Job Description

Make A Real Difference at PropertyGuru.
Real Aspirations. Real People. Real impact.PropertyGuru is Southeast Asia\'s leading PropTech company, and the preferred destination for over 41 million property seekers to connect with more than 63,000 agents monthly to find their dream home. PropertyGuru empowers property seekers with more than 3.2 million real estate listings, in-depth insights, and solutions that enable them to make confident property decisions across Singapore, Malaysia, Thailand, Indonesia, and Vietnam.PropertyGuru.com.sg was launched in Singapore in 2007 and since then PropertyGuru Group has made the property journey a transparent one for property seekers in Southeast Asia. In the last 15 years, PropertyGuru has grown into a high-growth PropTech company with a robust portfolio of leading property marketplaces across its core markets; award-winning mobile apps; mortgage marketplace, PropertyGuru Finance; and a host of enterprise solutions now under PropertyGuru For Business, including a high-quality developer sales enablement platform, FastKey, DataSense, ValueNet, Awards, events and publications across Asia.Responsibilities:At PropertyGuru, we strive to \xe2\x80\x9cBuild Southeast Asia\'s Trust Platform\xe2\x80\x9d and security is at the centre of building that trust with our customers, agents, and partners across Singapore, Vietnam, Malaysia, Thailand & India.Role

• The Lead Data Protection will be responsible for the data privacy & protection functions, data governance, security & audits, privacy controls implementation, privacy risk management & compliance across the group.
• They will maintain companywide programs in a manner that meets our compliance and regulatory requirements, aligns with the business goals and supports the risk posture of the organisation.
• The Lead Data Protection will be responsible for developing privacy strategies to protect & defend PropertyGuru\'s and customers data from internal and external threats, oversee the implementation of privacy controls to maintain a robust privacy posture, and ensure the right set of processes, controls and tools to protect PropertyGuru Group & the privacy of our customers.
• The right candidate should have in-depth knowledge of data security controls and they should be familiar with data privacy laws and the nature of data processing activities.
• Be responsible for privacy awareness, training and fostering the appropriate mindset and culture.

Responsibilities

• As a privacy leader, you will foster a privacy-first culture and communicate continuously on security risks, current/future threats and regulatory changes to stakeholders.
• Be the subject matter expert (SME) on privacy-by-design, data governance, privacy risk management, data security controls & privacy audits for business and technology teams.
• Be aware of current and upcoming regional government/ legal/ regulatory requirements for data privacy; and advise business & technology leaders with insights, discussions & guidance.
• Develop processes to safeguards data assets by identifying and solving potential and actual data security gaps, and implement improvements.
• Determine privacy gaps by conducting periodic data security audits along with the GRC team.
• Evaluate emerging data security threats & their solutions to design, implement, monitor and improve our privacy posture.
• Design and implement data protection controls across platforms & cloud environments.
• Work with stakeholders for preparing data security performance reports & communicating control status.

Data Privacy & Protection

• Have an in-depth understanding of data privacy regulations in SE Asia, USA & India.
• Work closely with stakeholders in Legal, ERM, ESG, HR, technology, product & marketing.
• Advise technology functions on data protection best practices.
• Drive programs for employee privacy training, awareness & communications at all levels.
• Develop & manage privacy dashboard; track metrics & performance and engage with stakeholders for continuous improvement.

Data Governance

• Enhance, implement and maintain a data governance program for data privacy aligned with security standards, frameworks adoption, documentation & assessment, based on ISO/ IEC 27701 PIMS, NIST 800-53 & NIST Privacy Frameworks.
• Implement privacy governance standards and procedures in compliance with regulatory and organisational requirements.
• Prepare, maintain, review, revise & update essential documentation related to organisational data security policies, procedures, processes, reporting dashboard & tool policies.

Privacy Audits & Assessments

• Conduct privacy reviews, audits & assessments, and implementation of corrective actions & recommendations to ensure alignment with the group security & privacy policies
• Assess the data privacy posture of the organisation, and conduct Data Privacy Impact Assessments (PIA).

Privacy Risk Management

• Implement processes for Privacy Impact Assessments (PIA).
• Partner with internal BUs to conduct privacy assessments & privacy risk management.
• Recommend and deploy appropriate mitigation strategies for such identified risks.
• Privacy risk management for technology, vendors, third parties & software supply chain.

Privacy Controls Management

• Ensure implementation of security & privacy controls as per the controls framework.
• Support the maintenance of policies & controls to ensure they are always current.
• Supporting ongoing review and management of privacy controls.
• Ensure existing tools, processes and partnerships are leveraged appropriately to protect PropertyGuru from data & information loss and data privacy breaches across the group.
• Review data protection reports and metrics to recommend enhancements and additional controls based on business security models.

Privacy Incident Management

• Support the incident management program for privacy related aspects.
• Be the first point of contact for privacy related incidents & processes
• Advise the technology leadership on privacy incidents & responses to them.
• Lead privacy investigations and conduct a analysis on the incidents to contain the damage.

Requirements:Who you are

• Minimum 6 years of technology experience in Data Protection, Data Privacy, Security Engineering or Security/ Privacy Controls.
• Hands on experience in data security, data privacy, incident management & security investigations.
• Strong interpersonal and communication skills (written and oral) with ability to communicate at all organizational levels.
• Proven self-starter; able to take initiative and deliver committed results with minimal supervision.
• Have a collaborative & consensus building approach, with structured, analytic and independent working methods.
• Be able to manage teams when required.

Qualifications

• Strong leadership and team management skills, with an in-depth knowledge of relevant privacy regulations, principles and technologies.
• Innovative thinking, strong leadership and a collaborative approach, with an ability to lead and motivate cross-functional interdisciplinary teams.
• Experience working in a distributed work culture with in-depth knowledge of privacy management in cloud computing & virtualized environments.
• Experience in leading compliance programs across the organization such as ISO 27001, ISO 27701, NIST CSF, NIST RMF, NIST PMF, SOX, SOC audits & PCI-DSS. The Lead should also have experience in implementing, creating policies, fine-tuning, & operating data protection tools.
• Experience developing partnerships with business leaders to create and execute multi-year roadmaps.
• History of evangelising a privacy mindset and culture across the organisation with innovative and out of the box strategies for the program to be effective.
• Bachelor\'s or Master\'s degree in engineering, data privacy, cybersecurity, information technology, or a related field.

Knowledge

• Deep understanding of privacy threats & remediation, modern privacy technologies, methodologies, applications, and processes.
• Data governance, privacy risk management, compliance and privacy audits.
• Knowledge of privacy regulations in USA, SE Asia & India for compliance & reporting.
• Experience in -

• Performing data security audits, risk assessments and analysis.
• Identifying gaps & recommending enhancements to data systems security.
• Overseeing & implementing data governance framework.
• Formulating privacy policies and procedures, support in building/ procuring, implementing & operating privacy controls.
• Hands-on experience on data protection technologies and policy management.
• Supporting information security investigations.

Essential Personal Skills

• Excellent leadership skills
• Must demonstrate high level of personal integrity, ethical responsibility, maturity, and discretion.
• Understand PropertyGuru & stakeholder requirements from the business & functional perspective.
• Excellent problem-solving skills, written and verbal communication skills.

PropertyGuru Group is an equal opportunity employer committed to fostering an inclusive, innovative an learning environment with the best employees. Therefore, we provide employment opportunities without regard to gender, identity, race, religion, nationality, age, marital status, disability, or any other protected status, per applicable law. If there is anything we can do to help ensure you have a comfortable and positive interview experience, please let us know.

PropertyGuru