Gamuda Berhad is looking to recruit an experienced Data Protection Officer (DPO) to meet its obligations under the European Union (EU) General Data Protection Regulation (GDPR) and PDPA.
Reporting to the Head of IT Governance & Compliance, the statutory DPO will monitor compliance and data practices internally across Gamuda Group to ensure the business and its functions comply with the applicable requirements under the GDPR, PDPA, and other related laws.
The DPO will be responsible for staff training, data protection impact assessments, and internal audits.
The DPO will also serve as the primary contact for supervisory authorities and individuals whose data is processed by the organization.
Other responsibilities also include advising, advocating, and ensuring a sustainable, comprehensive, detailed, and customizable roadmap to facilitate security and resiliency and to support the business demands.
Key ResponsibilitiesIn this role, you will work closely with the Legal, Group IT, Compliance, and Governance teams at Gamuda Group to ensure compliance with data privacy laws like GDPR, PDPA, and others.
Key responsibilities include:
Implementing privacy governance frameworks and managing data use in compliance with relevant laws.
Developing and maintaining data protection policies, processes, and tools.
Reviewing projects and conducting privacy impact assessments to ensure legal compliance.
Serving as the main point of contact for employees, regulators, and authorities on data protection matters.
Setting global data privacy standards and ensuring compliance with local regulations.
Delivering privacy training to various business units and promoting a culture of compliance.
Conducting privacy audits and collaborating with Information Security to maintain data asset records and manage security incidents.
Drafting, updating, and reviewing internal data policies and guidelines.
Ensuring compliance with data privacy laws in IT systems and collaborating with privacy attorneys for local law advice.
Assisting with ISO 27001 compliance checks and providing advisory on IT and governance issues.
Performing additional duties as assigned, with some domestic and international travel required.
QualificationsAt least 5-10 years of experience in Data Governance, Data Protection Compliance, or a related field.
Experience in Governance, IT Governance & compliance, IT Audit, Information Security, legal, risk function, or privacy compliance.
Minimum Bachelor Degree in Legal, Computer Science, Information Technology, Computer Engineering, or its equivalent in IT-related field.
Candidates holding an ISACA CISA, CGEIT, ISO Lead Auditor, CRISC, CISSP, CIPT, or CIPP certification are preferred.
Skills & AbilitiesStrong knowledge of EU data privacy and data protection regulation, and a good understanding of other major privacy frameworks and evolving legislation worldwide.
Exceptional communication, problem-solving, and cross-group collaboration skills.
Good command of written and spoken English.
Ability to present ideas in business-friendly and user-friendly language.
Ability to prioritize, track, and manage a large number of divergent tasks and action items.
Ability to influence in a team-oriented, collaborative environment.#J-18808-Ljbffr