Compliance Officer for Privacy

Company and Position Summary

SomnoMed, a public company listed on the Australian Securities Exchange, is the global leader in innovation, design, manufacturing and selling of custom made, approved and clinically validated medical devices for the treatment of Obstructive Sleep Apnea via oral appliances. SomnoMed's products, teams, processes and systems all aim at helping people across the globe sleep better, and live longer, healthier lives. Hundreds of thousands of patients worldwide have already benefited from this assistance to navigate the diagnosis of Obstructive Sleep Apnoea and the oral device treatment pathway to successful outcomes.

The Compliance Officer for Privacy supports the organization in meeting its obligations under the Philippine Data Privacy Act of 2012 (RA 10173) and maintaining alignment with international privacy and information security standards, including GDPR and ISO/IEC 27001. Working closely with the Data Protection Officer, this role contributes to the implementation, monitoring, and continuous improvement of the company's privacy governance and data protection framework across all business units.

The role is responsible for supporting privacy compliance activities, maintaining key privacy documentation, monitoring regulatory adherence, and embedding privacybydesign principles into systems, processes, and projects. It also provides support in privacy risk management, audits, and incident response, including coordination and regulatory reporting where required.

This position suits a detailoriented and collaborative professional who can work effectively with IT, HR, Legal, and Operations teams. The Compliance Officer for Privacy serves as a trusted partner to internal stakeholders, helping ensure personal data is handled responsibly, securely, and in accordance with legal and regulatory requirements.

This role will report directly to the Data Protection Officer (DPO) and work closely with IT, security, and compliance teams to maintain an effective and sustainable data privacy compliance program.

• Support the implementation and daytoday compliance of SomnoMed's privacy program in line with the Philippine Data Privacy Act (RA 10173) and guidance from the National Privacy Commission.
• Assist the Data Protection Officer (DPO) in maintaining and strengthening the organization's privacy governance framework.
• Maintain core privacy documentation, including PIAs, ROPAs, DPAs, DSAs, consent forms, and privacy notices.
• Monitor personal data processing activities to ensure compliance with regulatory and internal requirements.
• Support the application of privacybydesign and privacybydefault principles across systems, processes, and initiatives.
• Assist in developing and updating privacy policies, procedures, and internal guidelines.
• Ensure privacy records and documentation are auditready.
• Help identify, assess, and mitigate privacy risks related to personal and sensitive personal information.
• Support implementation of privacy controls aligned with best practices (e.g. GDPR awareness, ISO/IEC 27001 alignment).
• Participate in privacy audits, internal reviews, and regulatory readiness activities.
• Assist the DPO in managing privacy incidents, including investigation, documentation, and stakeholder coordination.
• Support preparation of regulatory notifications and reports when required.
• Work with IT, HR, Legal, Procurement, and Operations to embed privacy requirements into systems, vendor engagements, and operations.
• Maintain registers of data processing activities, thirdparty processors, and data sharing arrangements.
• Prepare privacy compliance reports and summaries for management and governance forums.
• Support regulatory submissions and documentation to the National Privacy Commission, as applicable.

Qualifications:

• 13+ years experience in data privacy, compliance, risk management, information security governance, or regulatory compliance roles.
• 2+ years hands-on experience supporting compliance with the Republic Act No. 10173, including familiarity with regulatory guidance from the National Privacy Commission.
• Experience in developing and maintaining privacy compliance documentation such as: Privacy Impact Assessments (PIA), Records of Processing Activities (ROPA), Data Processing Agreements (DPA), Data Sharing Agreements (DSA), Privacy notices and consent documentation.
• Exposure to international privacy frameworks including the General Data Protection Regulation principles and cross-border data protection considerations preferred.
• Familiarity with information security governance frameworks such as ISO/IEC 27001 desirable.
• Experience coordinating privacy compliance activities with cross-functional teams such as IT, HR, Legal, and Operations.
• Experience supporting internal audits, compliance assessments, or regulatory reporting processes desirable.
• Strong documentation, reporting, and policy development capabilities preferred.