Description and Requirements
Make a Regional Impact in Privacy & Cybersecurity
We're looking for a legally trained professional who thrives at the intersection of privacy, cybersecurity, and technology. In this role, you'll advise business and legal stakeholders across AP-shaping our compliance posture, guiding incident response, and helping design governance frameworks that keep our products and operations resilient. You'll collaborate daily with InfoSec, Product Security, IT, Risk, Legal & Compliance, and business units to embed privacy‑by‑design and strengthen cyber readiness.
You'll be the go‑to counsel for evolving AP regulations-from Singapore's PDPA and Cybersecurity Act to India's DPDPA and CERT‑In directions, Australia's cybersecurity reforms, South Korea's Network Act, and more-translating law into practical guidance for engineers and operators.
What you'll do
Compliance, regulatory monitoring & risk management
- Track developments in AP privacy and cybersecurity laws, with a focus on CII/NCII designation impacts, data localisation, and cross‑border transfers maintain our AP requirements database.
- Map cybersecurity legal obligations across AP and identify practice gaps drive remediation plans.
- Support implementation of ISO 27001 and NIST CSF aligned frameworks help prepare for regulatory inquiries and audits.
Legal advisory on cybersecurity laws
- Interpret and apply key cybersecurity legislation and guidelines, including Singapore's Cybersecurity Act (CII, licensing), Malaysia's Cyber Security Act 2024, India's IT Act/CERT‑In and DPDPA, and relevant sectoral rules.
- Advise stakeholders on licensing obligations for cybersecurity service providers coordinate applications where needed.
- Develop training materials and deliver briefings on AP cybersecurity legal risks and best practices.
Privacy & cybersecurity collaboration
- Partner with product and IT engineering to embed privacy‑by‑design/by‑default advise on data minimization, consent, retention, and access control.
- Review designs/architectures to identify privacy and cyber impacts early document technical & organizational measures protecting personal data.
Contractual & vendor risk
- Draft, review and negotiate privacy and cybersecurity provisions (indemnities, data protection, breach notification, audits).
- Assess third‑party vendor privacy/cyber risks support procurement with DPAs, SCCs/BCRs where applicable.
Incident response & crisis management
- Partner with security teams to investigate suspected or actual incidents.
- Lead breach assessment and regulatory reporting draft communications to regulators, customers and affected individuals as required.
Data privacy program support
- Assist senior privacy counsels with privacy reviews, gap assessments, and managing data localisation risks across AP.
- JD or LLB with 8+ years in cybersecurity‑related legal roles (preferably tech or IT‑led organizations).
- Demonstrated ability to advise across AP markets with strong knowledge of major privacy/cyber laws (Australia, Japan, South Korea, India, Singapore, Malaysia, etc.) and frameworks (ISO 27001, NIST CSF).
- Hands‑on experience with incident response and regulatory engagement.
- Excellent communication and stakeholder management across technical and non‑technical teams.
- Fluency in English (written & spoken) Mandarin is a plus additional AP languages (Japanese/Korean) appreciated.
- Certifications such as CIPP/E, CIPT, CIPM, CISSP (or equivalent).
- Familiarity with IT systems, data architecture, or enterprise data management tools.
- Experience in a multinational environment or global privacy program.
- Proficiency in one additional language (e.g., Mandarin, Japanese, Korean).
