Data Protection Manager

To oversee and ensure the Bank's full compliance with PDPA, Bank Negara Malaysia regulatory requirements and internal data governance policies and procedures. The Data Protection Manager will act as the Bank Data Protection Officer and serve as the primary point of contact for data protection involving regulators, customers, employees and 3rd parties.

Key Competencies

Strong knowledge of banking regulatory landscape (BNM, MAS, Basel, GDPR/PDPA, ISO standards).

Excellent analytical, problem-solving, and decision-making skills.

Strong written and verbal communication skills with ability to influence senior stakeholders.

Project management and organizational skills.

High integrity and ability to handle sensitive information.

Able to work with minimal supervision.

Key Responsibilities

1. Regulatory Compliance

Ensure compliance with PDPA, its regulation and standards and relevant BNM Requirements including :

o Risk Management in Technology (RMiT)

o Outsourcing Policy

o Management of Customer Information and Permitted Disclosures

2. Stakeholder & Cross-Functional Engagement

Partner with IT Risk, IT, and Business stakeholders to embed data protection practices.

Provide training and awareness on data protection & governance principles.

Act as a subject matter expert for data protection & governance-related initiatives and projects.

3. Data Protection and Privacy

Establish, review and maintain a bank-wide data protection & privact / governance framework.

Define policies for data ownership, data quality, data classification, and data lifecycle management.

Drive compliance with data protection and privacy laws (e.g., PDPA, GDPR).

Collaborate with business units and IT to improve data integrity, accuracy, and availability.

Support enterprise data initiatives such as data lakes, analytics, and reporting.

4. Governance & Risk Oversight

Develop and maintain data governance frameworks for cybersecurity, IT risk, and data management.

Ensure adherence to internal policies, regulatory guidelines, and industry standards.

Prepare reports and dashboards for management committees, board sub-committees, and regulators.

Coordinate data governance forums, steering committees, and risk review sessions.

Monitor compliance with applicable banking regulations (e.g., Bank Negara Malaysia RMiT, MAS TRM, GDPR, PCI DSS, ISO 27001).

Support regulatory audits, internal audits, and compliance reviews.

Liaise with regulators on governance and compliance matters.

Ensure timely closure of audit/compliance findings.

Maintain an inventory of regulatory obligations and track adherence.

5. Performance Indicators

Zero major regulatory non-compliance findings relating to data protection & privacy

Timely closure of data privacy incidents

Successful completion of internaland external audits

Qualifications & Experience Education:

Bachelor's degree in Risk Management, Information Security, or related field.

Master's degree or MBA is an advantage. Professional Certifications (preferred):

Data Governance / Privacy: CDMP, DCAM, CIPP, CIPM

Security / Risk: CISSP, CISM, ISO 27001 Lead Implementer or Auditor Experience:

58 years of experience in data protection, compliance, IT governance, IT compliance, risk, or data management roles, preferably in banking/financial services.