Philip Morris International: Building a Smoke-Free Future
Philip Morris International (PMI) is leading a transformation in the tobacco industry to create a smoke-free future and ultimately replace cigarettes to the benefit of adults who would otherwise continue to smoke, society, the company and its shareholders. PMI is a leading international tobacco company engaged in the manufacture and sale of cigarettes, smoke-free products and associated electronic devices and accessories, and other nicotine containing products in markets outside the U.S.
PMI is building a future on a new category of smoke-free products that, while not risk-free, are a much better choice than continuing to smoke. Through multidisciplinary capabilities in product development, state-of-the-art facilities and scientific substantiation, PMI aims to ensure that its smoke-free products meet adult consumer preferences and rigorous regulatory requirements.
Be part of the biggest transformation in the history of our company!
Like many businesses, we are processing ever increasing volumes of personal data, whether that’s related to consumers, employees or others and maintaining compliance with data protection laws around the world (including the EU General Data Protection Regulation - GDPR) is essential.
To respond to the challenges of the dynamic global data protection environment, we are now expanding our Global Privacy Program (GPP) to include full-time Data Privacy Leads covering all markets and functions.
Data Privacy Leads (DPLs) play a critical role by driving the execution of the GPP and coordinating how privacy is embedded in the operations of a PMI, under the guidance of the central GPP team.
As part of global team, each DPL will cover a cluster of countries or one or more business functions.
Data Privacy Leads drive the execution of privacy processes, coordinate the embedding of data privacy into the relevant operations across their entities and ensure that their entities have complete and up-to-date records necessary to demonstrate consistency with GPP and compliance with the General Data Protection Regulation (GDPR).
This means that the DPL must:
- Maintain an inventory of all activities involving the processing of personal data
- Facilitate and oversee the performing of Data Protection Impact Assessments (DPIAs) for all new personal data processing activities or significant changes to existing ones
- Facilitate and oversee the documentation of key data transfers
- Plan and oversee the delivery of data privacy awareness and training in a risk-based manner
- Contribute to the correct and timely handling of potential personal data breaches
- Manage the handling of non-routine data subject requests (e.g. privacy related complaints from individuals) and monitor the handling of routine data subject requests to ensure correct and timely responses
- Help, in liaison with the Law Department, managing the handling of requests from data protection authorities to ensure correct and timely responses
- Monitor compliance with privacy obligations and GPP requirements and track the execution of necessary actions, including through the timely performance of, and follow-through on, accurate and high-quality Privacy Compliance Assessments (PCAs) performed in prioritized, risk-driven manner
- Together with the Law Department, provide guidance on privacy matters as well as remain aware of relevant developments in privacy legislation
- Provide regular updates on the status and progress of the GPP to management and other stakeholders and promptly escalate on privacy issues as necessary
Skills & experience:
Bachelor or Master degree, typically in Business Administration, Economics, Engineering, Information Technology or Law – a law degree and/or deep expertise in privacy jurisprudence is not a pre-requisite for the position
Beneficial work experience:
1) Decent working experience in an audit, controlling, compliance, legal/paralegal, IT or consulting function
2) Multi-year experience working in a multinational business environment
3) Prior experience to areas such as audit/control, data protection/privacy, system/data security, risk management
Technical know-how & qualifications:
1) Sound understanding of data privacy principles and concepts
2) Ability to quickly acquire knowledge of GPP processes, templates and registers
3) Fluent English, both written and spoken
4) Good understanding of information technology
1) Good project management and cross-departmental engagement and coordination skills - to drive and coordinate activities across one or more entities
Strong analytical skills to identify/document issues and prioritize pragmatic actions that effectively solve privacy improvement needs
2) Good written and verbal communications skills - to train others on privacy processes and practices and to communicate to, and influence, diverse stakeholders on privacy progress
3) Record-keeping, to ensure timely, accurate and complete privacy records available