Responsibilities

• Act as the primary point of contact within DATA X for members of staff, regulators, and any relevant public bodies on issues related to data protection, providing support as the Data Protection Officer across SCBX
• Engage in regular dialog with regulators overseeing data privacy and data protection areas to understand current issues and concerns, and align DATA X’s data protection management program with regulatory needs
• Develop and review a Data Protection Management Programme (DPMP) that covers policy, processes, and people for the handling of personal data at each stage of the data lifecycle
• Enhance compliance processes based on an evaluation of gaps in DATA X’s business operations and data protection requirements, and clarify ethically questionable situations at various stages of data or information life cycle
• Ensure that DATA X and all subsidiaries of SCBX’s policy is in accordance with Personal Data Protection Act ("PDPA") and codes of practice
• Evaluate the existing data protection framework and identify areas of non or partial compliance and rectify any issues for DATA X and SCBX Subsidiaries
• Coordinate, harmonize and present outcomes to SCBX’s Group Data Privacy Committee
• Proactively conduct audits to ensure compliance and address potential issues
• Provide expert advice and educate employees on important data protection compliance requirements (e.g. development of new data services)
• Devise training plans and provide data protection advice and support for members of staff across DATA X and all subsidiaries of SCBX
• Inform and advise the Data Controller or Data Processor on all matters related to data protection
• Partners with the Data Governance Office to ensure data compliance
• Promote a culture of data protection compliance across all units of DATA X
• Maintain records of all data processing activities carried out by DATA X

Qualifications

• Bachelor’s or Master’s Degree in Law, Technology or related fields.
• Experience within a legal, compliance, audit and/or risk function department, with experience in dealing with Data Protection issues
• Have significant hands-on privacy experience and expert knowledge of data protection law and practice for the purposes of implementing PDPA mandates
• Experience with managing regulatory engagement
• Strong project management skills
• Ability to work well under pressure and manage sensitive and confidential information
• Excellent verbal and written communication skills, with strong attention to detail
• Ability to communicate complex privacy-related concepts and requirements in simple terms, including being able to translate regulator recommendations into internal guidelines and other documentation
• Understand DATAx's mission and core operations, specifically its processing operations, information systems, and data security and data protection needs
• Keep abreast of changes in law and technology that may change the threat landscape and, as a result, change DATAx's exposure to risk

Core Competencies

• Data Protection Management – demonstrate the ability to design DATA X’s Data Protection management program in accordance with legal requirements
• Business Risk Management – Able to forecast and assess existing and potential data risks which impact the operation and/or profitability of DATA X as well as the development and roll out organization-wide strategies and processes to mitigate risks
• Cyber and Data Breach Incident Management – Able to detect and report cyber and data-related incidents to drive effective resolution
• Integrity – use your strong ethical compass to navigate what are often uncharted territories

Recruiter

Poranee