Manager, Data Privacy

Credit Guarantee Corporation Malaysia Berhad (CGC) was established on 5 July 1972 to aid Micro, Small and Medium‑Sized Enterprises (MSMEs) in securing credit through guarantee coverage and financing products. CGC has evolved from a traditional guarantee provider to a digitally advanced institution, delivering a range of financing solutions including portfolio and wholesale guarantee schemes.

• Support the Data Protection Officer (DPO) in developing, implementing and maintaining effective internal data privacy policies and procedures in alignment with data protection requirements.
• Monitor regulatory developments in data protection, cybersecurity and disseminate this information to stakeholders, assessing impacts on business operations.
• Conduct privacy impact assessments and support risk mitigation strategies, identifying key data privacy risks/weaknesses and recommending enhancements to improve operational efficiency.
• Develop privacy compliance strategies in line with data protection and cybersecurity law and regulations to mitigate the Corporation’s exposure to privacy risk.
• Collaborate with stakeholders to review existing internal controls and processes related to data privacy, ensuring identified gaps are addressed.
• Review and assess third‑party relationships that pose higher risk for data privacy.
• Assist the DPO in responding to data subject requests and regulatory inquiries.
• Coordinate or conduct investigations and assessments on personal data breach incidents for reporting to the relevant authorities.
• Work closely with stakeholders to ensure appropriate technical and organisational measures for data protection.
• Develop and implement appropriate data privacy training for employees, senior management and directors.
• Assist the DPO in providing guidance and answering queries on data privacy matters, offering advisory support for informed decision‑making.
• Support the privacy champions in each division in executing data privacy strategies.
• Assist the DPO in preparing data privacy reports and updates for relevant management committees and board committees.
• Perform miscellaneous job‑related duties as assigned by the Head of Compliance & Integrity from time to time.

• Qualification: Bachelor’s Degree in Law/Banking/Finance or equivalent field.
• Experience: Minimum 7 years of working experience in regulatory compliance, with extensive experience handling customer data or PDPA‑related advisory and/or policies.
• Knowledge: In‑depth knowledge of PDPA 2010 and cybersecurity related requirements is mandatory.
• Skills & Competencies: Good communication and interpersonal skills, self‑starter who can work with minimal supervision.

Applicants will be asked to provide the following: What’s your expected monthly basic salary?