Client Background:

Largest registrar and transfer agency and a market leader in the financial sector providing investor servicing. Our operations are spread across 180+ branches in India and 13 countries globally, namely Canada, USA, Oman, India, Malaysia, United Kingdom, UAE, Maldives, Singapore, Australia, Hong Kong, Philippines, and Bahrain. With over 100 million key investor accounts, we reach out to 3500+ issuers including banks, PSUs, and mutual funds. All this is possible with a diverse and robust workforce of 5,500+ experienced professionals who hail from various disciplines.

Industry: Fintech

Location: Kuala Lumpur

Headcount: 1

Tenure: Permanent

Remuneration: Basic + Medical benefits

Minimum Skills or expertise:

· Knowledge of the Malaysia Act 709, requirement under the law data protection practices in the country (including any other applicable data protection laws, where relevant).

· Understanding of the data controller or data processor’s business operations and the personal data processing operations that are carried out.

· Understanding of information technology and data security.

· Personal qualities such as integrity, understanding of corporate governance and high professional ethics.

· Ability to promote data protection culture within the organization.

· Excellent Communication skills to communicate to the regulators on behalf of company

· Should execute other official duties and responsibilities or perform additional tasks as part of his job scope, such as a Legal Counsel, Risk Champion etc.

Description of Roles and Responsibilities

· Experience in Data Privacy matters both as a Data controller and Data Processor

· The DPO shall adopt a risk-based approach in assessing risks from the processing operations, considering the nature, scope, context and purposes of the processing. He/ She shall also coordinate and cooperate with relevant internal and external stakeholders as necessary.

· Lead and collaborate in the formulation of policies related to collection and processing of personally identifiable information, based on the Malaysia Personal Data Protection Act.

· Implement and monitor the data privacy policies and associated processes across applicable functions and business units.

· Advising business functions and delivery units regarding different laws, regulations and related instruments, as well as industry standards and certifications for ensuring adequate compliance with personal data protection requirements.

· Creating awareness and conducting training regarding the requirements under Act 709 applicable to its personal data processing activities

· Support the business functions and delivery units in complying with Act 709 and other related data protection laws including staying informed of data processing risks affecting the data controller or data processor.

i. collect information to identify the processing operations, activities, measures, policies or systems of the data controller or data processor and maintain a record thereof.

ii. advise and oversee the implementation of security measures to protect personal data from unauthorized access, disclosure, alteration or destruction, in line with both legal requirements and internal security policies.

iii. advise the business and delivery functions on the potential risks and impacts that may arise from the business practices.

iv. consider the adoption of Privacy accreditations or certifications to demonstrate the

personal data processing standards implemented by the data controller or data processor.

v. advise the data controller or data processor on the necessity of executing binding

agreements with third parties (e.g. data transfer agreements, sub-processing agreement

etc.).

· Assess the development and enhancements of internal processes & systems through Privacy Impact assessments and recommend privacy related controls.

· Lead the data breach handling process for effective addressal of related privacy gaps (if any) reported, in the current process & systems.

· Manage the process related to personal data access requests from individuals.

· Assess subcontracting/outsourcing of any processing of personally identifiable information and recommend privacy related controls (including inclusion of appropriate clauses in the vendor contract.

· Liaison with external Privacy and Data Protection Counsel for expert views and audits.

· Privacy by Design for products and platforms

· Conduct privacy compliance checks for clients, internal solutions and processes Review and respond to client privacy requirements

· Ensure proper data breach and security incident management by assisting business and delivery units to prepare, process and submit reports and other documents required by the

· Commissioner in respect of personal data breaches, within the prescribed periods; and such additional responsibilities that the Commissioner or the company may include from time to time (e.g. because of technological developments).

· Act as a facilitator and point of contact between data subjects and company regarding the processing of the data subject's personal data and their rights.

· Act as the liaison officer and the main point of reference between company and the Commissioner

· Facilitate access to documents and information during inspections or investigations into the personal data processing activities of the data controller or data processor conducted by the Commissioner.

· Prepare and submit information required by the Commissioner on any personal data breaches, in accordance with prescribed timelines.

· Represent company in industry engagement sessions or program organized by the Commissioner.

OTHER QUALIFICATIONS & CERTIFICATIONS -

· Quick Learner.

· Excellent Business Communication.

· Privacy & Security Certifications such CIPP (US/EU/IT/ Asia) or any other equivalent certifications are desired but not mandate

· Educational qualifications: minimum Degree or above in Law/ related studies

· Minimum 5 years’ experience