Senior Data Privacy Specialist

GX Bank Berhad - the Grab-led Digital Bank - is the FIRST digital bank in Malaysia, approved by BNM to commence operations. We aim to leverage technology and innovation to serve the financial needs of the unserved and underserved individuals, and micro and small medium enterprises.

We are driven by our shared purpose and passion to bring positive transformation to the banking industry, starting with solutions that address the financial struggles of Malaysians and businesses.

The Senior Data Privacy Specialist will support the Data Privacy Officer in implementing the Bank’s data protection management programme. We are looking for a professional who views Data Privacy not as a series of arbitrary blockers, but as a business enabler. This role is for someone who can translate regulatory requirements into high-engagement, culture-shifting initiatives.

Data Protection Impact Assessments (DPIAs) & Third-Party Risk Assessments: Conduct Data Protection Impact Assessments (DPIAs) and third-party risk reviews, applying practical judgment to mitigate risks.

Policy & AI Governance: Develop, review, and implement data protection policies, AI governance frameworks, and privacy notices. Support and oversee the conduct of independent audits and attestation of the Bank’s data protection policies and processes.

Operational Compliance: Provide guidance to business units on privacy compliance and act as a point of contact for regulatory enquiries and data subject requests.

Regional Privacy Operations: Lead and support regional privacy workstreams, including third-party risk assessments and cross‑border data transfer impact assessments.

Documentation & Administration: Act as the administrative gatekeeper to ensure all privacy‑related records are accurately logged and filed, preventing documentation backlogs.

Building Strong Data Culture : Conceptualize and execute training programmes and data privacy events that break the traditional banking mold

Executive & Board Reporting: Prepare documentation and present complex data privacy matters, and updates to the Board of Directors and Executive Committees.

Incident Response: Serve as a key member of the Data Breach Response Team, assessing incidents and preparing formal regulatory notifications.

Experience: At least 1 year of experience in data privacy protection, OR general 3‑5 years of experience in data management or cybersecurity, or acted as in‑house legal counsel related to Data Privacy matters.

High level of interpersonal skills to collaborate effectively and influence stakeholders across internal teams and strong writing skills

Proactive attitude to explore and use new technology tools for process automation

Must be a strong and confident presenter with the ability to articulate complex privacy and risk concepts clearly to senior executives and board members.

Ability to assess risks and apply practical approaches to balance compliance with business needs.

Experience in Financial Institutions within Data Privacy functions will be an added advantage

Be careful - Don’t provide your bank or credit card details when applying for jobs. Don't transfer any money or complete suspicious online surveys. If you see something suspicious, report this job ad.