Job Summary

The Group Legal Counsel, Corporate Secretary and Data Protection Officer (DPO) is a senior executive role responsible for providing comprehensive legal advisory services, corporate governance oversight, and institution-wide leadership for data protection and privacy compliance across the University of the Commonwealth Caribbean (UCC) and its subsidiaries.

The role ensures full compliance with all applicable laws and regulations, including the Data Protection Act, Cyber Crime Act, and relevant corporate, commercial, employment, and regulatory requirements. The incumbent safeguards the legal, reputational, and data integrity interests of the University while supporting strategic decision-making, operational efficiency, and institutional accountability.

Key Responsibilities and Accountabilities

Legal Advisory and Representation

• Provide comprehensive legal support and advisory services to the University and its subsidiaries.
• Initiate, manage, and oversee legal proceedings, including preparation of pleadings, briefs, submissions, and defences.
• Prepare and review contracts, memoranda of understanding, notices, circulars, correspondence, and other legal instruments.
• Review procurement, maintenance, partnership, grant, and international collaboration contracts for compliance with University and Government of Jamaica requirements.
• Provide ongoing advice on statutory and regulatory compliance affecting institutional operations.
• Conduct legal research and advise executive leadership on legal risks, policy implications, and regulatory developments.
• Support dispute resolution, negotiations, and settlements as required.

Corporate Governance and Secretariat Functions

• Serve as Corporate Secretary to the University and its subsidiaries.
• Ensure compliance with corporate governance frameworks, statutory filings, and board requirements.
• Prepare, review, and maintain official governance documents, including minutes of Council, Board, and Committee meetings.
• Support institutional policy development, review, and amendment.
• Ensure official records and documents are compliant, complete, and properly archived.

Data Protection and Privacy Oversight (Data Protection Officer Functions)

• Act as the designated Data Protection Officer for the University.
• Ensure compliance with the Data Protection Act, Cyber Crime Act, and applicable data privacy regulations and standards.
• Maintain and periodically review the University’s Data Protection Governance Framework, policies, and action plans.
• Advise executive leadership on data protection obligations, risks, and compliance strategies.
• Serve as the primary liaison with the Office of the Information Commissioner and other regulatory authorities.
• Conduct and oversee Data Protection Impact Assessments (DPIAs) for new systems, projects, and initiatives.
• Monitor day-to-day data protection compliance across campuses and departments.
• Investigate and manage data breaches, incidents, and remediation actions.
• Collaborate with Human Resources, IT, Registry, Marketing and Communications, and other units to enforce secure data handling, document management, archiving, and digitisation standards.

Training, Awareness and Monitoring

• Design and deliver legal compliance, data protection, and privacy training for staff, students, and stakeholders.
• Promote a culture of compliance, accountability, and ethical data handling across the institution.
• Conduct periodic legal and data privacy audits and compliance reviews.
• Prepare reports and provide updates to executive leadership and governing bodies on legal and data protection matters.

Qualifications and Experience

• Bachelor of Laws (LL.B.) and Certificate of Legal Education (CLE).
• Master’s degree in Law, Information Security, Compliance, Audit, or a related field is an asset.
• Minimum of five (5) years’ experience as a practising attorney in corporate, commercial, business/contract, tort, conveyancing, and regulatory law.
• Minimum of three (3) years’ experience in data protection, compliance, records management, or information governance.
• Data protection or privacy certification (e.g., CIPP, CIPM, CIPT) is highly desirable.

Core Competencies

• High ethical standards, integrity, and sound professional judgment.
• Strong knowledge of corporate governance, regulatory compliance, and data protection law.
• Excellent analytical, research, negotiation, and problem-solving skills.
• Strong knowledge of commercial, business, and contract law principles and practices.
• Working experience in conveyancing law and practice.
• Knowledge of civil and criminal law procedures.
• Strong organisational, leadership, and stakeholder management capabilities.
• Exceptional written and oral communication skills.
• Ability to manage highly sensitive and confidential information.

Terms of Reference

• Initiate and pursue legal proceedings on behalf of the University, including writ preparation, defences, submissions, and pleadings.
• Prepare briefs, witnesses for pre-trial matters and hearings, and management updates on statutory amendments.
• Review procurement and maintenance contracts for compliance with University and Government standards.
• Provide continuous advice on statutory compliance.
• Draft and review legal documents, reports, and official correspondence.
• Review contracts relating to international partners, grants, and collaborative projects.
• Contribute to institutional policy formulation, implementation, and amendment.
• Review official documents for compliance and completeness.
• Provide legal advice on operational and governance matters.
• Conduct legal research and advise executive leadership accordingly.
• Perform other related legal duties as assigned.