阿里云Alibaba Cloud-Data Protection & Privacy Legal-Hong Kong SAR
任职要求
1. Minimum of 3 years of experience in data protection and privacy compliance. 2. Expert knowledge and experience of Data Protection and Privacy Laws in APAC, Middle East, US and the EU/UK. 3. Relevant privacy qualification (e.g. CIPP/A, CIPP/E, etc.) is a plus. 4. Bachelor degree minimum, preferably with technology background. 5. Strong project management skills, and able to work independently with minimum supervision. 6. Prov…
工作职责
1. Responsible for the data subject rights request fulfilment, data breach incident handling and reporting, third party vendor assessment and review of contract terms on data and privacy. 2. Maintain data protection and privacy related policies, guidelines, standards; lead the privacy risk assessments; and drive data protection initiatives to mitigate privacy risks. 3. Act as a subject matter expert, provide advice to all related internal stakeholders on data protection and privacy, help them understand the risks associated and solve their problems. 4. Lead the privacy related audit or certificate programmes, including DPTM, CBPR, EU COC, etc. 5. Build and maintain strong relationships with internal and external stakeholders, in particular with business teams, to work on projects related to compliance with data protection and privacy laws. 6. Manage tools/systems to assist internal data protection and privacy related processes. 7. Develop and deliver data protection and privacy trainings to internal teams. 8. Keep abreast of new laws and regulations, as well as technology trends, assess impacts and risks and report to management and leadership.
* Maintain comprehensive compliance program for PCI-DSS * Conduct regular internal data security audit and oversee the implementation of corrective actions * Partner with Legal, Product and other teams in both group and local level to ensure GDPR compliance (e.g. Cookie, DSR, DPIA ) * Develop and enforce local security policies and procedures that in line with ISMS * Promote security awareness through training, workshops and internal communications * Support data security incident response and facilitate preventive measure to reduce the likelihood * Daily security support to business teams
1. Identify, assess the product security related risk and drive the risk mitigate 2. Monitor product security related compliance to local Laws/Regulations/National Standards,and convert local cyber、data protection & privacy demand into product requirement, guarantee compliance 3. Act as relay among Product Security stakeholders, communicate, coordinate, facilitate and support BU CSOs, Product Owners, Security Data Privacy Advisors, R&D for FCSR, SDL and other product security initiatives & topics 4. Act as local owner & coordinator to handle severe product security issues 5. Drive the SDL deployment in China C4C offer creation projects 6. Monitor local SDL maturity and drive action plan to improve
- Lead the development and execution/develop of the company’s Enterprise Risk Management (ERM) strategy, ensuring it is aligned with the overall business strategy and risk appetite, in accordance with business conditions, the regulatory environment, and industry trends. - Develop and maintain a comprehensive ERM framework, including risk identification, assessment, mitigation, and monitoring processes. - Collaborate with the Executive Team and department heads to integrate risk management practices across all functions and business units. Collaborate to ensure the effective execution of risk controls and advise on risk reduction opportunities & best practices for risk management. - Provide thought leadership and guidance on emerging risks, including operational, strategic, compliance, and reputation - Oversee the development and testing of business continuity plans and disaster recovery procedures to ensure organizational resilience in the event of disruptions, and oversee the management of crisis situations, ensuring that risk mitigation measures are implemented swiftly and effectively. - Foster a risk-aware culture across the organization by ensuring effective communication of risk management policies, guidelines, and procedures.