We are seeking a detail-oriented and experienced Compliance Officer to oversee the compliance and governance of Microsoft Teams and Teamflect platforms within our organization. The ideal candidate will ensure that the deployment and usage of these tools adhere to security, regulatory, and internal policy requirements. This role will work closely with different types of university units (e.g., academic faculties, administrative units, and healthcare departments/hospitals) to ensure the platforms are configured and utilized in line with privacy laws, data security standards, and industry-specific regulations.
Key Responsibilities:
- Compliance & Governance: Ensure that the implementation and use of Microsoft Teams and Teamflect are in full compliance with relevant data protection laws, such as GDPR, CCPA, HIPAA, and other applicable regulations.
- Ensuring that user roles and access controls within Microsoft Teams are tailored for academic staff, hospital staff, administrative departments, and students, with different levels of access to sensitive information.
- Develop and maintain governance frameworks for the secure use of both platforms, establishing controls around data sharing, document management, and communication.
- Collaborate with IT to define and implement security policies for Teams and Teamflect, including user access, role-based permissions, and audit trails.
- Monitor and ensure compliance with internal policies on data privacy, security, and employee monitoring when using Microsoft Teams and Teamflect.
- Risk Management: Identify potential compliance risks related to the deployment and ongoing usage of Microsoft Teams and Teamflect.
- Perform regular audits and risk assessments to ensure both platforms are operating in accordance with established policies.
- Develop risk mitigation strategies to address vulnerabilities in data handling, access controls, and user activities on the platforms.
- Ensure that any third-party integrations with Microsoft Teams or Teamflect comply with security and privacy requirements.
- Policy Development: Create, review, and update organizational policies that govern the usage of Microsoft Teams and Teamflect.
- Work with all departments to ensure employee feedback, performance reviews, and communications on Microsoft Teams and Teamflect are handled in compliance requirements.
- Ensure policies on data retention, archiving, and deletion are enforced on both platforms in alignment with legal and regulatory obligations.
- Training & Awareness: Develop and deliver training programs for employees on compliance best practices when using Microsoft Teams and Teamflect.
- Conduct regular workshops and awareness campaigns to educate staff about privacy, security, and data protection obligations.
- Ensure that users are aware of the compliance risks associated with sharing sensitive information on the platforms and enforce proper communication protocols.
- Incident Response: Lead incident response efforts in case of data breaches or security violations related to Microsoft Teams or Teamflect.
- Work closely with teams to conduct investigations, document findings, and report incidents to regulatory authorities when necessary.
- Implement corrective actions and preventive measures following incidents to avoid future compliance breaches.
- Reporting & Documentation: Maintain detailed documentation of compliance policies, procedures, and incident reports related to Microsoft Teams and Teamflect.
- Generate regular reports on compliance audits, risk assessments, and incident management for senior management and external auditors if required.
- Ensure that all compliance records are up-to-date and readily accessible for internal and external review.
Requirements:
- Bachelor’s degree in Information Technology, Cybersecurity, Law, Business Administration, or a related field.
- 5+ years of experience in compliance, data security, or risk management roles, preferably within IT or HR systems.
- Experience with Microsoft Teams, Teamflect, or similar collaboration and performance management platforms.
- Familiarity with cloud security and governance frameworks for collaboration tools.
- Strong analytical and problem-solving skills, with an ability to identify risks and propose solutions.
- Excellent written and verbal communication skills for policy development and training.
- Compliance certifications such as CIPP, CISM, CISSP, or ISO 27001.
- Experience in conducting audits and risk assessments for cloud-based collaboration platforms.
- Knowledge of HR compliance related to employee feedback, performance reviews, and engagement tools.
- Experience working in regulated industries such as finance, healthcare, or government.
Required Skills
Training Management, Policy Development, Risk Compliance Management, Risk Management, Cyber Security, Data Security,