Privacy Advisor

Privacy Advisor

If you live in Australia or New Zealand, you've likely heard of AMP. But at a time when society is changing, we are too. We're now a nimbler business with new leadership and thinking.

For us, these are exciting times. There's a real potential for big thinkers to help us redefine what financial services could be. And turn our legacy into something even more positive and powerful for the future.

**Help people create their tomorrow, while you create yours**

We help people with their banking, super, retirement and finances. Through upturns, downturns, recessions, and major life transitions. Every day, we help people see and make more of their financial potential, so that they can create their tomorrow. And we've been doing it for over 170 years.

If we do our job well, we genuinely add to the prosperity of our country and its people.

**How you'll make an impact**

The Privacy Advisor is responsible for enhancing privacy risk management within the Superannuation & Retirement and Platforms businesses through assisting in the implementation and ongoing operation of the AMP privacy risk management framework, including compliance with privacy obligations.

**Main Focus Areas**:

- Delivering timely and quality privacy risk management advice and guidance
- Providing privacy and compliance advice on the development of changes & projects, via the privacy and compliance impact assessments.
- Providing advice and guidance on privacy and compliance related matters including the management of data breaches and direct consultations
- Undertaking Privacy Impact Assessments
- Develop/deploy privacy training materials and other communications to increase employee understanding on initial employment, and ongoing, of AMP group privacy policies, data handling practices and procedures, and legal obligations.
- Periodically carry out a reconciliation between data mapping record changes and additions vs. PIAs completed, as part of ongoing monitoring of emerging and ongoing privacy risks.
- Conduct investigations into privacy and data breaches to understand root cause
- Document data processing activities across business, including assigning owners and managers for the records in OneTrust, maintaining the accuracy of records and reporting on these as required
- Complete the privacy compliance self-assessment on an annual basis to identify gaps in business areas current maturity and document remediation activates required to improve this
- Liaise with Privacy team to get self-assessment reviewed and endorsed, and business leaders to ensure appropriate resourcing is provided for the uplift required
- Support the documentation and management of privacy risks and controls.
- If the PIA is out of risk appetite, work with appropriate stakeholders to document risk acceptance or find an alternative option for their business activity.
- Ensure appropriate awareness around privacy risk management activities and facilitate training sessions where specific training is required (e.g. privacy champion training, OneTrust walkthroughs, data breach assessor training, and/or Privacy by Design training). Privacy Office may be consulted for SME input
- Ensure that new starters within the Super businesses are appropriately onboarded, this includes that they have an understanding of the privacy program e.g. basic understanding of data breach management, PIAs, privacy notices etc.
- Ensure that appropriate capability exists in the business (e.g. there may be dedicated SMEs and Privacy Champions, or privacy awareness is enhanced amongst all staff overall)
- Privacy management reporting across Superannuation
- Provide awareness of "best practices" on privacy and data protection issues

**What you will bring to the team**

Ideally, you will bring the following experiences to this role:

- Experience (3+ years) within a privacy or compliance advisory role.
- A good understanding of monitoring, assessment and actioning of privacy detection tool alerts.
- Knowledge of the common law and any relevant legislation as it relates to privacy and general compliance related activities in Australia.
- Ability to understand privacy and compliance risks inherent or emerging in a business area, to assess the level of risk, and to develop and execute plans to mitigate risk.
- Knowledge of key privacy risks within the financial services relevant to AMP.
- Knowledge of privacy regulations, standards, policies and frameworks.
- Understanding of the financial services industry, relevant regulators, and current and proposed financial services regulatory and legislative requirements.
- Good report writing, presentation and verbal communications skills
- Ability to think, plan and act strategically and commercially

**You'll thrive here if...**

If you can adapt from BAU to the ambiguous with ease, you'll do well here. Change is never easy, so bring your commitment, grit and growth mindset.

Because we run lean, you'll be expected to jump in and deliver across