Job Description

Overview Main purpose: The Privacy Associate Manager will form part of a new Data Privacy Center of Excellence (CoE) Operations Team. The CoE Operations Team will include x5 FTEs: x3 Associate Managers, 1 Privacy Operations Managers, and a Senior Privacy Operations Manager (see separate PAQ). To support the 4 sectors below, excluding Europe as they already have a privacy operations team. The Privacy Associate Manager will report Day-To-Day to the Senior Privacy Operations Manager and Functionally to the Head of Privacy CoE, AMESA Legal Director, based in Dubai. The purpose of the Privacy Operations Team is to ensure that PepsiCo (PEP) complies with a) Global PEP Privacy Policy & Framework and b) existing and / or emerging privacy laws, across the various sectors. The Privacy Associate Manager will support the APAC sector. The following Sectors will be equaly funding the CoE FTEs: AMESA APAC LATAM US (divided between PFNA & PBNA). Overview of the key responsibilities of Privacy Operations Managers include: Facilitating completion of all Data Subject Access Requests i.e. consumers/employees request to access their information Reviewing / approving Privacy Impact Assessments Establishing and maintaing a Data Inventory / Record of Processing of all personal data processing activities by PEP Facilitating data privacy breach notices and/or regulatory reporting and where necessary, under the direction of Sector DPO/ Privay Legal Supporting the implementation and integration of privacy principles, policies, standards, and controls into business-as-usual operations Supporting sector privacy counsel in the design and roll out of a privacy training programme and promoting privacy awareness throughout the business to keep privacy on the business agenda Lead implementation of actions needed to close gaps identified in Privacy Gap Assessments run by the sectors. Responsibilities Accountability: Standards, framework, controls and policies: Driving and supporting the implementation and integration of and embedding of privacy principles, policies, standards, and controls into standard business processes. Adoption of Global PEP Privacy Compliance Platform : Ensure use and adoption (e.g. by training and/or by leading required multi functional initiatives) by the business of PepsiCo\'s Privacy Compliance Platform for privacy related governance and operations and where necessary ensure the design of workflows/processes are capable of being incorporated into business-as-usual operations Privacy Risk Assessments (PIAs) for businesses / functions engaged in data processing: Facilitate the execution and completion of PIAs by business units (BUs) and functional stakeholders, documents remediation plans, monitors their execution and provides appropriate updates to Privacy Councils. This also involves if PIAs trigger a high risk processing activity that may need to be escalated to the sector DPO(s) e.g. via a Data Protection Impact Assessment (DPIA). Communication/Reporting: working with the CoE Privacy Manager to develop and maintain reporting metrics (i.e., KPIs, KRIs) and facilitate regular reporting to DPOs and/or Legal and/or Privacy Councils, as appropriate. Connects on a regular basis with key stakeholders across BU and Functions to understand their current and planned data processing activities and communicate applicable privacy operational requirements. Exercises judgment to raise key risk and compliance issues to the DPO and/or Legal and/or the Privacy Councils. Record of Processing Activities: Work directly with BUs and Functions to develop, create and maintain a log of processing activities undertaken by the business. Where necessary manages maintenance of a record of all personal data processing activities (i.e. data inventory). Data Subject Rights: Facilitate the completion of data subject rights request, partnering with data subject facing functions (Consumer Services, Insights and HR) in continuously endeavouring to make updates as regulatory requirement evolve, improve the management of processes to permit data subjects to exercise their rights afforded by applicable regulations (including facilitating records location/extraction/consolidation/deletion) in accordance withregulatory requirements and/or internal SLAs. Privacy Management Plan/Playbook : Facilitate the development of processes to ensure PepsiCo implements PepsiCo\'s Privacy Management Plan/Playbook and CoE procedures. Where necessary, recommend any required enhancements to address changing regulatory requirements or improve operational efficiencies of the CoE. Lead multifunctional initiatives in this regard (e.g. engaging needed areas, following up on needed actions etc). Data protection by design: Supports the business on the embedding of current privacy policies, standards, and controls into \'Business As Usual\', including third parties who process PEP personal data. This will involve assisting to formulate, embed and enforce protocols and ways of working with IT system owners across the business to ensure privacy risks are identified and addressed in system design as early as possible and prior to PEP implementation and/or onboarding. Training and Awareness: supports in the development of a privacy compliance training programme. Promotes privacy awareness throughout the business and ensuring adequate support is granted to the Sector DPOs in the roll out of a regular cadence of communications to keep privacy on the business agenda. Privacy Councils : Supports DPOs and/or Legal to lead quarterly Regional Privacy Councils as part of the PepsiCo global privacy governance framework, ensuring privacy risk/key privacy matters are raised and escalated appropriately and in accordance with PepsiCo\'s privacy policies and standards . Qualifications Key skills : Bachelor level degree (preferably in law or information technology/cyber security and data security) 6+ years experience Data Privacy, Regulatory Compliance, Risk Management, Audit, Data Governance experience Commercial and financial acumen Technology: Highly proficient with Privacy Compliance Platforms (e.g., OneTrust, TrustArc), ServiceNow, ERP, Content management, Computer, Business Analysis and Project Management Knowledge of operational management accounting Internal governance and control skills Knowledge of data privacy legislative & regulatory landscape Knowledge of reporting and presentation to various levels of stakeholders including senior level Communication and collaboration skills Writing skills (Strategy Roadmaps, Reports, KPIs, KRIs, Policies and Procedures and Standard Operating Procedures) Research skills

foundit