The Lead Data Protection will be responsible for the data privacy & protection functions, data governance, security & audits, privacy controls implementation, privacy risk management & compliance across the group.
- They will maintain companywide programs in a manner that meets our compliance and regulatory requirements, aligns with the business goals and supports the risk posture of the organisation.
- The Lead Data Protection will be responsible for developing privacy strategies to protect & defend PropertyGuru s and customers data from internal and external threats, oversee the implementation of privacy controls to maintain a robust privacy posture, and ensure the right set of processes, controls and tools to protect PropertyGuru Group & the privacy of our customers.
- The right candidate should have in-depth knowledge of data security controls and they should be familiar with data privacy laws and the nature of data processing activities.
- Be responsible for privacy awareness, training and fostering the appropriate mindset and culture.
Responsibilities
- As a privacy leader, you will foster a privacy-first culture and communicate continuously on security risks, current/future threats and regulatory changes to stakeholders.
- Be the subject matter expert (SME) on privacy-by-design, data governance, privacy risk management, data security controls & privacy audits for business and technology teams.
- Be aware of current and upcoming regional government/ legal/ regulatory requirements for data privacy; and advise business & technology leaders with insights, discussions & guidance.
- Develop processes to safeguards data assets by identifying and solving potential and actual data security gaps, and implement improvements.
- Determine privacy gaps by conducting periodic data security audits along with the GRC team.
- Evaluate emerging data security threats & their solutions to design, implement, monitor and improve our privacy posture.
- Design and implement data protection controls across platforms & cloud environments.
- Work with stakeholders for preparing data security performance reports & communicating control status.
Data Privacy & Protection
- Have an in-depth understanding of data privacy regulations in SE Asia, USA & India.
- Work closely with stakeholders in Legal, ERM, ESG, HR, technology, product & marketing.
- Advise technology functions on data protection best practices.
- Drive programs for employee privacy training, awareness & communications at all levels.
- Develop & manage privacy dashboard; track metrics & performance and engage with stakeholders for continuous improvement.
Data Governance
- Enhance, implement and maintain a data governance program for data privacy aligned with security standards, frameworks adoption, documentation & assessment, based on ISO/ IEC 27701 PIMS, NIST 800-53 & NIST Privacy Frameworks.
- Implement privacy governance standards and procedures in compliance with regulatory and organisational requirements.
- Prepare, maintain, review, revise & update essential documentation related to organisational data security policies, procedures, processes, reporting dashboard & tool policies.
Privacy Audits & Assessments
- Conduct privacy reviews, audits & assessments, and implementation of corrective actions & recommendations to ensure alignment with the group security & privacy policies
- Assess the data privacy posture of the organisation, and conduct Data Privacy Impact Assessments (PIA).
Privacy Risk Management
- Implement processes for Privacy Impact Assessments (PIA).
- Partner with internal BUs to conduct privacy assessments & privacy risk management.
- Recommend and deploy appropriate mitigation strategies for such identified risks.
- Privacy risk management for technology, vendors, third parties & software supply chain.
Privacy Controls Management
- Ensure implementation of security & privacy controls as per the controls framework.
- Support the maintenance of policies & controls to ensure they are always current.
- Supporting ongoing review and management of privacy controls.
- Ensure existing tools, processes and partnerships are leveraged appropriately to protect PropertyGuru from data & information loss and data privacy breaches across the group.
- Review data protection reports and metrics to recommend enhancements and additional controls based on business security models.
Privacy Incident Management
- Support the incident management program for privacy related aspects.
- Be the first point of contact for privacy related incidents & processes
- Advise the technology leadership on privacy incidents & responses to them.
- Lead privacy investigations and conduct a analysis on the incidents to contain the damage.
Requirements:
Who you are
- Minimum 6 years of technology experience in Data Protection, Data Privacy, Security Engineering or Security/ Privacy Controls.
- Hands on experience in data security, data privacy, incident management & security investigations.
- Strong interpersonal and communication skills (written and oral) with ability to communicate at all organizational levels.
- Proven self-starter; able to take initiative and deliver committed results with minimal supervision.
- Have a collaborative & consensus building approach, with structured, analytic and independent working methods.
- Be able to manage teams when required.
Qualifications
- Strong leadership and team management skills, with an in-depth knowledge of relevant privacy regulations, principles and technologies.
- Innovative thinking, strong leadership and a collaborative approach, with an ability to lead and motivate cross-functional interdisciplinary teams.
- Experience working in a distributed work culture with in-depth knowledge of privacy management in cloud computing & virtualized environments.
- Experience in leading compliance programs across the organization such as ISO 27001, ISO 27701, NIST CSF, NIST RMF, NIST PMF, SOX, SOC audits & PCI-DSS. The Lead should also have experience in implementing, creating policies, fine-tuning, & operating data protection tools.
- Experience developing partnerships with business leaders to create and execute multi-year roadmaps.
- History of evangelising a privacy mindset and culture across the organisation with innovative and out of the box strategies for the program to be effective.
- Bachelor s or Master s degree in engineering, data privacy, cybersecurity, information technology, or a related field.
Knowledge
- Deep understanding of privacy threats & remediation, modern privacy technologies, methodologies, applications, and processes.
- Data governance, privacy risk management, compliance and privacy audits.
- Knowledge of privacy regulations in USA, SE Asia & India for compliance & reporting.
- Experience in -
- Performing data security audits, risk assessments and analysis.
- Identifying gaps & recommending enhancements to data systems security.
- Overseeing & implementing data governance framework.
- Formulating privacy policies and procedures, support in building/ procuring, implementing & operating privacy controls.
- Hands-on experience on data protection technologies and policy management.
- Supporting information security investigations.
Essential Personal Skills
- Excellent leadership skills
- Must demonstrate high level of personal integrity, ethical responsibility, maturity, and discretion.
- Understand PropertyGuru & stakeholder requirements from the business & functional perspective.
- Excellent problem-solving skills, written and verbal communication skills.
