Develop, implement, and maintain the organisation’s data protection framework, policies, and procedures.
Ensure compliance with PDPA 2010 and other applicable data protection laws, regulations, and guidelines.
Act as the primary point of contact for data subjects, regulators (such as the Department of Personal Data Protection Malaysia), and other stakeholders on data protection matters.
Provide advice and guidance to management and staff on data protection obligations, risk mitigation, and privacy best practices.
Conduct regular privacy impact assessments and risk assessments on business processes, new projects, and third-party engagements.
Manage data incidents and breaches, including investigation, reporting, and remediation actions.
Oversee data protection awareness and training initiatives for employees and relevant stakeholders
Maintain records of data processing activities in accordance with regulatory requirements.
Monitor regulatory developments and update internal policies and practices as necessary.
Collaborate with legal, compliance, IT security, and operational teams on data protection issues.
Job Requirements
Bachelor’s Degree in Law, IT, Business Administration, or a related field.
Relevant professional certifications (local or international) will be an added advantage.
Minimum [3-5] years of relevant experience in data protection, privacy, compliance, or risk management.
In-depth knowledge of PDPA 2010 and understanding of international data privacy frameworks (e.g. GDPR etc.) preferred.
Strong analytical, problem-solving, and organisational skills.
Excellent written and verbal communication skills in English, Bahasa Malaysia and Mandarin.
Ability to work independently and manage multiple priorities.
High level of integrity, discretion, and professional ethics.
