Manager- Data Protection & Privacy | ISS Department - DFCC Bank Colombo 03

About the job

Assistant Manager/ Manager - Data Protection & Privacy

ISS Department

Colombo

You should ideally:

• possess a minimum of 5 years of experience in data protection, legal compliance, information security, or data governance
• possess a bachelor’s degree in law, Information Security, Data Governance, or Information Technology; a master’s degree in a related field is highly preferred
• possessing relevant certifications in Data Protection (e.g., CIPP/E, CIPM, CDPSE), Information Technology, or GRC are advantageous
• Being familiar with the PDPA Act No. 19 of 2022 and international data protection frameworks (e.g., GDPR) is essential

You will be responsible for:

• establishing a comprehensive data protection framework for PDPA and legal compliance, collaborating with CISO to integrate data protection into cybersecurity
• ensuring data practices align with GRC standards and legal requirements across all subsidiaries, and overseeing data privacy risk management
• advising senior management on data privacy, including anonymization and retention policies
• guiding DPIAs and privacy-by-design strategies, and collaborating with legal to apply PDPA requirements in transactions and partnerships
• creating and enforcing organisation-wide data protection policies to ensure PDPA and global standards compliance
• regularly updating policies to align with legal and technological changes
• overseeing personal data governance in analytics, ensuring legal compliance and responsible data use for insights, in line with privacy regulations
• establishing processes and a contingency plan to effectively address data subject rights under the PDPA
• assessing and monitoring third-party vendors for data protection compliance, ensuring proper data handling agreements
• coordinating with risk and audit teams for continuous vendor performance monitoring
• collaborating with the CISO to mitigate cyber risks related to data, focusing on encryption, access control and secure storage
• ensuring ethical and secure data use across operations, including marketing and customer analytics
• leading data protection and privacy training for employees, ensuring they understand their roles and responsibilities in maintaining compliance
• monitoring data processing activities, reporting compliance to senior management, and highlighting risks and improvements
• collaborating with auditors to ensure PDPA and international standards compliance, preparing for audits as needed
• serving as the primary contact for the Data Protection Authority of Sri Lanka, ensuring compliance with regulatory requirements

We are an equal opportunity employer, committed to promoting an inclusive and diverse environment. Recruitment to the Bank is based solely on merit and competency, irrespective of other characteristics that make our employees unique.

Any form of canvassing is discouraged. Correspondence will only be with the short-listed candidates.

If you believe you're a good fit for the position described above, please send your updated CV to recruit@dfccbank.com within 14 days of this advertisement.