Tokyo, Japan


Information Technology



Job ID


Philip Morris International: Building a Smoke-Free Future Philip Morris International (PMI) is leading a transformation in the tobacco industry to create a smoke-free future and ultimately replace cigarettes to the benefit of adults who would otherwise continue to smoke, society, the company and PMI’s shareholders. PMI is a leading international tobacco company engaged in the manufacture and sale of cigarettes, smoke-free products and associated electronic devices and accessories, and other nicotine containing products in markets outside the U.S. PMI is building a future on a new category of smoke-free products that, while not risk-free, are a much better choice than continuing to smoke. Through multidisciplinary capabilities in product development, state-of-the-art facilities and scientific substantiation, PMI aims to ensure that its smoke-free products meet adult consumer preferences and rigorous regulatory requirements. Be part of the biggest transformation in the history of our company. The Team Like many businesses, we are processing ever increasing volumes of personal data, whether that’s related to consumers, employees or others. Maintaining compliance with data protection laws around the world (including the EU’s General Data Protection Regulation and Japan’s Act on the Protection of Personal Information) is essential. To respond to the challenges of the dynamic global data protection environment, we have been expanding our Global Privacy Program (GPP) to include a global team of full-time Data Privacy Leads covering all our markets. The Role Data Privacy Leads (DPLs) play a critical role by driving the execution of the GPP and coordinating how privacy is embedded in the operations of PMI affiliates, with the guidance and support of our central GPP team. The position based in Tokyo will cover our Japanese market - one of our largest and most dynamic and challenging markets globally – as well as a number of other key Asia markets. Responsibilities: The Data Privacy Lead will drive the execution of privacy processes, coordinate the embedding of data privacy into the relevant operations across the affiliates and ensure that the affiliates have complete and up-to-date records necessary to demonstrate consistency with GPP and compliance with the applicable privacy laws.. This means that the DPL’s responsibilities include the following: - Maintain an inventory of all affiliate activities involving the processing of personal data - Facilitate and oversee the performing of Data Protection Impact Assessments (DPIAs) for all new personal data processing activities or significant changes to existing ones - Facilitate and oversee the documentation of key data transfers - Plan and oversee the delivery of data privacy awareness and training in a risk-based manner - Contribute to the correct and timely handling of potential personal data breaches - Manage the handling of non-routine data subject requests (e.g. privacy related complaints from individuals) and monitor the handling of routine data subject requests to ensure correct and timely responses - Help, in liaison with the Law Department, managing the handling of requests from data protection authorities to ensure correct and timely responses - Monitor compliance with privacy obligations and GPP requirements and track the execution of necessary actions, including through the timely performance of, and follow-through on, accurate and high-quality Privacy Compliance Assessments (PCAs) performed in prioritized, risk-driven manner - Together with the Law Department, provide guidance on privacy matters as well as remain aware of and anticipate relevant developments in privacy legislation - Provide regular updates on the status and progress of the GPP to management and other stakeholders and promptly escalate on privacy issues as necessary. Major Challenges: Instilling a culture of privacy across affiliates in his/her scope, including engaging with and motivating diverse stakeholders at all levels. Staying aware of initiatives involving personal data processing across affiliates in order to ensure privacy measures are triggered appropriately. Balancing business objectives (which may increasingly seek to use personal data) with the interests and rights of individuals to find mutually advantageous solutions. Accurately understanding and capturing the level of compliance with data protection expectations and driving appropriately prioritized actions to drive gaps to closure. Reconciling local legal requirements with the requirements driven by GPP to ensure both are met in the most efficient manner. Responding quickly and correctly in case of potential personal data breaches and non-routine requests from individuals. Skills & experience: Education: Bachelor or Master degree, typically in Business Administration, Economics, Engineering, Information Technology or Law – a law degree and/or deep expertise in privacy jurisprudence is not a pre-requisite for the position. Beneficial work experience: Some years in an audit, controlling, compliance, legal/paralegal, IT or consulting function Multi-year experience working in a multinational business environment Prior experience to areas such as audit/control, data protection/privacy, system/data security, risk management Technical know-how & qualifications: Sound understanding of data privacy principles and concepts Ability to quickly acquire knowledge of GPP processes, templates and registers Fluent in Japanese and English, both written and spoken Good understanding of information technology Competencies: Curiosity and ability to learn, a positive attitude, and a pragmatic approach to find practical solutions to often complex questions Good project management and cross-departmental engagement and coordination skills - to drive and coordinate activities across multiple affiliates Strong analytical skills to identify/document issues and prioritize pragmatic actions that effectively solve privacy improvement needs Good written and verbal communications skills - to train others on privacy processes and practices and to communicate to, and influence, diverse stakeholders on privacy progress Record-keeping, to ensure timely, accurate and complete privacy records are present in the central GPP registers JOIN A GLOBAL MARKET LEADER PMI is the world’s leading international tobacco company, with six of the world's top 15 international brands and products sold in more than 180 markets. In addition to the manufacture and sale of cigarettes, including the number one global cigarette brand, and other tobacco products, PMI is engaged in the development and commercialization of Reduced-Risk Products (“RRPs”). RRPs is the term we use to refer to products that present, are likely to present, or have the potential to present less risk of harm to smokers who switch to these products versus continued smoking. We have a range of RRPs in various stages of development, scientific assessment and commercialization. Because our RRPs do not burn tobacco, they produce far lower quantities of harmful and potentially harmful compounds than found in cigarette smoke. For more information, see and PMI is an Equal Opportunity Employer. #LIjobs