Techconnect.id logo

Data Protection Officer

Techconnect.id
3 days ago
Full-time
On-site
Special capital Region of Jakarta, Java, Indonesia
Data Protection Officer
  • Lead the enterprise-wide data protection strategy, ensuring full compliance with UU PDP, GDPR, ISO 27701, and all applicable national and international privacy regulations.
  • Authorize data protection policies, privacy frameworks, data processing agreements, and binding corporate rules across all business entities and subsidiaries.
  • Strategize and oversee the implementation of Privacy by Design and Privacy by Default principles across all new products, systems, processes, and digital transformation initiatives.
  • Synergize with C-Suite, Board of Directors, Legal, IT, Compliance, and Business Units to embed privacy governance into organizational culture and decision-making.
  • Lead and manage Data Protection Impact Assessments (DPIAs), Records of Processing Activities (RoPAs), and privacy risk assessments across the organization.
  • Negotiate and authorize data sharing agreements, data processing agreements (DPAs), and cross-border data transfer mechanisms with third parties and regulatory bodies.
  • Strategize and lead the organization’s response to data subject rights requests (access, erasure, portability, objection) and personal data breach incidents, including regulatory notifications.
  • Lead engagement with regulators, including the National Data Protection Authority (Kominfo/BSSN), and serve as the primary point of contact for all regulatory inquiries and audits.
  • Authorize and oversee privacy training programs, awareness campaigns, and capability uplift initiatives for all staff levels, including senior leadership.
  • Synergize with the Cybersecurity and IT GRC functions to ensure alignment of information security controls with privacy obligations, including ISMS (ISO 27001) and PIMS (ISO 27701) programs.
  • Lead the development and continuous improvement of the organization’s privacy maturity model, benchmarking against global best practices and frameworks.
  • Strategize on emerging technology risks related to AI, Cloud, IoT, and Mobile, ensuring privacy considerations are proactively addressed across the technology landscape.
  • Lead the development and operationalization of a Data Security Framework covering data classification, Data Loss Prevention (DLP), encryption standards, and access governance in coordination with the CISO and Cybersecurity function.
  • Oversee and authorize cybersecurity-related privacy risk assessments including third-party vendor security reviews, cloud security assessments, and technology due diligence for data-intensive systems and digital platforms.
  • Lead coordination with the Security Operations Center (SOC) and CSIRT on personal data breach detection, containment, and regulatory notification procedures under UU PDP and applicable sectoral regulations (including BSSN directives).
  • Bachelor’s degree in Law, Information Technology, Computer Science, Cybersecurity, or a related field; Master’s degree or postgraduate qualification in Data Privacy, Information Security, or Law is highly preferred.
  • Minimum 10 years of progressive experience in Data Privacy, Cybersecurity, IT GRC, or a related discipline, with at least 2 years in a senior DPO, privacy advisory, or data governance leadership role.
  • Demonstrated expertise in Indonesian Personal Data Protection Law (UU PDP No. 27 Tahun 2022) and GDPR, with a proven track record of regulatory compliance implementation across large or complex organizations.
  • Strong capability to lead, design, and authorize enterprise privacy programs including DPIAs, RoPAs, privacy risk assessments, and incident response frameworks.
  • Proven ability to synergize with and advise at Board and C-Suite level, translating complex privacy and regulatory requirements into strategic business guidance.
  • In-depth knowledge of international privacy and security standards and frameworks including ISO 27701, ISO 27001, NIST Privacy Framework, NIST CSF, COBIT, and PCI-DSS.
  • Experience in negotiating data processing agreements, cross-border transfer mechanisms, and regulatory submissions with government authorities and regulators.
  • Broad understanding of cybersecurity domains including Cyber Strategy, Security Architecture, Cloud Security, DevSecOps, OT/ICS Security, and Emerging Technology Risks (AI, IoT, Mobile, Cloud).
  • Strong knowledge of IT Audit, IT Risk Management, IT Governance, Enterprise Architecture, Business Continuity Management (ISO 22301), and Digital Transformation.
  • Excellent executive communication, stakeholder management, and cross-functional leadership skills, with the ability to influence and drive change at all organizational levels.
  • Demonstrated experience in acting as an Independent or External Advisor to Boards, Audit Committees, or regulatory bodies is a strong advantage.
  • Professional certifications required: one or more of CIPP/E, CIPM, FIP, CDPO, or equivalent privacy credentials. Additional preferred certifications include CISM, CISSP, ISO 27001 LA, ISO 27701 LA, ISO 22301 LA, GRCP, GRCA, CCSK, or OT Privacy Expert.
  • Private Health Insurance
  • Pension Plan
  • Training & Development
  • Performance Bonus