Privacy Compliance Consultant

MediCard Phils., Inc. is one of the country's leading HMO and the only HMO founded and run by Doctors. Since its inception, the concept of service-oriented total health care has been the molding ideal of MediCard. The competition is vast, and the benefits being offered by the competitors are tempting. However, MEDICard has taken the lead in providing innovative and productive ideas that cut down the cost of health maintenance without compromising its quality.

MediCard now boasts of more than half a million members and over 54,000 accredited doctors in over 1,000 hospitals and clinics nationwide. It also operates 16 MediCard free-standing clinics that provide services at par with those offered by hospitals minus the confinement.

MediCard is currently looking for assertive, dynamic and energetic individuals to fill up the following vacancy:

As a Data Privacy Compliance Consultant, your primary objective will be to safeguard our organization's data and ensure compliance with Data Privacy laws and regulations. In this role, you will play a crucial role in protecting sensitive information and maintaining the privacy and confidentiality of our customers and stakeholders. You will be responsible for developing and implementing effective data privacy frameworks, policies, and procedures. You will also provide guidance and support in conducting Privacy Impact Assessments and ensuring that data handling practices align with applicable laws and regulations. Your expertise will be instrumental in building a culture of data privacy and security within our organization.Governance:

• Review and update of Privacy-related policies and standards on a regular basis

and/or as needed.

• Conduct Gap Analysis of new and/or amended regulations, advisories, etc.,

related to data privacy.

• Identify priorities and emerging risks through environment, legal and regulatory,

and business scans and align with DP initiatives.

• Identify opportunities to align both strategic and tactical initiatives of the

organization to DP-related laws and regulations and Group-mandated policies to

create more value to the organization.

• Coordinate all DP-related regulatory communications.
• Conduct annual review of the Privacy Impact Assessment.
• Help lead the annual Data Privacy Breach Drill
• Help lead the DP-related incident management activities

Reporting:

• Prompt reporting of high operational risk incidents associated with DP.
• Escalation of DP Breaches to the R&C Department for further assessment.
• Develop, review, and maintain DP-related KRIs.
• Coordinate communications mandated for DP Compliance.

Expert Advice:

• Support IT and Information Security Departments on data protection standards

implementation.

• Support management of contracts with third parties with focus on DP.
• Drive effective DP controls by supporting Business Units
• Support organizational priorities by ensuring timely completion of requested DPrelated activities within the defined Turnaround Time (TAT).
• Provide expert advice as a Subject Matter Expert (SME) to Business Units (BUs)

and senior management members regarding any concerns related to D

Assurance:

• Support the development and help lead in conducting compliance testing to

ensure adherence to DP laws and regulations.

• Drive the execution of regulatory and group-initiated DP risk assessments to

identify, assess, and mitigate potential risks.

• Provide assistance in both internal and external regulatory audits related to DP,

ensuring compliance with applicable laws and regulations, and best practices.

Transformation:

• Provide expert support as a Subject Matter Expert (SME) in driving the

operational transformation of DP initiatives.

Education and Communication:

• Assist in the development of comprehensive training modules related to DP,

ensuring that they are up-to-date and effective.

• Conduct trainings within the organization to educate employees on DP.
• Collaborate in the creation and dissemination of advisories that provide guidance

on DP.

• Attend relevant trainings to stay updated on the latest developments and best

practices in DP.

R&C Others:

• Provide support in identifying and addressing operational, financial, and

regulatory compliance risks associated with DP

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.