Data Protection and Privacy

Req ID: 7116

Job Description:

Summary
The Assistant Manager, Data Protection & Privacy will support the implementation and operationalisation of Bank’s data protection and privacy program. This position will ensure compliance with relevant data protection laws and regulations (MCIPD, PDPA, etc.) and internal policies. The role involves assessing and governing processes and solutions related to data handling, processing, and security, contributing to the overall maturity of the bank's data privacy posture.

Duties and Responsibilities
Program Implementation and Operational Support:

Assist in the day-to-day operations of the data protection and privacy program.
Support the implementation and maintenance of data privacy policies, procedures, and standards.
Participate in data protection impact assessments (DPIAs) and privacy risk assessments.
Assist in the development and delivery of data privacy training and awareness programs.
Maintain accurate records of data processing activities and compliance efforts.
Support the handling of data subject requests (e.g., access, rectification, erasure).
Assist in the management of data breach incidents and investigations.
Monitor and track compliance with data protection requirements across the organization.
Assist to conduct Data Loss Prevention (DLP) continuous improvement policy rules and control effectiveness review.

Process and Solution Assessment & Governance:

Evaluate existing and proposed business processes and technology solutions for compliance with data protection principles.
Conduct privacy reviews of new and existing systems, applications, and data flows.
Assess third-party vendors and service providers for data protection compliance.
Contribute to the development and implementation of data governance frameworks and controls.
Assist in the development of data mapping and data inventory processes related to data protection and privacy scope.
Support the implementation of privacy-enhancing technologies (PETs) and data anonymization techniques.
Provide guidance and support to business units on data protection best practices.
Collaborate with IT security, legal, and compliance teams to ensure alignment on data protection initiatives.
Contribute to the development of data retention and disposal policies.

Compliance Monitoring and Reporting:

Monitor changes in data protection laws and regulations and assess their impact on the bank.
Assist in the preparation of compliance reports and presentations for management.
Assist in the periodic reviews to assess the effectiveness of data protection and privacy controls.
Track and report on key performance indicators (KPIs) related to data protection and privacy.
Support the preparation for and response to regulatory audits and inquiries.
Collaborate with IT Security teams to ensure the implementation of strong data security controls.

Qualification
Bachelor’s degree in computer science, Information Technology, Law, Business Administration or related field.
Years of Experience
3 or more years of experience in any of the required disciplines: Data protection, privacy, compliance, or a related field.
Specific Skills/ Knowledge and Certification Required
Knowledge of relevant data protection laws and regulations i.e PDPA
Understanding of data governance principles and practices.
Experience in conducting privacy risk assessments and DPIAs.
Familiarity with data security concepts and technologies.
Strong analytical and problem-solving skills.
Excellent communication and interpersonal skills.
Ability to work independently and as part of a team.
Possess strong verbal and written communication skills, and capable of engaging various stakeholders.
Experience in the financial services industry is a plus.