Job Prupose
Under the general direction of the Executive Director, the Data Protection Officer is responsible for ensuring the Agency operates in accordance with the Data Protection Act2020. The incumbent is also responsible for providing technical advice and coordinating all aspects relating to data privacy. S/he will play a critical role in safeguarding the privacy rights of individuals for whom data is held or processed by the CCCJ and will ensure that sensitive data is protected in accordance with the law.
KeyOutputs
• External regulations (Data Protection Act) and internal controls adhered to
• Data Protection framework and strategy developed and implemented
• Data protection impact assessments conducted
• Breaches identified and notifications prepared
• Reports prepared and submitted
• Continuous monitoring conducted
• Adherence/compliance with standards monitored
• Governance and accountability mechanisms evaluated and recommendations made
• Research and analysis conducted and findings documented
• Continuous improvement strategies developed and implemented
• Advice and recommendations provided
• Sensitization sessions conducted
Key Responsibility Areas:
Technical/ProfessionalResponsibilities
• Implementing measures and a privacy governance framework to manage data use in compliance with the Data Protection Act, including developing templates for data collection, and assisting with data mapping
• Ensuring that the Council of Community Colleges of Jamaica (CCCJ) processes personal data in compliance with the data protection standards and the Data Protection Act and good practice
• Consulting with the Office of the Information Commissioner (OIC) to resolve any doubt about how the provisions of the Data Protection Act and any Regulations made thereunder are to be applied
• Ensuring that any contravention of the data protection standards or any provisions of the Data Protection Act by the CCCJ is dealt with in accordance with the provisions of the Data Protection Act
• Keeping abreast of Jamaica Data Protection laws and regulations, and industry best practices and international laws including the European Union’s General Data Protection Regulations (GDPR), Electronic Privacy Act and other international data protection laws.
• Notifying in writing, the Data Controller of any contravention of the data protection standards or any provisions of the Data Protection Act
• Investigating and responding to data security breaches or security incidents promptly, ensuring appropriate notices are provided to the regulatory authorities, affected individuals, and other relevant parties as required by law
• Reporting any contravention by CCCJ of the data protection standards or any provisions of the Data Protection Act to the OIC, if the contravention is not rectified within reasonable time after the notification
• Assisting data subjects in the exercise of their rights under the Data Protection Act, in relation to the CCCJ
• Developing internal policies and procedures related to the processing of personal data
• Making recommendations for the appropriate organisational and technical measures to
ensure the security of personal data
• Serving as the primary contact for the OIC on issues relating to the processing of data, and to consult, where appropriate, with regard to any other matter
• Developing and implementing Standard Operating Procedures (SOPs) for addressing all complaints pertaining to the CCCJ’s privacy policies and procedures
• Providing advice/information to the CCCJ and its employees on their obligations under the Data Protection Act and state data protection provisions
• Managing and conducting ongoing reviews of the CCCJ’s Data Protection Framework.
• Disseminating current information on policies, procedures and legislation for the CCCJ’s staff to be aware as well as to promote the quality culture
• Developing and implementing approved certification mechanisms to exhibit compliance
• Monitoring and evaluating recommendations implemented for addressing weakness and deficiencies in relation to the processing of personal data
• Preparing reports and presentations on analysis and findings
• Conducting a data protection Impact Assessment in respect of all personal data in the custody or control of the CCCJ
• Conducting periodic assessments to identify potential risks, gaps, or breaches in data protection and develop strategies to mitigate these risks.
• Conducting sensitization sessions for staff on the components of the Data Protection Act, Regulations and policies
• Collaborating with the CCCJ’s ICT Division in the maintenance of a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications and responding to subject access requests
• Collaborating with the relevant officers from the Internal Audit Unit, Legal Services Unit and other key stakeholders to monitor, implement and analyse compliance programme
• Participating in the collection of data, analysis and reports on key performance measures
• Providing responses to comments and queries from data subjects in relation to the processing of personal data
• Providing regular reporting to the Executive Director and the Executive Team of the CCCJ on data protection activities, compliance status and emerging privacy risks
• Monitoring changes to local privacy laws and makes recommendations where necessary the relevant data privacy and protection law, regulation and policy
• Participating in the collection of data, analysis and reports on key performance measures
• Providing responses to comments and queries from data subjects in relation to the processing of personal data
PerformanceStandards
• External regulations (Data Protection Act) and internal controls adhered to within accordance with legislative framework.
• Data Protection framework and strategy developed and implemented within accordance with legislative Framework
• Data protection impact assessments conducted within agreed timeframes
• Breaches identified and notifications prepared within agreed timeframes
• Reports prepared and submitted within agreed timeframes
• Continuous monitoring conducted within accordance with legislative framework
• Adherence/compliance with standards monitored within accordance with legislative framework
• Governance and accountability mechanisms evaluated and recommendations made
• Research and analysis conducted and findings documented within accordance with legislative framework
• Continuous improvement strategies developed and implemented within accordance with legislative Framework
• Technical advice and recommendations provided within agreed timeframes
• Sensitization sessions conducted within agreed timeframe
Contacts
Internal
| Contact (Title) | Purpose of Communication |
| Executive Director | To receive and provide guidance and technical advice |
| Internal Audit | To provide technical advice and guidance |
| Technological Services Division | To provide technical advice and guidance |
| Department/Divisional Heads | To provide technical advice and guidance |
| All Staff members | To provide technical advice and guidance |
External
| Contact (Title) | Purpose of Communication |
| Office of the Information Commissioner | To obtain and share information relating to the administration of the act |
| Ministries, Departments & Agencies | To receive and provide information, consultation |
| Regional/International Partners | To receive and provide information |
| Members of the Public | To receive and provide information |
Required Competencies
Core
• Excellent oral and written communication
• Excellent presentation skills
• Excellent analytical, judgment, decision making and problem-solving skills
• Excellent planning and organizing skills
• Excellent interpersonal skills to foster harmonious working environment
• Strong Customer Service and quality focus skills
• High level of integrity and confidentiality
Technical
• Sound knowledge of applicable laws, policies, regulation and procedures
• Good knowledge of auditing techniques and practices
• Good knowledge of risk management techniques and strategies
• Knowledge of Corporate Governance Framework for Public Bodies in Jamaica
• Good knowledge and understanding of GOJ policies and programmes an the machinery of government
• Understanding data management and information security principle, including encryption, access controls and risk management
• Good critical reasoning, quantitative and qualitative analysis skills
• Knowledge of change management principles and practices
• Strong environmental scanning, analysis and interpretive skills
• Strong negotiating and persuasive presentation skills
• Experience in conducting data protection impact assessments and developing privacy policies, procedures, and guideline
• Experience with handling data breaches, incidents, and interactions with the Office of the Information Commissioner
• Proficiency in the use of the relevant computer applications
Minimum Required Education and Experience
• Bachelors’ degree in Computer Science, Audit or equivalent qualification from recognized tertiary institution
• Certification in Information Security, Data Protection and/or Privacy Certification such as CIPP, CIPT, ISEB, etc. (preferred)
• Exposure to legal training would be an asset
• Sound knowledge of the Data Protection Act and other applicable data protection policies.
• One (1) year related work experience
Authority To:
• Recommend security procedures and maintenance for Data Protection
• Report breaches to the OIC
• Develop and review data protection policies
• Maintain risk and breach register
• Take remedial action for breaches
• Conduct training and sensitization relating to data protection
• Data Protection Security Audits
• Recommends appropriate standards
• Recommends improvements in corporate governance framework
• Recommends changes to regulatory framework
• Access to highly personal confidential and sensitive data/information
Specific Conditions associated with the Job
• Normal office working environment
• May be required to work beyond normal work hours in order to meet deadlines.
• May be required to work on public holidays/weekends
• Possession of a valid Drivers’ Licence and a reliable motor vehicle
REMUNERATION
Salary scale: $4 266 270.00 – $5 737 658.00 per annum
Application, accompanied with resume, should be submitted
No later than Monday, 2026 May 11
to
Manager, Human Resource Management and Development
The Council of Community Colleges of Jamaica
37 East Street
Kingston
Or
Email: hr@cccj.edu.jm
Subject: Data Protection Officer
Please note the tenure is from 2026 May to 2026 October 31 (Subject to the Government of Jamaica Review)
We thank all applicants for expressing interest; however, only shortlisted candidates will be contacted.
This description may not contain every conceivable duty or task associated with the job. The job holder may, from time to time, be required to perform other tasks and activities which are not enumerated but which are reasonably related to the overall purpose of the position.