Manager €“ Information Risk & Data Privacy

Job Description

At Prudential, we understand that success comes from the talent and commitment of our people. Together, we have a shared vision in securing the future of our customers and our communities. We strive to build a business that you can shape, an inclusive workplace where everyone’s ideas are valued and a culture where we can thrive together. Our people stay connected and tuned in to what’s happening around us, keeping us ahead of the curve. While focused on the long-term, we look to the future to bring growth, development and benefit to everyone whose lives we touch.

This job holder act as “second line of defense” (within context of the Group Risk Framework) to provide assurance and oversight on Information Risk and Data Privacy risk that might pose a threat to the business.

Principle Duties and Responsibilities:

• To act as focal point in providing business with assurance that processes, tools and technologies are operating effectively to mitigate risk to information and Data Privacy risk.
• First line of review in security authorization for request from functions for exemptions to standard access and use of tools and technologies.
• Together with ITSM to aligning IT security requirement within guidance and reference policy of Information Security Policy. So it can provide assurance to functions in managing Information Risk effectively.
• To act as governance policy owner of Data Privacy Policy and Standard to providing business with assurance process and advisory in mitigating Data Privacy impact related.
• Coordinate and submit timely regular reporting as govern by Information Security Policy to PCA information Risk:
  • Sensitive Information Register and Review
  • Sensitive Information transfer register and Review
  • Incident Reporting Management
  • Etc as governed within policy and standard
• Coordinate to ensure PLAI compliant according to PCA governance assurance of Information Security Policy and Data Privacy Policy & Standard annual end year Turnbull certification.
• Coordinate and support completion of PCA led Functional and Risk review as set out in annual timetable.
• Carrying out awareness and training program both PLAI program and PCA direction awareness campaign to increase the maturity of PLAI in managing Information Risk and privacy management.
• Support the implementation of PCA Information Risk and Data Privacy policies and guidance.
• To role as focal point in supporting functions as required to manage risks to information and Data Privacy appropriately:
  • To ensure projects to take account of risk to information and privacy impact implication
  • Advice and guidance on Information Risk and privacy related issues
• To role as LBU Data Privacy Officer overseeing set of Data Privacy requirement
• Carrying out third party Information Risk review and privacy related risk review to ensure PLAI interest over Information Risk and privacy implication are properly managed and controlled.

Job Requirements:

• Qualification – Preferred degree in Information Technology or other qualification with strong IT experience and proven related qualification in Information Security and Data Privacy.
• Experience – several year or minimal 5 years directly managing Information Risk (preferable), IT Security or IT Governance or IT Risk Management background (Banking, Insurance, Auditor field are preferable). Sound of project related skill or handling project management is an advantage
• Experience exposure in handling task with cross functions area, ability to lead and provide advice (role as subject matter expertise).
• Self-motivated person in managing workload within required timeline.
• Good in English communication and writing
• Self – started personality, good interpersonal and communication skills.
• IT security knowledge (networking, firewall, data mining, etc) & Database knowledge skills
• Information Risk relevant professional certification is an advantage