Asso.director,cfcc Dataconduct,privacy&sovereignty

**Job**: Governance, Risk Management & Compliance

**Primary Location**: Asia-Malaysia-Kuala Lumpur

**Schedule**: Full-time

**Employee Status**: Permanent

**Posting Date**: 08/Mar/2024, 12:31:12 AM

**Unposting Date**: Ongoing

**The Role Responsibilities**

**Job Role**

The Associate Director will play an essential role in the Group's Data Protection Office (GDPO) / Data Conduct Compliance team.

**Strategy**
- Support both the GDPO and deputy GDPO with the implementation of the Group's privacy strategy.
- Provide expert guidance on privacy, banking secrecy and sovereignty risk assessment and management.

**Business**
- Monitor relevant legislative and regulatory changes and advise on associated impact to the Group’s business and operational functions.
- Actively engage in and contribute to the relevant workstreams of the Group’s Data Shield.

**Processes**
- Support implementation of a robust plan for managing privacy, secrecy and sovereignty risks.
- Review, assess and advise on Privacy Impact Assessments (PIAs), Records of Processing Activities and data incidents.
- Support global initiatives as requested by the GDPO.
- Help draft mandatory documentation, such as Standards and guidelines, and help maintain a library of mandatory documentation.
- Draft and maintain additional, non-mandatory documentation such as FAQs, guidelines and awareness-raising materials including content for the team’s intranet (Pulse) site.

**People and Talent**
- Champion good privacy practice and standards across the Group.
- Develop and provide training to colleagues to support the wide adoption of data protection principles and good practices.
- Collaborate with first line colleagues to foster an environment that drives appropriate risk control behaviour, including early anticipation, identification and mitigation of privacy and other data risks, escalating issues in line with the Group’s Operational Risk Framework.

**Risk Management**
- Oversee, monitor and challenge implementation of controls to mitigate risks.
- Ensure privacy, secrecy and sovereignty controls are tested in accordance with any controls testing plans.
- Support risk assessments to identify gaps and deficiencies, and help determine remedial action to correct or mitigate risk.
- Assist with the proactive and timely identification, assessment, and dissemination of evolving legal and regulatory changes / practices and associated risks on privacy, secrecy and sovereignty issues across the Group.
- Assist in agreeing the scope of audits and second-line / Compliance Monitoring Reviews.
- Support any firm-wide internal audits.
- Support the integration of privacy, secrecy and sovereignty requirements into the third-party risk management framework.

**Governance**
- Establish and maintain strong relationships with key stakeholders at all levels, while independently performing own duties.
- Work with first and second line colleagues to support the identification and development of innovative solutions to protect data and enhance the Group’s approach to managing data-related risks.

**Regulatory and Business Conduct**
- Display exemplary conduct and live by the Group’s Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Group. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Support the Group Data Protection Office to achieve the outcomes set out in the Bank’s Conduct Principles: Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment.
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

**Key Stakeholders**
- Group’s Data and Privacy Transformation Programme teams
- Colleagues in Compliance / CFCC, including country DPOs and CFCC Assurance
- The first line Data Management and Privacy Operations and Processes and Controls teams
- The Chief Data Officer’s team
- The Chief Information Security Risk Officer’s team and other connected Policy owner teams
- Group Internal Audit
- Legal

**Other Responsibilities**
- Embed Here for good and Group's brand and demonstrate the Valued Behaviours in the Strategy, Governance and Core Compliance team.
- Perform other responsibilities as assigned.
- Bachelor's Degree in relevant fields
- A proven track record of experience in a Privacy based role preferably with a background in Compliance, Auditing, Legal and/or Risk Management
- IAPP certification or other equivalent industry recognised qualification preferred but not essential
- Strong interpersonal, relationship building, and influencing abilities
- Highly entrepreneurial with a high level of energy, dedication and an unrelenting drive to deliver value, with a track record in creative and successful problem-solving
- Ability to colla