Regional Personal Data Specialist (1 Year Contract)Part-time
Office Location: Malaysia
About Carousell Group
Carousell Group is the leading multi-category platform for secondhand in Greater Southeast Asia on a mission to make secondhand the first choice.
Founded in August 2012 in Singapore, the Group has a leading presence in seven markets under the brands Carousell, Carousell Media Group, Cho Tot, Laku6, LuxLexicon, Mudah.my, OneShift, REFASH and Revo Financial, serving tens of millions of monthly active users.
Carousell is backed by leading investors including Telenor Group, Rakuten Ventures, Naver, STIC Investments, 500 Global and Peak XV Partners (formerly known as Sequoia Capital India).
As a team of passionate individuals working together to solve meaningful problems, there is so much more for you to discover in a career with Carousell.
Our culture is made up of hiring, developing, and promoting people who embody our values of HEART, which is an acronym for Humility, Empathy, Accountability, Relentlessly resourceful and Teamwork.
Together as an organisation, we make magic happen.
The Legal team is responsible for all legal and compliance aspects of Carousell's operations across all countries where Carousell has a local presence including Malaysia, Hong Kong, Taiwan, Indonesia, Philippines, Singapore and Vietnam.
This role will cover multiple markets.
We are seeking a motivated and commercially aware lawyer to join our legal team as a Junior Legal Counsel.
This role presents an excellent opportunity to contribute to a dynamic and growing organisation by providing practical legal advice that empowers the business to achieve its goals.
What We Offer:
Mentorship and Growth:A supportive team environment with opportunities for professional development and mentorship.
Impactful Work:The chance to contribute to a growing company and gain exposure to diverse legal matters.
Collaborative Culture:A team-oriented approach to problem-solving and achieving business goals.
Responsibilities:
Stay informed of all relevant laws, regulations, and industry best practices relevant to the Group, including tracking legislative changes, regulatory updates, and enforcement actions.
Provide expert guidance on data protection laws and regulations relevant to the Group, including but not limited to the Personal Data Protection Act of Singapore, and other relevant local regulations.
Conduct personal data impact assessments and data protection risk assessments to identify and mitigate potential privacy and security risks.
Develop, implement, and maintain the Group's Personal Data Management Plan, data privacy policies, procedures, and training programs.
Support the incident response process for data breaches and other security incidents, including conducting investigations and implementing corrective actions.
Collaborate with cross-functional teams, including legal, engineering, and product, to ensure personal data protection and security are embedded into all aspects of the business.
Monitor emerging personal data and security threats and trends, and communicate potential impacts to management and relevant stakeholders.
Identify opportunities to improve processes and policies related to data protection and cybersecurity at scale.
Provide support and guidance to internal teams on data protection and cybersecurity best practices.
Contribute to the development and delivery of cybersecurity awareness training programs.
Support customer inquiries and requests related to personal data protection.
Minimum Requirements:
Deep understanding of data protection laws in the APAC region.
A personal data background with a minimum of 3 years of experience in personal data support, a DPO role, privacy consulting, or a similar operational setting.
Privacy Certifications such as CIPP/E, CIPP/A, CIPM.
Experience in developing and maintaining a Personal Data Management Plan.
Customer support experience in a fast-paced and specialised environment with a keen eye for detail.
Ability to assess risk and impact from a privacy and data protection perspective.
Demonstrated ability to enable the growth of an operation or process-heavy team.
Ability to work in a very fast-paced environment.
Ability to identify opportunities to improve processes and policies at scale and communicate emerging risks to management and cross-functional partners.
Expertise in cybersecurity principles and practices.
Experience in risk assessment and mitigation within a personal data and cybersecurity context.
Leadership & Project Management Skills:Able to lead others in the performance of assigned duties.
Experience in managing projects related to regulatory compliance, process improvement, or organisational change.
Business-Oriented:Interest in business operations and a proactive approach to problem-solving.
Effective Communication:Excellent written and verbal communication skills, with the ability to build relationships and explain legal concepts in plain language.
Growth Mindset:Eagerness to learn and develop skills in a fast-paced environment.
Self-starter Mindset:Takes Ownership, has a Bias for Action and never-ending obsession to excel in a lean and fast-paced organisation.#J-18808-Ljbffr