Data Protection Officer

Gamuda Berhad is looking to recruit an experienced Data Protection Officer (DPO) to meet its obligations under the European Union (EU) General Data Protection Regulation (GDPR), PDPA. Reporting to the Head of IT Governance & Compliance, the statutory DPO will monitor compliance and data practices internally across Gamuda Group to ensure the business and its functions comply with the applicable requirements under the GDPR, PDPA and other related law. The DPO will be responsible for staff training, data protection impact assessments, and internal audits. The DPO will also serve as the primary contact for supervisory authorities and individuals whose data is processed by the organization. Other responsibility also includes advise, advocate and ensure a sustainable, comprehensive, detailed and customizable roadmap to facilitate security and resiliency and to support the business demands.

In this role, you will work closely with the Legal, Group IT, Compliance, and Governance teams at Gamuda Group to ensure compliance with data privacy laws like GDPR, PDPA, and others. Key responsibilities include:

• Implementing privacy governance frameworks and managing data use in compliance with relevant laws.
• Developing and maintaining data protection policies, processes, and tools.
• Reviewing projects and conducting privacy impact assessments to ensure legal compliance.
• Serving as the main point of contact for employees, regulators, and authorities on data protection matters.
• Setting global data privacy standards and ensuring compliance with local regulations.
• Delivering privacy training to various business units and promoting a culture of compliance.
• Conducting privacy audits and collaborating with Information Security to maintain data asset records and manage security incidents.
• Drafting, updating, and reviewing internal data policies and guidelines.
• Ensuring compliance with data privacy laws in IT systems and collaborating with privacy attorneys for local law advice.
• Assisting with ISO 27001 compliance checks and providing advisory on IT and governance issues.
• Performing additional duties as assigned, with some domestic and international travel required.

• • At least 5-10 experience years’ experience Data Governance, Data Protection Compliance or related field.
  • Experience in Governance, IT Governance & compliance, IT Audit or Information Security, legal, risk function or privacy compliance.
  • Minimum Bachelor Degree in Legal, Computer Science, Information Technology, Computer Engineering or its equivalent in IT related field.
  • Candidates holding an ISACA CISA, CGEIT, ISO Lead Auditor, CRISC, CISSP, CIPT, CIPP certification are preferred
  • Broad understanding of audit, control, security standards (e.g. COSO, COBIT, ISO, ITIL, NIST)

• • Strong knowledge of EU data privacy and data protection regulation, and a good understanding of other major privacy frameworks and evolving legislation worldwide
  • Exceptional communication, problem solving and cross group collaboration skills
  • Good command of written and spoken English
  • Ability to present ideas in business friendly and user-friendly language
  • Ability to prioritize, track and manage and large number of divergent tasks and action items
  • Ability to influence in a team oriented, collaborative environment

5-10 years experience