Unit Head | Data Protection

Work assigned is not limited to the job scope listed below and may be assigned to another function based on the workload and requirement:

• Lead the Data Protection Unit in developing and executing the organization’s overall data protection strategy, ensuring compliance with the Personal Data Protection Act (PDPA), effective implementation of Data Loss Prevention (DLP) measures, and robust management of data protection risks across all business functions.
• Ensure adherence to defined data protection and governance policies, standards, and frameworks, maintaining confidentiality, integrity, and availability of personal and sensitive data.
• Serve as the appointed Data Protection Officer (DPO) and primary liaison with the Personal Data Protection Commissioner (PDPC) and other regulatory authorities on data protection matters.
• Promote awareness, accountability, and good data handling practices across the organization to foster a strong data protection culture.

• Develop, implement, and maintain comprehensive data protection policies, procedures, and controls, ensuring alignment with PDPA requirements and internal governance standards. This includes establishing and periodically reviewing the Data Protection Policy, Data Breach Management Procedure, Data Subject Rights Handling Procedure, and related operational guidelines to promote consistent compliance across all business functions.
• Advise on lawful data collection, processing, retention, and disposal, ensuring adherence to data subject rights under PDPA.
• Collaborate with Legal Department to monitor developments in local and international data protection regulations and recommend policy updates.
• Lead the investigation, containment, and reporting of personal data breaches in accordance with PDPA requirements.
• Provide strategic leadership and oversight of data breach incident response, working closely with the IT Security team and other key stakeholders to ensure effective containment, root cause analysis, and compliance with PDPA reporting obligations.
• Advise management on reporting obligations to the Personal Data Protection Commissioner (PDPC) and affected individuals.
• Plan and deliver regular training and awareness programs to promote PDPA and data governance literacy among staff.
• Oversee the implementation and effectiveness of Data Loss Prevention (DLP) controls in collaboration with the IT Security, ensuring alignment with data protection and governance requirements to prevent unauthorised data access, transmission, or leakage.
• Collaborate with IT Security and Risk teams to identify and mitigate data leakages.
• Work with Data Stewards to guide and facilitate the development and refinement of DLP business rules and data protection controls, ensuring alignment with PDPA requirements and organizational data governance standards.
• Conduct and oversee data protection impact assessments for new systems, projects, and third-party engagements.
• Evaluate external data sharing and cloud data usage requests, ensuring compliance with classification and approval requirements.
• Recommend mitigation controls and risk treatments based on the sensitivity and criticality of the data involved.
• Plan and design change management programs to promote awareness of Data Protection practices enterprise-wide, ensuring continuous engagement with EPF personnel at all levels.
• Prepare and provide comprehensive reports on Data Protection and DLP to management and relevant committees.

• Bachelor’s degree in Data Science, Computer Science, Information Security, Law, or any other relevant degree which is recognized by the Government from any local or abroad higher learning institution.
• At least 10 years of relevant experience in areas of data governance, data management, data quality management, data security, data analytics and business analyst
• Strong knowledge of PDPA 2010, DLP frameworks, privacy risk assessment, and data governance principles
• Professional certification such as CIPM, CIPP/E, or CDPO, is an advantage.
• Good experience in Microsoft Office (Words, Excel, Power Point, Outlook).
• Good analytical skills, meticulous and able to work independently.
• Team players with strong communication and good interpersonal skill.
• Result-oriented, fast-paced, resourceful and proactive.
• Resilient and able to deliver under pressure.
• Malaysian citizen.
• Obtain a pass in Bahasa Melayu, including an oral test in Sijil Pelajaran Malaysia (SPM) level or equivalent qualification recognised by the Government.

Permanent

Data Protection Unit, Data Governance Office, Investment Services Department

All applications are strictly CONFIDENTIAL and only shortlisted candidates will be called in for interview. Applications are deemed UNSUCCESSFUL if there is no feedback from the EPF 2 MONTHS after the closing date of the advertisement.