The Data Protection Manager will oversee and ensure the Banks full compliance with the Personal Data Protection Act (PDPA), Bank Negara Malaysia regulatory requirements, and internal data governance policies. The role will act as the Banks designated Data Protection Officer (DPO) and serve as the primary point of contact for regulators, customers, employees, and third parties on all data protection and privacy matters.

Key Responsibilities

• Ensure full compliance with PDPA and applicable regulatory requirements issued by Bank Negara Malaysia including Risk Management in Technology (RMiT), Outsourcing Policy, and Management of Customer Information guidelines.
• Establish, implement, and continuously enhance a bank-wide data protection and privacy governance framework aligned with regulatory and industry standards.
• Develop and maintain policies covering data ownership, classification, data lifecycle management, data quality, and privacy governance.
• Partner with IT Risk, IT, Compliance, and Business Units to embed data protection controls into systems, processes, and projects.
• Monitor and report on compliance with relevant frameworks including MAS TRM, Basel guidelines, GDPR, PCI DSS, and ISO 27001 standards.
• Support internal and external audits, coordinate compliance reviews, manage regulatory submissions, and ensure timely closure of findings.
• Drive organization-wide data protection awareness initiatives and conduct training programs to strengthen data governance culture.
• Oversee data privacy incident management, ensure timely resolution, and prepare governance reports and dashboards for management committees and board sub-committees.

Requirements

• Bachelors degree in Risk Management, Information Security, Law, IT, or related discipline. Masters degree or MBA is an advantage.
• 5–8 years of experience in data protection, compliance, IT governance, IT risk, or data management roles, preferably within banking or financial services.
• Strong understanding of PDPA, Bank Negara Malaysia regulations (RMiT, Outsourcing Policy), MAS TRM, Basel standards, GDPR, and ISO frameworks.
• CDMP, DCAM, CIPP, CIPM, CISSP, CISM, ISO 27001 Lead Implementer or Auditor certifications.
• Proven experience in developing governance frameworks, regulatory inventory tracking, and risk oversight reporting.
• Strong ability to assess regulatory impact, identify compliance gaps, and implement corrective actions.
• Excellent communication and influencing skills with experience engaging senior management, board committees, and regulators.
• High integrity, strong organizational skills, ability to handle confidential information, and capable of working independently with minimal supervision.