Senior Vice President - Legal Services (Group Data Protection Officer)
At HKEX Group, we arecommitted to best practices in handling personal and other data and that ourwork complies with applicable data protection legislation. We are seeking aGroup Data Protection Officer to help us improve our management of personal andother data, carry out regular internal data privacy (and security) audits, andact as the main point of contact between HKEX Group and relevant dataprotection authorities.
Working in the HKEX GroupLegal Department you will play a critical role in supporting the Group's globaloperations in HKEX APAC and London offices. In this role you will be thesubject matter expert in data privacy for the APAC and Europe regions. Ourideal team member will have excellent organizational, communication, andmanagement skills, and also the ability to lead training sessions and workshopswith members of staff. You will often be asked to work independently in thisrole, and also to communicate with all relevant employees as you promote aculture of data protection compliance within the Group.
Objectives of this Role
- Act as the primary point of contact within the Group for members of staff, regulators, and any relevant public bodies on issues related to data privacy and data protection;
- Ensure the organization's policy is in accordance with the General Data Protection Regulation (GDPR) and codes of practice, the Personal Data Privacy Ordinance of Hong Kong (PDPO), the UK Personal Data Protection Act (UK PDPA), the Singapore Personal Data Protection Act (Singapore PDPA), the Personal Information Protection Law - Draft of the People's Republic of China (PIPL) and other applicable data protection laws;
- Evaluate the existing data protection framework, including relevant policies and procedures, of the Group and identify areas of non or partial compliance and rectify any issues;
- Devise standard training plans for the Group and provide data protection advice and support for members of staff;
- Inform and advise the Group as data controller or data processor on all matters related to data protection; and
- Promote a culture of data protection compliance across all units of the Group.
- Develop, standardize and implement privacy compliance mechanisms for HKEX on a group level and report to Group Legal Department and Executive Risk Committee;
- Oversee the drafting and enhancement of new and amend existing internal data privacy policies, guidelines, and procedures, in consultation with key stakeholders such as Legal, Regulatory & Compliance Departments, etc.
- Monitor performance and provide advice on the impact of data protection efforts within business departments such as listing, post-trade, markets, etc. and liaise with Group's Enterprise Risk and Technology Risk Departments on privacy risk management related exercises where needed;
- Maintain comprehensive records of all data processing activities conducted by the Group, including the purposes of all processing activities, and maintain the personal data register through working with the business and support departments;
- Conduct ongoing monitoring and review exercise (including privacy impact assessments) to ensure compliance with respective data protection requirements;
- Provide data privacy related advice to the business and support departments (i.e. IT Department) to ensure compliance with regulatory and the Group's requirements and standards on a day to day basis;
- Respond to enquiries and/or requests from data subjects regarding their data collected, used or retained by the Group;
- Serve as the point of contact between the Group and any Supervisory Authorities (SAs) that oversee activities related to data;
- Educate the Group's management and employees about data privacy compliance, training staff involved in data processing; and
- Support and work with internal audit teams on regular security audits pertaining data privacy where necessary.
The ideal candidate is a qualified solicitor currently based in Hong Kong with:
- At least 10 years of experience in a regulated financial institution with significant exposure to data privacy work;
- expertise in data protection laws and regulations including an in-depth understanding of the GDPR, PDPO, UK PDPA, Singapore PDPA and the PIPL;
- a complete understanding of IT infrastructure, technology, and technical and organizational structure;
- Professional qualifications holder will be an advantage, such as CIPP/E, CIPP/A, CIPT or CDPSE;
- Excellent management skills and ability to interface easily with both internal staff at all levels and outside authorities;
- Strong interpersonal and communication skills, and strong attention to detail;
- Ability to work under pressure and manage sensitive and confidential information; and
- Excellent command of written and spoken English and Chinese.
Applicants whoh do not hear from us within 6 weeks may consider their applications unsuccessful. Personal data provided will only be used for the purpose of employment application to HKEX.