Philip Morris International: Building a Smoke-Free Future
Philip Morris International (PMI) is leading a transformation in the tobacco industry to create a smoke-free future and ultimately replace cigarettes to the benefit of adults who would otherwise continue to smoke, society, the company and its shareholders. PMI is a leading international tobacco company engaged in the manufacture and sale of cigarettes, smoke-free products and associated electronic devices and accessories, and other nicotine containing products in markets outside the U.S.
PMI is building a future on a new category of smoke-free products that, while not risk-free, are a much better choice than continuing to smoke. Through multidisciplinary capabilities in product development, state-of-the-art facilities and scientific substantiation, PMI aims to ensure that its smoke-free products meet adult consumer preferences and rigorous regulatory requirements.
Be part of the biggest transformation in the history of our company!
Like many businesses, we are processing ever increasing volumes of personal data, whether that’s related to consumers, employees or others and maintaining compliance with data protection laws around the world (including the EU General Data Protection Regulation - GDPR) is essential.
To respond to the challenges of the dynamic global data protection environment, we are now expanding our Global Privacy Program (GPP) to include full-time Data Privacy Leads covering all markets and functions.
Data Privacy Leads (DPLs) play a critical role by driving the execution of the GPP and coordinating how privacy is embedded in the operations of a PMI, under the guidance of the central GPP team.
As part of global team, each DPL will cover a cluster of countries or one or more business functions.
Data Privacy Leads drive the execution of privacy processes, coordinate the embedding of data privacy into the relevant operations across their entities and ensure that their entities have complete and up-to-date records necessary to demonstrate consistency with GPP and compliance with the GDPR.
This means that the DPL must:
- Maintain an inventory of all activities involving the processing of personal data
- Facilitate and oversee the performing of Data Protection Impact Assessments (DPIAs) for all new personal data processing activities or significant changes to existing ones
- Facilitate and oversee the documentation of key data transfers
- Plan and oversee the delivery of data privacy awareness and training in a risk-based manner
- Contribute to the correct and timely handling of potential personal data breaches
- Manage the handling of non-routine data subject requests (e.g. privacy related complaints from individuals) and monitor the handling of routine data subject requests to ensure correct and timely responses
- Help, in liaison with the Law Department, managing the handling of requests from data protection authorities to ensure correct and timely responses
- Monitor compliance with privacy obligations and GPP requirements and track the execution of necessary actions, including through the timely performance of, and follow-through on, accurate and high-quality Privacy Compliance Assessments (PCAs) performed in prioritized, risk-driven manner
- Together with the Law Department, provide guidance on privacy matters as well as remain aware of relevant developments in privacy legislation
- Provide regular updates on the status and progress of the GPP to management and other stakeholders and promptly escalate on privacy issues as necessary
Instilling a culture of privacy across entities in his/her scope, including engaging with and motivating diverse stakeholders at all levels
Staying aware of initiatives involving personal data processing across the entities in order to ensure privacy measures are triggered appropriately
Balancing business objectives (which may increasingly seek to use personal data) with the interests and rights of individuals to find mutually advantageous solutions
Accurately understanding and capturing the level of compliance with data protection expectations and driving appropriately prioritized actions to drive gaps to closure
Reconciling local legal requirements with the requirements driven by GPP to ensure both are met in the most efficient manner
Responding quickly and correctly in case of potential personal data breaches and non-routine requests from individuals
Skills & experience:
Bachelor or Master degree, typically in Business Administration, Economics, Engineering, Information Technology or Law – a law degree and/or deep expertise in privacy jurisprudence is not a pre-requisite for the position
Beneficial work experience:
Some years in an audit, controlling, compliance, legal/paralegal, IT or consulting function
Multi-year experience working in a multinational business environment
Prior experience to areas such as audit/control, data protection/privacy, system/data security, risk management
Technical know-how & qualifications:
Sound understanding of data privacy principles and concepts
Ability to quickly acquire knowledge of GPP processes, templates and registers
Fluent English, both written and spoken
Good understanding of information technology
Good project management and cross-departmental engagement and coordination skills - to drive and coordinate activities across one or more entities
Strong analytical skills to identify/document issues and prioritize pragmatic actions that effectively solve privacy improvement needs
Good written and verbal communications skills - to train others on privacy processes and practices and to communicate to, and influence, diverse stakeholders on privacy progress
Record-keeping, to ensure timely, accurate and complete privacy records are present in the central GPP registers
JOIN A GLOBAL MARKET LEADER
PMI is the world’s leading international tobacco company, with six of the world's top 15 international brands and products sold in more than 180 markets. In addition to the manufacture and sale of cigarettes, including the number one global cigarette brand, and other tobacco products, PMI is engaged in the development and commercialization of Reduced-Risk Products (“RRPs”). RRPs is the term we use to refer to products that present, are likely to present, or have the potential to present less risk of harm to smokers who switch to these products versus continued smoking. We have a range of RRPs in various stages of development, scientific assessment and commercialization. Because our RRPs do not burn tobacco, they produce far lower quantities of harmful and potentially harmful compounds than found in cigarette smoke. For more information, see www.pmi.com and www.pmiscience.com.
PMI is an Equal Opportunity Employer.