Job Summary

• Serve as the main point of contact within the Bank for staff members, regulators, and relevant authorities on issues related to data privacy and protection.
• Ensure that Bank’s policies and procedures are in compliance with codes of practice including QCB and PDPPL.
• Evaluate the existing data privacy and protection governance framework to identify areas of no or partial compliance, and rectify any issues
• Devise training plans and provide data privacy advice to staff members
• Promote a culture of data privacy and compliance across all units of the organization

Key Accountabilities

• Provide expert advice, advising business units on matters pertaining to data privacy and its protection,
• Educate and raise awareness to employees on matters pertaining to data privacy and its protection compliance requirements including data privacy and management, data classification, data handling, data cataloguing, data mapping, data stewardship, data backup up, data retention, disaster recovery, etc.
• Draft new and amend existing Bank’s data privacy policies, notice, guidelines, application forms and procedures, in consultation with key stakeholders to ensure its compliance with date privacy and protection regulations.
• Coordinate with the relevant teams for the disaster recovery and business continuity team to perform the DR and BCP and the communication plan including the QCB.
• Deliver training across all business units to staff members who are involved in data handling or processing.
• Establish a consent and rights management in coordination with the Bank’s stakeholders.
• Assess and monitor the changes in the legal and regulatory landscape of foreign jurisdiction where it has operations and report significant findings to the Bank’s management and QCB.
• Assessing the Bank’s compliance to data privacy and protection requirements as per relevant laws and regulations.
• Assess the contractual efficiency and data privacy and protection controls with the third- parties involved in the personal data privacy handling.
• Maintain records of all data processing activities of the company and oversight the DPIAs.
• Serve as point of contact with data privacy regulators. Liaising between regulators and the Bank in matters pertaining to data privacy and its protection.
• Respond to customers inquires, complaints and breaches in coordination with the internal stakeholders and do the necessary reporting.
• Reporting on the Bank’s data privacy activities and compliance status to the CEO and the relevant Bank’s committees.

Qualifications & Experience

• 7+ years of experience in data privacy and protection and cyber security compliance or related field.
• Expertise in data privacy and protection laws and practices, including deep understanding of GDPR, QCB and PDPPL
• Good knowledge in legal, audit, InfoSec, or risk management role.
• Strong project management skills.
• Strong communication and interpersonal skills
• Ability to work effectively under pressure and to manage sensitive and confidential information
• Relevant certification such as Certified Information Privacy Professional (CIPP) or Certified Information Systems Security Professional (CISSP).

Education

• Bachelor degree or equivalent