, assess the efficiency of privacy and compliance controls and recommend effective improvements.
• Identify risks or non-conformity issues in relation to Global Privacy and Compliance policies, procedures and processes.
• Together with the Global Privacy, Risk and Compliance Office, provide support to TP subsidiary to identify compliance issues and provide guidance as appropriate.
• Keep abreast of regulatory developments within or outside of TP as well as evolving best practices in compliance control and risk management.
• Document Privacy, Risk and Compliance systems and prepare reports for Global Privacy, Risk and Compliance Office, senior management and together with the Global Privacy, Risk and Compliance Office, external regulatory bodies as appropriate.
• Ensure that all required Privacy and Compliance trainings are delivered to relevant personnel.
• Oversight of country level operational compliance to internal TP standards, working across all departments and supporting local senior leaders to ensure compliance

Risk Management

• The PRCO will be responsible for the implementation and maintenance of the risk management framework within the area of responsibility in-line with our strategic plans. The role will include developing and maintaining detailed risk management processes and working with key business stakeholders to facilitate the embedding of these. It also includes review of control effectiveness and monitoring of mitigation action plans. The PRCO is the key point of contact for risk reporting to the Global Risk Team, for ad-hoc incident reporting and for the escalation of significant risk events.
• Deployment and maintenance of the Risk Management Framework. Ensure this is embedded in core processes and individual roles
• Identification and assessment of risks within the scope of the PRCO
• Work with management teams, risk owners and others to ensure risks and internal controls are documented, current and complete
• Work with local teams to document and roll-out mitigation plans
• Delivery of accurate and complete Risk Registers
• Provide regular updates on Risks and Controls to the Global Risk Team
• Guide local teams and risk owners on the Risk Management Process
• Promote a culture of risk awareness to the local management, ensure clear understanding of the objectives and the importance of the risk management and the internal controls, and explain the consequences of unmanaged risks
• Provide guidance to local points of contact in identification and evaluation of risks
• Provide guidance on the correct use of Risk Categories
• Challenge risk information where needed. Ensure that all relevant details are reported for complete Risk evaluation and monitoring
• Lead the documentation, communication and implementation of the Teleperformance Risk Framework
• Develop, maintain and communicate detailed risk management processes, including reviews of controls
• Review, assess and report risks and issues identified or reported by the business in-line with the process and assist the business in defining and agreeing remedial action where required
• Review controls for effectiveness and manage risk deliverables
• Gather, analyze and report on financial risk exposures where applicable
• Challenge and periodically review controls, recommending and agreeing remedial action where required
• Develop programs of work that encourage managers and employees to use the risk management and controls systems in an effective way
• Encourage and drive quality and continuous improvement of processes used across the business
• Responds to risk management inquiries and consultation requests

Key Competencies

• Integrity and commitment to compliance
• Effective communication skills with both front-line representatives and management
• Assertiveness and a strong working knowledge of the TP country and or subsidiary
• Previous work experience in either risk, compliance or privacy.
• Working knowledge of Data Privacy Regulations with a recognized certification or the ability to gain a recognized Certification within the first 6 months in the position
• Ideally has a working knowledge of Anti Money Laundering legislation and application
• Fluent in English.
• Strong analytical skills and the ability to apply critical thinking skills to a given problem or project.
• Ability to engage and work well at all levels in the organization
• Strong influencing skills are a necessity for this position as you will be working with multiple functions within the country and region to ensure delivery of the global privacy, risk and compliance program objectives.