Lead, Corporate Governance

University of Southampton Malaysia (UoSM) is seeking to recruit a dynamic Lead, Corporate Governance to be based in Iskandar Malaysia, Johor Bahru.

This position is responsible for the University's corporate governance by owning the policy framework, coordinating statutory and regulatory compliance, serving as the Privacy Officer or DPO under the PDPA, driving PDPA compliance and incident response, tracking enterprise risk and audit actions, and providing light legal and contract governance for standard agreements so that decisions are lawful, well documented, and aligned with the Delegation of Authority.

In carrying out these responsibilities, the post holder ensures that decision-making is lawful, ethical, and well documented; that policies and contracts follow approved templates and Delegation of Authority; and that personal data processing complies with statutory requirements including DPO appointment, breach notification, data‑subject rights, and cross‑border transfer controls.

• Governance Framework & Policy Management – custodian of policy framework governing legal documents and processes, maintain official repository with version control and archiving, ensure a single source of truth, manage migration of current Business Rules to policy or procedure and accompanying guidelines, serve as reference point for stakeholders, oversee on‑go management of policy documents and guideline on writing, amendments, review frequency, and determine level or category of policy documents.
• PDPA & Privacy (Deputy DPO / DPO duties) – advise on PDPA obligations, monitor compliance, act as contact point with JPDP, maintain record of processing, keep privacy notices current, coordinate data‑subject rights responses, run vendor privacy due diligence, facilitate DPIAs, maintain breach register, coordinate notification, deliver targeted PDPA training to high‑risk teams.
• Risk and Internal Control Coordination – support enterprise risk cycles, compile risk registers, track audit actions to closure, prepare risk snapshots for SLT, manage internal audits (non‑conformances, thematic reviews, continuous quality improvement).
• Legal & Contract Governance – govern low‑to‑medium risk instruments using approved templates, triage matters for legal review, track deviations/redlines and approvals, coordinate e‑signature/wet‑ink and stamping, file executed copies with renewal alerts, complete counterparty due diligence.
• Uni‑wide Archive and Repository – create and maintain a proper archive and repository, ensure continuity and sustainability of documents, utilise SharePoint with limited editable access rights, serve as one‑stop centre and single source of truth.
• Regulatory and Statutory Compliance Support – coordinate corporate filings and licences, support MoHE/MQA/KDN touchpoints, maintain statutory/corporate registers, assist with queries and visits by Enforcement & Inspectorate Division, MOHE.
• Business Continuity & Incident Governance – keep Business Continuity Plan and incident contact list up to date, maintain incident log, perform after‑action reviews after disruptions.

• Bachelor’s degree in Law, Accounting, Business, Public Policy, or a related field.
• Experience in corporate governance, company secretariat functions, compliance, or risk management.
• Familiarity with PDPA 2010 and JPDP guidelines, Companies Act 2016, SSM/MBRS submissions, and regulatory interfaces related to MoHE and MQA.
• Ability to review NDAs, MoUs, and MoAs, with a solid understanding of contract law principles or a strong willingness to learn.
• Strong capability to plan, implement, and manage governance, compliance, privacy, and contract workflows.
• Excellent document control, record management, and process‑tracking skills.
• Excellent proficiency in English and Malay, both written and spoken.
• Ability to handle confidential and sensitive information professionally.
• Experience in higher education, relevant professional certifications, or experience implementing contract/policy management systems is an added advantage.
• Experience in mapping and improving end‑to‑end governance or contract processes is desirable.

Please review the following application information: What's your expected monthly basic salary? How many' experience do you have as a Personal Data Protection Officer?