The Aust/NZ Chief Privacy Officer (CPO) role is a senior member of the global Privacy function, reporting into the global Group Chief Privacy Officer. The successful candidate will have a strong privacy background, will develop and manage Flight Centre Travel Group's privacy management program across the Aust/NZ region, and will be accountable for compliance within the region for all matters related to data protection.
They will work with global teams (e.g., Privacy, Information Security, Legal and Enterprise Risk) to ensure compliance with applicable local and trans-national legislation, provide expert advice to the regional business in data privacy matters, respond to incidents, and drive change as required.
The Aust/NZ CPO will facilitate compliance by coordinating with their counterpart CPOs in other regions and senior executive stakeholders within the Aust/NZ region. Knowing how to persuade and enable the business, while maintaining integrity, the regional CPO collaborates closely with business stakeholders to control risk from potential procedural or technology changes that affect privacy. In addition, the regional CPO represents Flight Centre Travel Group toward internal and external stakeholders (e.g., employees, customers and regulatory authorities).
The Aust/NZ CPO will be required to fulfil the following tasks.
- Work with the Group CPO and other regional CPOs to develop, implement and maintain FCTG’s continuous data privacy program, privacy policies, procedures and documentation, for the processing of personal data.
- Co-ordinate activities with appropriate members of the organisation (e.g., business leads, process owners, development teams, technology, legal, information security, enterprise risk, ethics and compliance, HR, etc.)
- Conduct regular compliance assessments to ensure that Flight Centre Travel Group's legal privacy requirements under applicable local laws are being met.
- Conduct vendor assessment and undertake due diligence processes as required to identify, quantify and address privacy concerns.
- Work with legal to review data privacy requirements within client contracts and ensure third-party suppliers' contracts meet FCTG privacy requirements.
- Support bid-writing teams in RFP responses in relation to data protection matters. Working with, and presenting to, both existing and potential corporate clients to address their privacy concerns.
- Notify regulatory authorities of the organization’s processing activities and data breaches where required. Lead the enterprise's response to privacy-related emergencies and other potentially damaging events.
- Help drive culture change where required.
- Report findings in a structural, transparent and business-relevant manner to regional SWOTs.
- Serve as the internal advisor to interpret privacy-policy-related questions. Work closely with the technology and development teams to anticipate/address privacy issues in new and existing systems and applications.
- Liaise with Flight Centre Travel Group's Chief Information Security Officer in matters relating to data breaches (including preparedness, prevention, impact mitigation and integral management of breaches).
- Conduct or oversee privacy awareness campaigns, training and orientation for all employees — in particular, application developers, HR and marketing.
Position Requirements - Required
A successful CPO candidate will have the expertise and skills described below.
- Bachelor's degree or higher in business administration, law, finance, accounting, engineering, science and technology studies, IT or a related discipline or equivalent experience.
- Two or more of the following certifications: Certified Information Privacy Professional (CIPP), Certified General Data Protection Regulation Practitioner (GDPR-P), Certified Information Privacy Management (CIPM), Certified Information Privacy Technologist (CIPT).
- Five+ years of experience in privacy, data protection, privacy law, risk management, auditing and/or compliance.
- Detailed knowledge of the Australian and New Zealand regulatory privacy regimes.
- Experience or familiarity with governance, risk and compliance (GRC) methodologies.
- Strong analytical and problem resolution skills. Sound business judgment, with the ability to think strategically and give practical advice by balancing business needs with legal risks.
- Strong written and verbal communication skills, and the ability to work well with a diverse client base to articulate the importance of customer privacy.
- Ability to maintain proper documentation, relevant records and archives in an orderly, transparent fashion.
- Willingness to travel as required.
- Being available for incident and emergency handling outside standard office hours, where necessary.
- Has the accessibility and ability to interface with, and gain the respect of, stakeholders at all levels and roles in the company.
- Is comfortable promoting privacy up and down the management chain, including audiences who have varying levels of familiarity with the topic.
- Can work independently, see what needs to be done and has the initiative to take ownership.
- Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity.
Position Requirements - desired
- Detailed knowledge of the EU General Data Protection Regulation (GDPR).
- Knowledge of international data transfer mechanisms (e.g., EU model clauses and/or Binding Corporate Rules).
- Ability to understand business process flows and to provide recommendations for operationalizing compliance requirements.
- Familiarity with cloud computing, online services, web and enterprise applications, and data analytics.
- Experience in ISO 27001, NIST or PCI DSS.
- Prior experience with privacy in Retail or Corporate Travel Management Services and/or experience with privacy in internet or high-tech companies.
- Knowledge of the privacy aspects of product development including privacy/security by design and default and data minimisation.
About the benefits:
- Exceptional remuneration package 150k (negotiable based on experience)
- Travel discounts, health and wellness discounts (My Benefits)
- Leadership Programmes & further education
- Giving Bank & Volunteer Leave
- Employee share scheme