Senior Data Privacy Analyst
The successful candidate will report to Data Privacy Officer.
S/he will collaborate with project/operation/client teams and first/second/third lines of defence to ensure all applicable regulatory requirements (e.g., from data protection laws) are fulfilled, the data governance and management framework is complied with, and adequate and effective data privacy controls are in place.
S/he will review and refine (if required) strategy, policies (including frameworks, guidelines and/or guiding principles) and procedures, data management, tools and organization for data governance and management.
In particular, s/he will assess and strengthen (if needed) data privacy controls when reviewing the procedures.
S/he will also promote data privacy awareness by designing and delivering the relevant training to data stakeholders.
The position resides within the Risk and Compliance team, with accountability and responsibility focused on data privacy.
The successful candidate will collaborate with other team members with domain expertise on data security, compliance, and operation.
Less experienced candidates will be considered as Data Privacy Specialist.
Your Role
Review the data governance and management framework and update it as requiredDesign, oversee and improve privacy management programme controlsReview processes/procedures, ensure the data governance and management framework is followed, and assess adequacy of data privacy controlsConduct sample checking on data privacy controls to ensure they are effectiveRecommend how to strengthen data privacy controlsConduct review of the data privacy-related documentsPerform data classifications based on data definitions in data dictionariesReview business justifications for data retention periods, and ensure data housekeeping is in placeConduct data privacy risk assessment and propose mitigationsPerform privacy impact assessment on change requests and implement the required changes (e.g., whether the privacy policy and/or the personal information collection statement require changes)Support reporting and management of data privacy incidents, by preparing data breach incident report and drafting data breach notification formIncorporate lessons learned from data breach incident to enhance data privacy controlsCollaborate with auditors to complete privacy impact assessment and privacy compliance audit, and ensure the findings and recommendations are implementedAssist in Privacy Commissioner’s investigation and/or inspection (if applicable), and ensure the findings/recommendations/enforcement notice are implemented.Review and follow up complaints/reporting of infringement of personal data privacy rights (if any)Keep up to date on applicable regulatory requirements, assess and implement all changes needed for fulfilling the requirementsSupport development teams to design and implement data governance tools (e.g., master data management tool for data lineage and data quality)Propose agenda, prepare meeting materials, conduct meetings to engage data stakeholders, and follow up action itemsDesign training plan, develop training materials, and deliver training to data stakeholders, and improve data privacy training based on the feedback from data stakeholders To Succeed in this Role
University degree holder or above, with a minimum of 5-8 years’ hands-on first line experience in data privacy-related domains/ fields Proven track record in designing, operating, maintaining and optimizing the data governance and management framework and data privacy controlsWorking knowledge and exposure in applicable regulatory requirements (e.g., PDPO and GDPR) is a must Project management skills are a plusStrong analytical and problem-solving skills, team-player attitude, well-organised, attention to details, and able to work independently under pressureAbility to manage different data stakeholdersExcellent writing (in English), communication and presentation skills Proficiency in MS applications (e.g., Word, PowerPoint and Excel)