Job Description:
- Support the Data Protection Officer (DPO) in developing, implementing and maintaining effective internal data privacy policies and procedures in alignment with data protection requirements.
- Monitor regulatory development in data protection, cybersecurity and disseminate this information to the stakeholders and assess their impact on business operations.
- Conduct privacy impact assessment and support risk mitigation strategies, including identifying key data privacy risks/weaknesses and to recommend ways to enhance procedures in order to improve operational efficiency.
- Develop privacy compliance strategies in line with data protection and cybersecurity law and regulations to mitigate the Corporation's exposure to privacy risk.
- Collaborate with stakeholders in reviewing existing internal controls and processes related to data privacy to ensure that any identified gaps are being addressed.
- Review and assess third party relationships that pose higher risk for data privacy.
- Assist DPO in responding to data subject requests and regulatory inquiries.
- Coordinate/conduct investigation and assessment on personal data breach incident for reporting to the relevant authorities.
- Work closely with stakeholders to ensure appropriate technical and organizational measures for data protection.
- Develop and implement appropriate data privacy training for employees, senior management and directors of the Corporation.
- Assist DPO in providing guidance, attending queries on data privacy matters by providing advisory for informed decision making.
- Support the privacy champions in each division in their execution of data privacy strategies.
- Assist DPO in preparing data privacy reports and updates to relevant management committees and board committees.
- Perform miscellaneous job-related duties as assigned by the Head, Compliance & Integrity from time to time.
Job Requirement:
Qualification: Candidate must possess at least a Bachelor's Degree in Law/Banking/Finance or equivalent field.
Experience: At least 7 years of working experience in regulatory compliance. Extensive experience in handling customer data or PDPA related advisory and/or policies.
Knowledge: Knowledge in PDPA 2010 and cybersecurity related requirements is a MUST.
