Each Privacy & Security Lead will provide oversight, leadership reporting, and strategic direction for local Data Privacy (“DP”) and Information Security (“IS”) requirements and activities within their GU. They will act as the primary local point of contact in assigned countries for all DP and IS topics and play an active role in driving DP and IS operations, controls, risk management, awareness and improvement within their local scope within their GU. They will be supported by Legal, Information Security, and other functions in performing their role.
Leads will report directly to Geographic Services leadership. They will be accountable to the Data Privacy and Information Security leads (including the Data Protection Officer) and act at their direction to ensure consistency with Accenture’s global DP and IS programs, including strategy, external relations, compliance, and processes. They will collaborate closely with the Data Privacy and Information Security teams to obtain information and advice.
Expertise and Professional qualities:
Advise on and manage DP and IS programs and activities
- Understand the triggers and requirements for performing DP and IS activities and processes for executing these (for example, privacy reviews, Data Privacy Impact Assessments and recording of processing activities) and participate in such activities where this is part of the defined process
- Advise and support client facing and internal teams on where to obtain advice on DP activities such as contract negotiations, new offerings, internal projects, client contracts, M&A activity, individual complaints and requests for exercise of individual rights and on IS activities
- Participate in the management of data security incidents in accordance with Accenture processes, in alignment with other relevant stakeholders (for example as advised and directed by Accenture’s Computer Incident Response Team (CIRT) and/or Legal (in particular Legal Data Incident Team)).
- Work with stakeholders (e.g. Information Security, account teams, other corporate functions) on DP and IS law, compliance and risks as required (for example by providing input on any changes to scope in controls or processes required as a result of new local laws)
- Recognize and appropriately deal with conflicts of interest and other concerns
Implement IS objectives and controls
- Determine the local IS objectives
- Ensure all applicable IS controls are implemented and are operating effectively to mitigate against the identified IS risks
- Be responsible for establishing, operating, monitoring and improving the local Information Security Management System (ISMS) in order to manage the IS risk faced by the information systems and data assets within scope
- Ensure that via the asset register there is a clear understanding of the assets the management system is seeking to protect, with this being reviewed and refreshed on at least an annual basis and when other situations trigger the need for an update (e.g. organizational changes)
- Ensure appropriate checks are carried out (as defined by the ISMS) to provide evidence that the IS controls are in place, and are being effective
- Conduct periodic IS risk assessments to ensure that the risks to assets are identified and understood, including identifying new risks and reassessing previously identified risks
- Act as the key local point of contact for their ISMS
Be involved in all local DP and IS regulatory and auditory requirements
- Monitor compliance by reviewing information provided by central audit and monitoring teams (for example Internal Audit and Security Assessments team)
- In alignment with the Data Privacy team and other relevant teams, input and respond to requests from regulators – information, inspection, audit – and any enforcement action
- Ensure that local filings/notifications of systems and data processing are maintained and any required authorizations obtained
Manage training and awareness
- Actively promote and encourage local engagement (including with senior leadership) on DP and IS topics, including delivering training and awareness programs based on globally packaged materials
- Play an active role in driving DP and IS risk management and improvement
- Be able to speak knowledgably on DP and IS to client facing and internal teams and direct their queries appropriately
- Identify and engage with relevant stakeholders and work with them to ensure the appropriate controls are in place to protect the assets they are accountable for
- Keep up to date with local DP and IS topics such as regulatory guidance and enforcement action, activities of relevant industry and standards associations etc.
Report on Accenture’s global DP and IS programs
- In coordination with the Data Privacy and Information Security teams, report on agreed DP and IS topics to leadership, local boards, and regulators as required
- Proactively raise trends, potential threats, concerns or other information with the Data Privacy team, Information Security and other stakeholders as appropriate
- Manage and chair the local Information Security Management Forum (ISMF) and provide linkage with the Information Security Corporate Function