Associate Lead- Privacy Strategy and Compliance position plays a pivotal role of leading the implementation of the organization's Privacy Program and upholding compliance with applicable regulations, privacy policies, and procedures. The person must possess strong business acumen, enabling effectively communicate intricate privacy issues and scenarios to business stakeholders in a clear and understandable manner, while also effectively comprehending business needs and translating them into privacy-compliant solutions. The individual should demonstrate expertise in interpreting privacy policies and guidelines into actionable technical requirements, ensuring their implementation with minimal disruption to business operations.
The Job:
- Lead the Privacy Program of Dialog
- Develop and seek necessary approval for Privacy policies, standards, guidelines procedures in line with Dialog and Axiata Group requirement.
- Identify Privacy threats, and associated risk impacting organization.
- Assess the associate business impact and advice management on appropriate controls for risk response.
- Prepare periodic updates to Board of Directors, Board Risk and Compliance Committee and Management on risk status and actions in place in accordance to risk response plan.
- Perform audits to ensure that closure of gaps and in line with privacy compliance expectations.
- Engage with Group, external accessors, and internal stakeholders to conduct the privacy compliance review and obtain certification/audit clearance.
- Manage and track privacy compliance exceptions, assess its risk and update risk register where required.
- Assist business, technology teams to understand Privacy threats that can impact solution deployment.
- Propose test required to be performed prior to system go-live (Privacy by Design Principles, DAST, pen-test, VA scans, Encryption techniques used, etc.)
- Advice team on go and no-go criteria from a Privacy risk perspective.
- Prepare periodic updates to management on Privacy issues impacting launch and actions in place in address issues.
- Advice incident manager and management on business impact of privacy incident
- Engage with legal and regulatory teams to ensure legal liabilities of the organization are managed and corporate communication to send out timely updates to external parties on incident details and response plan.
- Monitor and track the implementation of improvement plans post incident and prepare periodic updates to management on the same.
- Develop annual training and awareness calendar, awareness content addressing risk, targeted training content for high-risk users.