Data Privacy Advisor

Website CIMB Niaga


Job Description :

  1. Steward of Data Privacy risks and controls, and Data Privacy tool sets in the Bank.
  2. Engage and advise business/support units to ensure that they have strong awareness of Data Privacy requirements and perform adequate Data Privacy risk assessments, as part of Privacy by Design principles.
  3. Monitoring and reporting of ongoing Personal Data Protection effectiveness.
  4. Provide Data Protection subject-matter expertise and guidance to cross-functional teams, including Cyber Security, ORM, SPAPM, IT, product teams (under Consumer and Business Banking).
  5. Respond to privacy and security-related customer and regulatory inquiries and investigations in coordination with Legal Counselor.
  6. Develop, enhance and run the Data Privacy Program under the DPO, including privacy operations and documentation; training and awareness; policy enforcement, monitoring and reporting; and incident response. Ensure the program’s ongoing, consistent and efficient operation.
  7. Develop the scope and perform periodic data privacy risk assessments (e.g. Privacy Impact Assessment/PIA, Data Protection Impact Assessment/DPIA, and Third Party Risk Assessment/TPRA), mitigation and remediation, including data control design and monitoring, as well as the mitigation of privacy and security risks.
  8. Monitor and oversee the implementation of Data Privacy controls across the Bank.
  9. Steward of Data Privacy tool sets, including Policy Review for Privacy Compliance Assessment (PROCOM), Records of Processing Activities (ROPA), PIA/DPIA and Third Party Risk Management (TPRM).
  10. Develop and provide training and awareness sessions for business/support units and third parties.
  11. Facilitate Privacy Governance Forum (or a similar forum), and lead Working Groups to oversee Data Privacy improvements.
  12. Liaise with authority bodies for reporting purposes in Data Privacy.
  13. Remain up-to-date on relevant consumer protection, privacy and data security laws and regulations, as well as on technological developments, threat vectors, and evolving industry standards to ensure an ongoing ability to provide sound compliance advice.


  • Bachelor Degree
  • CISM / CISA / CISSP / ISO27001 Lead Auditor / CRISC
  • Minimum 3 years experience in technology risk, including IT Audit or Information Security.
  • Minimum 1 year of relevant experience in Data Protection areas.

    Share Job To Your Friend !