Senior Data Privacy Analyst

The successful candidate will report to Data Privacy Officer. S/he will collaborate with project/operation/client teams and first/second/third lines of defence to ensure all applicable regulatory requirements (e.g., from data protection laws) are fulfilled, the data governance and management framework is complied with, and adequate and effective data privacy controls are in place. S/he will review and refine (if required) strategy, policies (including frameworks, guidelines and/or guiding principles) and procedures, data management, tools and organization for data governance and management. In particular, s/he will assess and strengthen (if needed) data privacy controls when reviewing the procedures. S/he will also promote data privacy awareness by designing and delivering the relevant training to data stakeholders. 

The position resides within the Risk and Compliance team, with accountability and responsibility focused on data privacy. The successful candidate will collaborate with other team members with domain expertise on data security, compliance, and operation. Less experienced candidates will be considered as Data Privacy Specialist.

Your Role

• Review the data governance and management framework and update it as required
• Design, oversee and improve privacy management programme controls
• Review processes/procedures, ensure the data governance and management framework is followed, and assess adequacy of data privacy controls
• Conduct sample checking on data privacy controls to ensure they are effective
• Recommend how to strengthen data privacy controls
• Conduct review of the data privacy-related documents
• Perform data classifications based on data definitions in data dictionaries
• Review business justifications for data retention periods, and ensure data housekeeping is in place
• Conduct data privacy risk assessment and propose mitigations
• Perform privacy impact assessment on change requests and implement the required changes (e.g., whether the privacy policy and/or the personal information collection statement require changes)
• Support reporting and management of data privacy incidents, by preparing data breach incident report and drafting data breach notification form
• Incorporate lessons learned from data breach incident to enhance data privacy controls
• Collaborate with auditors to complete privacy impact assessment and privacy compliance audit, and ensure the findings and recommendations are implemented
• Assist in Privacy Commissioner’s investigation and/or inspection (if applicable), and ensure the findings/recommendations/enforcement notice are implemented.
• Review and follow up complaints/reporting of infringement of personal data privacy rights (if any)
• Keep up to date on applicable regulatory requirements, assess and implement all changes needed for fulfilling the requirements
• Support development teams to design and implement data governance tools (e.g., master data management tool for data lineage and data quality)
• Propose agenda, prepare meeting materials, conduct meetings to engage data stakeholders, and follow up action items
• Design training plan, develop training materials, and deliver training to data stakeholders, and improve data privacy training based on the feedback from data stakeholders  

To Succeed in this Role

• University degree holder or above, with a minimum of 5-8 years’ hands-on first line experience in data privacy-related domains/ fields  
• Proven track record in designing, operating, maintaining and optimizing the data governance and management framework and data privacy controls
• Working knowledge and exposure in applicable regulatory requirements (e.g., PDPO and GDPR) is a must  
• Project management skills are a plus
• Strong analytical and problem-solving skills, team-player attitude, well-organised, attention to details, and able to work independently under pressure
• Ability to manage different data stakeholders
• Excellent writing (in English), communication and presentation skills  
• Proficiency in MS applications (e.g., Word, PowerPoint and Excel)