As a Data Security Governance Specialist, you will drive a high standard for data security governance risk management and collaborate across the organization to ensure compliance with data security policy standards through effective policies, processes, and practices.
As part of the regional Security Governance Risk & Compliance team, you will ensure data security requirements are effectively communicated to business, product, and tech teams, and drive initiatives to raise awareness around key data security risks and compliance.This role has a dual reporting line to the Head of Security Governance, Risk & Compliance, and the Head of Risk.Responsibilities:Define, update, and manage appropriate Lazada-EU contextual policies and processes in coordination with different business functions to protect customer information and business-critical data.Develop a process and procedure for ensuring policies are consistently applied across Lazada EU and monitor adherence to the defined governance principles to ensure expected value is delivered.Articulate data policies and risk-driven priorities to stakeholders and leaders, working with teams to drive plans for adherence to policy.Investigate the performance of Lazada or the Lazada data processor, including the employees or service providers, with respect to the collection, use, or disclosure of personal data for compliance with GDPR.Coordinate with legal & compliance in circumstances where there are problems with respect to the collection, use, or disclosure of personal data undertaken by the data controller or the data processor.Develop and enhance relationships with business and IT stakeholders to understand data security requirements, manage expectations, and monitor compliance levels.Work with tech and business functions to automate processes and compliance checks and participate in external audits.Conduct security awareness education for Lazada EU employees on data security & protection.Participate in internal & external audits to demonstrate compliance with security policies and measures to GDPR.Minimum Requirements:Degree in Computer Science/Engineering or equivalent with at least 8 years of experience in data protection control implementation as per GDPR requirements.Skilled at defining policies, processes, and procedures with a proven ability to execute.Relevant certification (CISM, CISA, CIPP, CIPM, CIPT, CISSP, etc.)
desirable.Relevant experience in internet companies desirable.Able to work in a cross-cultural environment.Strong customer-first mindset.Comfortable communicating and interfacing with external stakeholders, including regulators.Excellent written and verbal communication.Able to code (SQL or similar programming languages) to extract and analyze large data sets is preferred.Ability to manage ambiguity and thrive in a fast-paced working environment.#J-18808-Ljbffr