Privacy Compliance

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:

KEY RESPONSIBILITIES

1.  Privacy Strategy & Program Leadership

• Develop and maintain the company-wide Privacy Compliance Program in alignment with UU PDP, OJK regulations, and applicable international standards (ISO 27701, GDPR where relevant).
• Define the privacy governance framework, policies, procedures, and standards for the organization.
• Lead the annual privacy risk assessment and report findings and remediation plans to senior management and the Board.
• Act as the primary point of contact (Pejabat Pelindungan Data Pribadi / Data Protection Officer) or support the designated DPO in fulfilling regulatory obligations.

2.  Regulatory Compliance & Advisory

• Monitor developments in Indonesian privacy legislation, OJK circulars, and BPJS regulations affecting the life insurance industry; assess impact and drive timely compliance.
• Advise business units on privacy implications of new products, services, campaigns, partnerships, and technology implementations.
• Conduct and oversee Privacy Impact Assessments (PIAs / DPIAs) for high-risk processing activities.
• Manage regulatory inquiries, examinations, and incident reporting obligations to the Ministry of Communication and Digital and OJK.

3.  Data Subject Rights & Incident Management

• Establish and maintain a robust process for handling Data Subject Rights requests (access, correction, deletion, portability, objection) within prescribed timelines.
• Lead the Privacy Incident Response program, including breach identification, containment, notification, and post-incident review.
• Maintain accurate records of processing activities (ROPA) and data inventories.

4.  Third-Party & Vendor Privacy Management

• Review and negotiate privacy-related clauses in vendor, reinsurance, agency, and bancassurance agreements.
• Conduct periodic privacy due diligence on third-party processors and critical service providers.
• Oversee cross-border data transfer mechanisms and ensure adequate safeguards are in place.

5.  Training, Awareness & Culture

• Design and deliver privacy training programs for all employees, with targeted modules for high-risk functions (actuarial, underwriting, claims, marketing, IT).
• Promote a culture of privacy by design and default across product and process development lifecycles.
• Prepare executive and Board-level privacy reporting, dashboards, and metrics.

6.  Team Leadership

• Lead, mentor, and develop a team of privacy and compliance professionals.
• Set clear performance objectives, provide regular feedback, and support career development.
• Manage the privacy compliance budget and resource planning.

QUALIFICATIONS & REQUIREMENTS

Education

• Bachelor’s degree (S1) required; postgraduate degree (S2/LLM/MBA) in Law, Information Technology, or a related field is strongly preferred.
• Professional certification in data privacy is highly desirable: CIPM, CIPP/A, CDPSE, or equivalent.

Experience

• Minimum 8–10 years of experience in data privacy, legal compliance, or information security, with at least 3–5 years in a managerial or senior specialist role.
• Direct experience in the financial services sector—particularly life insurance, banking, or multi-finance—is strongly preferred.
• Demonstrated experience implementing privacy programs under Indonesian law (UU PDP, UU ITE, OJK regulations).
• Experience engaging with Indonesian regulators (OJK, Kominfo / Ministry of Communication and Digital) is an advantage.

Technical Skills & Knowledge

• Deep knowledge of UU PDP No. 27 Tahun 2022 and its implementing regulations.
• Familiarity with relevant OJK circulars on consumer data protection (e.g., POJK No. 6/POJK.07/2022).
• Working knowledge of international privacy frameworks: GDPR, APEC Privacy Framework, ISO 27001/27701.
• Understanding of life insurance operations: underwriting, claims, bancassurance, agency distribution, and actuarial data use.
• Proficiency in conducting DPIAs, data mapping, and records of processing activities.

Competencies & Soft Skills

• Strong analytical and problem-solving skills with the ability to translate complex legal requirements into practical business guidance.
• Excellent communication and stakeholder management skills; able to present effectively to C-suite and Board.
• High integrity, professional judgment, and ability to manage sensitive and confidential information.
• Proven leadership and people management capabilities.
• Fluency in Bahasa Indonesia and English (written and spoken) is required.

Job Category:

Posting End Date: