At Viva, we look for passionate individuals who truly love what they do. Now is the perfect time to join our team! Viva is the lowest-cost, most preferred, fun, and profitable airline in the Americas, operating the youngest fleet in Latin America and ranking among the fastest-growing airlines worldwide. We foster a culture of inclusion, passion, and transparency—breaking traditional norms, redefining the way we work, and committing to excellence in service and passenger safety.
As our Data Protection Manager, you will play a key role in strengthening Viva’s Data Protection and Information Governance framework. You will be responsible for designing, implementing, and maintaining policies, procedures, controls, and risk management practices that ensure compliance with privacy regulations, international standards, and internal governance requirements. This role will partner closely with Audit, Technology, Legal, Compliance, and business teams to protect personal data, mitigate risks, and promote a strong privacy culture across the organization.
Your deliverables will include:
• Design, implement, and maintain Viva’s Data Protection framework, including policies, procedures, controls, and governance mechanisms.
• Develop and maintain Personal Data Inventories (PDI), data mapping exercises, and Records of Processing Activities (RoPA).
• Lead Privacy Impact Assessments (DPIAs) and data protection risk assessments, identifying mitigation plans and control improvements.
• Ensure alignment with applicable privacy regulations and frameworks, including the Mexican Federal Law on Protection of Personal Data, GDPR, and ISO 27701.
• Collaborate with Technology, Audit, Compliance, Risk, and business stakeholders to strengthen privacy controls and data governance practices.
• Support the implementation and continuous improvement of information security, privacy, and internal control frameworks.
• Coordinate cross-functional initiatives and projects related to privacy, data governance, and regulatory compliance.
• Monitor, assess, and report privacy-related risks, control effectiveness, and remediation activities.
• Promote awareness and best practices related to data protection and privacy across the organization.
What are we looking for?
• 7+ years of experience in Data Protection, Information Security, IT Audit, Internal Controls, Risk Management, or related areas.
• Proven experience implementing and maintaining Data Protection frameworks under ISO 27701.
• Strong knowledge of privacy regulations and governance frameworks such as GDPR, ISO 27701, ISO 27001, COSO, COBIT, ITIL, and NIST.
• Experience conducting privacy assessments, data mapping, RoPA documentation, and risk evaluations.
• Solid background in IT Audit, Information Security controls, Internal Controls, or compliance functions.
• Experience leading cross-functional projects and collaborating with senior stakeholders across the organization.
• Experience working within highly regulated industries such as aviation, financial services, telecommunications, energy, or consumer goods is highly preferred.
• Advanced English.
Education:
• Bachelor’s degree in Information Systems, Computer Science, Industrial Administration, Engineering, or a related field.
• Postgraduate studies in Data Protection, Information Security, Risk Management, Audit, or related disciplines are required.
Preferred Certifications:
• CIPP, CISA, CIA, CISM, CISSP, CRISC, ISO 27001 Lead Auditor, CDPSE, or other relevant Data Protection and Information Security certifications.
