Data Privacy Manager / Analyst

Job Duties

• Review the data governance and management framework and update it as required
• Design, oversee, and improve privacy management programme controls
• Review processes and procedures, ensure the data governance and management framework is followed, and assess the adequacy of data privacy controls
• Conduct sample checking on data privacy controls to ensure they are effective
• Recommend how to strengthen data privacy controls
• Conduct a review of the data privacy-related documents
• Perform data classifications based on data definitions in data dictionaries
• Review business justifications for data retention periods and ensure data housekeeping is in place
• Conduct data privacy risk assessment and propose mitigations
• Perform privacy impact assessment on change requests and implement the required changes (e.g., whether the privacy policy and/or the personal information collection statement require changes) 
• Support reporting and management of data privacy incidents by preparing data breach incident reports and drafting data breach notification form
• Incorporate lessons learned from data breach incidents to enhance data privacy controls
• Collaborate with auditors to complete privacy impact assessment and privacy compliance audit and ensure the findings and recommendations are implemented 
• Assist in the Privacy Commissioner’s investigation and/or inspection (if applicable), and ensure the findings, recommendations, and enforcement notice are implemented
• Review and follow up complaints/ complaints or reports of infringement of personal data privacy rights (if any)
• Keep up to date on applicable regulatory requirements, assess and implement all changes needed for fulfilling the requirements
• Support development teams to design and implement data governance tools (e.g., master data management tool for data lineage and data quality)
• Propose agenda, prepare meeting materials, conduct meetings to engage data stakeholders, and follow up action items 
• Design training plan, develop training materials, and deliver training to data stakeholders; and improve data privacy training based on the feedback from data stakeholders

Education / Qualification

• University degree holder or above

Skills / Knowledge

• Proven track record in designing, operating, maintaining, and optimizing the data governance and management framework and data privacy controls
• Working knowledge and exposure to applicable regulatory requirements (e.g., PDPO and GDPR) is a must
• Project management skills are a plus
• Strong analytical and problem-solving skills, team-player attitude, well-organized, attention to detail, and ability to work independently under pressure
• Ability to manage different data stakeholders
• Excellent writing (in English), communication and presentation skills  
• Proficiency in MS applications (e.g., Word, PowerPoint, and Excel)

Working Experience 

• At least 5-8 years’ hands-on first-line experience in data privacy-related domains/fields