- Lead the enterprise-wide data protection strategy, ensuring full compliance with UU PDP, GDPR, ISO 27701, and all applicable national and international privacy regulations.
- Authorize data protection policies, privacy frameworks, data processing agreements, and binding corporate rules across all business entities and subsidiaries.
- Strategize and oversee the implementation of Privacy by Design and Privacy by Default principles across all new products, systems, processes, and digital transformation initiatives.
- Synergize with C-Suite, Board of Directors, Legal, IT, Compliance, and Business Units to embed privacy governance into organizational culture and decision-making.
- Lead and manage Data Protection Impact Assessments (DPIAs), Records of Processing Activities (RoPAs), and privacy risk assessments across the organization.
- Negotiate and authorize data sharing agreements, data processing agreements (DPAs), and cross-border data transfer mechanisms with third parties and regulatory bodies.
- Strategize and lead the organization’s response to data subject rights requests (access, erasure, portability, objection) and personal data breach incidents, including regulatory notifications.
- Lead engagement with regulators, including the National Data Protection Authority (Kominfo/BSSN), and serve as the primary point of contact for all regulatory inquiries and audits.
- Authorize and oversee privacy training programs, awareness campaigns, and capability uplift initiatives for all staff levels, including senior leadership.
- Synergize with the Cybersecurity and IT GRC functions to ensure alignment of information security controls with privacy obligations, including ISMS (ISO 27001) and PIMS (ISO 27701) programs.
- Lead the development and continuous improvement of the organization’s privacy maturity model, benchmarking against global best practices and frameworks.
- Strategize on emerging technology risks related to AI, Cloud, IoT, and Mobile, ensuring privacy considerations are proactively addressed across the technology landscape.
- Lead the development and operationalization of a Data Security Framework covering data classification, Data Loss Prevention (DLP), encryption standards, and access governance in coordination with the CISO and Cybersecurity function.
- Oversee and authorize cybersecurity-related privacy risk assessments including third-party vendor security reviews, cloud security assessments, and technology due diligence for data-intensive systems and digital platforms.
- Lead coordination with the Security Operations Center (SOC) and CSIRT on personal data breach detection, containment, and regulatory notification procedures under UU PDP and applicable sectoral regulations (including BSSN directives).
- Bachelor’s degree in Law, Information Technology, Computer Science, Cybersecurity, or a related field; Master’s degree or postgraduate qualification in Data Privacy, Information Security, or Law is highly preferred.
- Minimum 10 years of progressive experience in Data Privacy, Cybersecurity, IT GRC, or a related discipline, with at least 2 years in a senior DPO, privacy advisory, or data governance leadership role.
- Demonstrated expertise in Indonesian Personal Data Protection Law (UU PDP No. 27 Tahun 2022) and GDPR, with a proven track record of regulatory compliance implementation across large or complex organizations.
- Strong capability to lead, design, and authorize enterprise privacy programs including DPIAs, RoPAs, privacy risk assessments, and incident response frameworks.
- Proven ability to synergize with and advise at Board and C-Suite level, translating complex privacy and regulatory requirements into strategic business guidance.
- In-depth knowledge of international privacy and security standards and frameworks including ISO 27701, ISO 27001, NIST Privacy Framework, NIST CSF, COBIT, and PCI-DSS.
- Experience in negotiating data processing agreements, cross-border transfer mechanisms, and regulatory submissions with government authorities and regulators.
- Broad understanding of cybersecurity domains including Cyber Strategy, Security Architecture, Cloud Security, DevSecOps, OT/ICS Security, and Emerging Technology Risks (AI, IoT, Mobile, Cloud).
- Strong knowledge of IT Audit, IT Risk Management, IT Governance, Enterprise Architecture, Business Continuity Management (ISO 22301), and Digital Transformation.
- Excellent executive communication, stakeholder management, and cross-functional leadership skills, with the ability to influence and drive change at all organizational levels.
- Demonstrated experience in acting as an Independent or External Advisor to Boards, Audit Committees, or regulatory bodies is a strong advantage.
- Professional certifications required: one or more of CIPP/E, CIPM, FIP, CDPO, or equivalent privacy credentials. Additional preferred certifications include CISM, CISSP, ISO 27001 LA, ISO 27701 LA, ISO 22301 LA, GRCP, GRCA, CCSK, or OT Privacy Expert.
- Private Health Insurance
- Pension Plan
- Training & Development
- Performance Bonus