Data Privacy Specialist

Formulate data privacy strategies and enable Boost Holdings Sdn Bhd (BHSB) to foster a culture of trust and confidence and reinforce Axiata’s position as a trusted digital financial services provider.

Responsible for the overall development of the data privacy governance in BHSB as well as supporting the Operating Companies’ (OpCos) Data Protection Officers (DPOs) to execute, monitor and maintain a BHSB-wide Privacy Policy, monitor OpCos’ compliance with BHSB’s Privacy Policy as well as national laws/regulatory obligations, increase BHSB’s Privacy Maturity level at the regional level and drive ongoing improvements in personal data handling practices.

SCOPE & AUTHORITY

• Provide privacy and data protection leadership, and strategic advice to BHSB stakeholders and Board Risk and Compliance Committee (BRCC)
• Align BHSB’s Data Privacy Framework with a robust set of requirements that are specific to the national laws, regulations, international best practices and OpCos’ business needs
• Align BHSB Privacy Maturity Standards to enable privacy and data protection environment maturity across the OpCos
• Collaborate on privacy and security policies and procedures
• Prepare quarterly status report of the privacy program to the BRCC or other committee(s)
• Create transparent data privacy policies, procedures and guidelines, including Privacy by Design Guidelines, and enforce these across BHSB to meet the local regulatory requirements, business needs and international best practices
• Align to various project streams within the Axiata Privacy Program and together with the OpCo DPOs define the common legal and/or business interpretations, tools and methods
• Oversee data privacy and protection compliance activities and manage data protection risk for BHSB, including managing reputational risks that may arise from non-compliance
• Assist OpCos on privacy engineering with efficient tools and methodologies to ensure effective and on-going compliance
• Align to BHSB Information Security plans to ensure alignment between security and privacy practices
• Provide leadership to OpCos in planning, designing and evaluating privacy-related projects
• Work with BHSB Internal Audit to establish BHSB-wide internal privacy audit program
• Act as liaison between Group Risk and Compliance Division and OpCos DPO to facilitate regular reporting and monitor compliance
• Act as focal point for all data privacy matters with relevant parties to BHSB, including internal functional teams and OpCos - to identify the relevant privacy and data protection risks, manage the risks and ensure achievement of compliance obligations
• Responsible for legal queries, data protection contract clause reviews and provide support (including project work and contract management) within CC on matters pertaining to privacy and data protection legislation and initiative
• Establish Key Performing Indicators (KPIs) to track the progress and deliverables to Privacy Program, manage effective reporting metrics and dashboards to communicate the state of compliance
• Conduct periodic information privacy impact assessments and ongoing compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions
• Coordinate data privacy and protection inputs for business planning, budgeting, risk management, group policy and other business processes
• Develop privacy training materials and other communications to increase employee understanding of Axiata’s privacy policy, data handling practices and procedures
• Immediately report non-conformities and breaches of substance to BHSB senior management and BRCC
• Coordinate with the Group Compliance Officer on procedures for documenting and reporting self-disclosures of any evidence on privacy violations
• Oversee and ensure delivery of privacy training to all relevant third parties. Conduct reinforcement on-going privacy training and awareness activities where required
• Undertake other tasks/responsibilities as instructed by BHSB senior management