23 Data Privacy jobs in Hong Kong

Application Deadline:
27 October 2025

Department:
Technology-CDSIO

Location:
Hong Kong (SAR)

Description
About Mox
Mox is built by and for the ones who aspire to live life to the fullest – we call them Generation Mox The name Mox reflects the endless opportunities we can create, - Mobile eXperience; Money eXperience; Money X (multiplier), eXponential growth, eXploration… it's all up for us to define together.

Why Mox
Everything at Mox – from our products, features, to rewards – is designed based on customer research, tailor made for your needs. We care about what customers care about, especially in data security and privacy. Data ethics is core to everyone here at Mox. Mox rewards you with an array of banking and lifestyle benefits. Who says banking can't be fun?

Who are we looking for?
We are seeking an experienced Cards Product Owner to lead the development and delivery of our card products, ensuring they meet customer needs and maintain a market-leading position. You will drive the product roadmap, manage the product backlog, and collaborate with cross-functional teams, payment schemes, and vendors to deliver innovative card payment solutions. This role requires strong leadership, deep expertise in card payments, and a passion for agile methodologies.

Responsibilities

• Develop and Implement Privacy Program: Design, develop, and implement a comprehensive privacy program that aligns with Mox's risk management framework and complies with relevant data protection regulations, such as PDPO, PIPL, GDPR
• Conduct Privacy Impact Assessments (PIAs): Conduct PIAs to identify and mitigate potential privacy risks associated with new and existing products, services, and processes.
• Data Inventory: Maintain an up-to-date inventory of personal data
• Privacy Policies and Procedures: Develop, review, and update privacy policies and procedures to ensure they are current, effective, and compliant with regulatory requirements and accommodate business needs.
• Data Subject request: provide response to the data access and correction request
• Training and Awareness: Provide training and awareness programs for employees on privacy best practices, data protection regulations, and the organization's privacy policies and procedures.
• Incident Management: Develop and implement procedures for responding to data breaches and other privacy incidents, including notification to relevant authorities and affected individuals.
• Vendor management: Assist third-party vendor risk management program to ensure compliance with data protection regulations and organizational privacy policies, through vendor risk assessments, due diligence, contract review, and ongoing monitoring.
• Regulatory Compliance: Monitor and ensure compliance with relevant data protection regulations, including responding to regulatory inquiries and audits.
• Stakeholder Collaboration: Collaborate with various stakeholders, including IT, Risk, Compliance, Legal and Business teams to ensure privacy is integrated into business processes and operations.
• Continuous Monitoring and Improvement: Continuously monitor the privacy program's effectiveness and identify areas for improvement, implementing changes as necessary.

Requirements

• 5+ years of experience in a privacy or data protection role, preferably in a fintech or banking environment.
• Strong knowledge of data protection regulations, such as PDPO, GDPR, PIPL.
• Experience in developing and drafting privacy & data related governance documents
• Experience in developing and implementing a privacy program, conducting PIA, handling data incident, managing data subject access and correction request.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively with various stakeholders across the organization
• Provide advisory and consultation to assist stakeholders to navigate the regulatory compliance during daily operation, product design, third party vendor onboarding, customer enquiries, etc.
• Act as Subject Matter Expert for the first line of defense
• Strong attention to detail and organizational skills.
• Professional education & certification in data protection or privacy, such as law, CISA, CISSP, CIPP, CIPM, CIPT.
• Experience with data inventory.
• Experience & knowledge on fintech and banking operations.

All personal data provided by applicants will be used for recruitment and other employment-related purposes only. Personal data of unsuccessful applicants will be erased within 24 months of rejection of the applicant's application.

The Data Privacy Manager will report to Data Privacy Officer, to will collaborate with project/ operation/ client teams and first/ second/ third lines of defence to ensure all applicable regulatory requirements (e.g., from data protection laws) are fulfilled, the data governance and management framework is complied, and adequate and effective data privacy controls are in place. S/he will review and refine (if required) strategy, policies (including frameworks, guidelines and/or guiding principles) and procedures, data management, tools and organization for data governance and management. In particular, s/he will assess and strengthen (if needed) data privacy controls when reviewing the procedures. S/he will also promote data privacy awareness by designing and delivering the relevant training to data stakeholders.

The position resides within the Risk and Compliance team, with accountability and responsibility focused on data privacy. The successful candidate will collaborate with other team members with domain expertise on data security, compliance, and operation.

Your role

• Review the data governance and management framework and update it as required
• Design, oversee and improve privacy management programme controls
• Review processes/ procedures, ensure the data governance and management framework is followed, and assess adequacy of data privacy controls
• Conduct sample checking on data privacy controls to ensure they are effective
• Recommend how to strengthen data privacy controls
• Conduct review of the data privacy related documents
• Perform data classifications based on data definitions in data dictionaries
• Review business justifications for data retention periods, and ensure data housekeeping is in place
• Conduct data privacy risk assessment and propose mitigations
• Perform privacy impact assessment on change requests and implement the required changes (e.g., whether the privacy policy and/or the personal information collection statement require changes)
• Support reporting and management of data privacy incidents, by preparing data breach incident report and drafting data breach notification form
• Incorporate lessons learned from data breach incident to enhance data privacy controls
• Collaborate with auditors to complete privacy impact assessment and privacy compliance audit, and ensure the findings and recommendations are implemented
• Assist in Privacy Commissioner's investigation and/or inspection (if applicable), and ensure the findings/ recommendations/ enforcement notice are implemented
• Review and follow up complaint/ reporting of infringement of personal data privacy rights (if any)
• Keep up to date on applicable regulatory requirements, assess and implement all changes needed for fulfilling the requirements
• Support development teams to design and implement data governance tools (e.g., master data management tool for data lineage and data quality)
• Propose agenda, prepare meeting materials, conduct meetings to engage data stakeholders, and follow up action items
• Design training plan, develop training materials, and deliver training to data stakeholders; and improve data privacy training based on the feedback from data stakeholders

To succeed in this role

• University degree holder or above, with a minimum of 5-8 years' hands-on first line experience in data privacy-related domains/ fields
• Proven track record in designing, operating, maintaining and optimizing the data governance and management framework and data privacy controls
• Working knowledge and exposure in applicable regulatory requirements (e.g., PDPO and GDPR) is a must
• Project management skills are a plus
• Strong analytical and problem-solving skills, team-player attitude, well-organised, attention to details, and able to work independently under pressure
• Ability to manage different data stakeholders
• Excellent writing (in English), communication and presentation skills
• Proficiency in MS applications (e.g., Word, PowerPoint and Excel)

The Data Privacy Manager will report to Data Privacy Officer, to will collaborate with project/ operation/ client teams and first/ second/ third lines of defence to ensure all applicable regulatory requirements (e.g., from data protection laws) are fulfilled, the data governance and management framework is complied, and adequate and effective data privacy controls are in place. S/he will review and refine (if required) strategy, policies (including frameworks, guidelines and/or guiding principles) and procedures, data management, tools and organization for data governance and management. In particular, s/he will assess and strengthen (if needed) data privacy controls when reviewing the procedures. S/he will also promote data privacy awareness by designing and delivering the relevant training to data stakeholders.

The position resides within the Risk and Compliance team, with accountability and responsibility focused on data privacy. The successful candidate will collaborate with other team members with domain expertise on data security, compliance, and operation.

Your role

• Review the data governance and management framework and update it as required
• Design, oversee and improve privacy management programme controls
• Review processes/ procedures, ensure the data governance and management framework is followed, and assess adequacy of data privacy controls
• Conduct sample checking on data privacy controls to ensure they are effective
• Recommend how to strengthen data privacy controls
• Conduct review of the data privacy related documents
• Perform data classifications based on data definitions in data dictionaries
• Review business justifications for data retention periods, and ensure data housekeeping is in place
• Conduct data privacy risk assessment and propose mitigations
• Perform privacy impact assessment on change requests and implement the required changes (e.g., whether the privacy policy and/or the personal information collection statement require changes)
• Support reporting and management of data privacy incidents, by preparing data breach incident report and drafting data breach notification form
• Incorporate lessons learned from data breach incident to enhance data privacy controls
• Collaborate with auditors to complete privacy impact assessment and privacy compliance audit, and ensure the findings and recommendations are implemented
• Assist in Privacy Commissioner's investigation and/or inspection (if applicable), and ensure the findings/ recommendations/ enforcement notice are implemented
• Review and follow up complaint/ reporting of infringement of personal data privacy rights (if any)
• Keep up to date on applicable regulatory requirements, assess and implement all changes needed for fulfilling the requirements
• Support development teams to design and implement data governance tools (e.g., master data management tool for data lineage and data quality)
• Propose agenda, prepare meeting materials, conduct meetings to engage data stakeholders, and follow up action items
• Design training plan, develop training materials, and deliver training to data stakeholders; and improve data privacy training based on the feedback from data stakeholders

To succeed in this role

• University degree holder or above, with a minimum of 5 years' hands-on first line experience in data privacy-related domains/ fields
• Proven track record in designing, operating, maintaining and optimizing the data governance and management framework and data privacy controls
• Working knowledge and exposure in applicable regulatory requirements (e.g., PDPO and GDPR) is a must
• Strong analytical and problem-solving skills, team-player attitude, well-organised, attention to details, and able to work independently under pressure
• Ability to manage different data stakeholders
• Excellent writing (in English), communication and presentation skills
• Proficiency in MS applications (e.g., Word, PowerPoint and Excel)

A reputable technology company is looking to strengthen their risk and compliance function by recruiting a Data Privacy Manager / Senior Analyst. This role will play a critical part in ensuring the organisation's adherence to data privacy regulations and governance frameworks.

The successful candidate will collaborate closely with project, operations, client teams, and various lines of defence to maintain and improve privacy controls, conduct risk assessments, and manage compliance audits. They will also lead initiatives to promote data privacy awareness through training and stakeholder engagement.

Candidates should have experience and skills in the following areas:

• Proven track record in designing, operating, and optimising data governance frameworks and privacy controls
• Strong understanding and working knowledge of data privacy regulations such as PDPO and GDPR is a plus
• Ability to conduct privacy impact and data privacy risk assessments effectively
• Experience supporting data breach incident management and compliance investigations
• Excellent communication, presentation, and report-writing skills in English
• Ability to manage multiple data stakeholders and work independently under pressure
• Proficiency in Microsoft Office applications, particularly Word, Excel, and PowerPoint
• Minimum, 5-8 years of hands-on experience in data privacy-related roles, preferably within regulated environments

This is an excellent opportunity for candidates looking to make a significant impact in data privacy and governance, working collaboratively across teams while reporting to senior compliance leadership.

Feel free to reach out to me at OR

1 day ago Be among the first 25 applicants

About Mox
Mox is built by and for the ones who aspire to live life to the fullest – we call them Generation Mox! The name Mox reflects the endless opportunities we can create, - Mobile eXperience; Money eXperience; Money X (multiplier), eXponential growth, eXploration… it’s all up for us to define together.

Application Deadline: 27 October 2025

Department: Technology-CDSIO

Location: Hong Kong (SAR)

About Mox
Mox is built by and for the ones who aspire to live life to the fullest – we call them Generation Mox! The name Mox reflects the endless opportunities we can create, - Mobile eXperience; Money eXperience; Money X (multiplier), eXponential growth, eXploration… it’s all up for us to define together.

Why Mox
Everything at Mox – from our products, features, to rewards – is designed based on customer research, tailor made for your needs. We care about what customers care about, especially in data security and privacy. Data ethics is core to everyone here at Mox. Mox rewards you with an array of banking and lifestyle benefits. Who says banking can’t be fun?

• Develop and Implement Privacy Program: Design, develop, and implement a comprehensive privacy program that aligns with Mox’s risk management framework and complies with relevant data protection regulations, such as PDPO, PIPL, GDPR
• Conduct Privacy Impact Assessments (PIAs): Conduct PIAs to identify and mitigate potential privacy risks associated with new and existing products, services, and processes.
• Data Inventory: Maintain an up-to-date inventory of personal data
• Privacy Policies and Procedures: Develop, review, and update privacy policies and procedures to ensure they are current, effective, and compliant with regulatory requirements and accommodate business needs.
• Data Subject requests: provide response to the data access and correction request
• Training and Awareness: Provide training and awareness programs for employees on privacy best practices, data protection regulations, and the organization’s privacy policies and procedures.
• Incident Management: Develop and implement procedures for responding to data breaches and other privacy incidents, including notification to relevant authorities and affected individuals.
• Vendor management: Assist third-party vendor risk management program to ensure compliance with data protection regulations and organizational privacy policies, through vendor risk assessments, due diligence, contract review, and ongoing monitoring.
• Regulatory Compliance: Monitor and ensure compliance with relevant data protection regulations, including responding to regulatory inquiries and audits.
• Stakeholder Collaboration: Collaborate with various stakeholders, including IT, Risk, Compliance, Legal and Business teams to ensure privacy is integrated into business processes and operations.
• Continuous Monitoring and Improvement: Continuously monitor the privacy program’s effectiveness and identify areas for improvement, implementing changes as necessary.

• 5+ years of experience in a privacy or data protection role, preferably in a fintech or banking environment.
• Strong knowledge of data protection regulations, such as PDPO, GDPR, PIPL.
• Experience in developing and drafting privacy & data related governance documents
• Experience in developing and implementing a privacy program, conducting PIA, handling data incident, managing data subject access and correction request.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively with various stakeholders across the organization
• Provide advisory and consultation to assist stakeholders to navigate the regulatory compliance during daily operation, product design, third party vendor onboarding, customer enquiries, etc.
• Act as Subject Matter Expert for the first line of defense
• Strong attention to detail and organizational skills.
• Professional education & certification in data protection or privacy, such as law, CISA, CISSP, CIPP, CIPM, CIPT.
• Experience with data inventory.
• Experience & knowledge on fintech and banking operations.

All personal data provided by applicants will be used for recruitment and other employment-related purposes only. Personal data of unsuccessful applicants will be erased within 24 months of rejection of the applicant’s application.

Who we are is what we do.

Deel is the all-in-one payroll and HR platform for global teams. Our vision is to unlock global opportunity for every person, team, and business. Built for the way the world works today, Deel combines HRIS, payroll, compliance, benefits, performance, and equipment management into one seamless platform. With AI-powered tools and a fully owned payroll infrastructure, Deel supports every worker type in 150+ countries—helping businesses scale smarter, faster, and more compliantly.

Among the largest globally distributed companies in the world, our team of 6,000 spans more than 100 countries, speaks 74 languages, and brings a connected and dynamic culture that drives continuous learning and innovation for our customers.

Why should you be part of our success story?

As the fastest-growing Software as a Service (SaaS) company in history, Deel is transforming how global talent connects with world-class companies – breaking down borders that have traditionally limited both hiring and career opportunities. We're not just building software; we're creating the infrastructure for the future of work, enabling a more diverse and inclusive global economy. In 2024 alone, we paid $11.2 billion to workers in nearly 100 currencies and provided healthcare and benefits to workers in 109 countries—ensuring people get paid and protected, no matter where they are.

Our momentum is reflected in our achievements and customer satisfaction: CNBC Disruptor 50,  Forbes Cloud 100, Deloitte Fast 500, and repeated recognition on Y Combinator's top companies list – all while maintaining a 4.83 average rating from 15,000 reviews across G2, Trustpilot, Captera, Apple and Google.

Your experience at Deel will be a career accelerator. At the forefront of the global work revolution, you'll tackle complex challenges that impact millions of people's working lives. With our momentum—backed by a $2 billion valuation and 1 B in Annual Recurring Revenue (ARR) in just over five years—you'll drive meaningful impact while building expertise that makes you a sought-after leader in the transformation of global work.

Responsibilities

• Collaborate with the Deel Compliance Team to help execute activities for implementation, administration and communication of data privacy and compliance across the company
• Assists with the development and maintenance of the Deel compliance framework across the infrastructure for the collection, storage, use, distribution and disposal of customer and employee data
• Works cross-functionally with stakeholders in products and services, marketing and business development, vendor management and other businesses as applicable to ensure effective processes and compliance
• Applies privacy and regulatory requirements on an operational level, monitors internal controls, audits, overseas assessment and mitigation of current program risks and directs program training and awareness
• Tests and implements Privacy by Design and Default requirements to Deel products.
• Investigates and responds to data privacy inquiries and incidents

Desired skills and competencies

• A keen interest in privacy laws and regulations
• Interest in Privacy by Design and Default; technical knowledge is very advantageous
• University degree
• Excellent verbal and written communication skills
• Ability to multi-task and work in a fast-paced team setting
• Fluency in English

Total Rewards

Our workforce deserves fair and competitive pay that meets them where they are. With scalable benefits, rewards, and perks, our total rewards programs reflect our commitment to inclusivity and access for all.

Some things you'll enjoy

• Stock grant opportunities dependent on your role, employment status and location
• Additional perks and benefits based on your employment status and country
• The flexibility of remote work, including optional WeWork access

At Deel, we're an equal-opportunity employer that values diversity and positively encourage applications from suitably qualified and eligible candidates regardless of  race, religion, sex, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, pregnancy or maternity or other applicable legally protected characteristics.

Unless otherwise agreed, we will communicate with job applicants using Deel-specific emails, which include and other acquired company emails like and You can view the most up-to-date job listings at Deel by visitingour careers page.

Deel is an equal-opportunity employer and is committed to cultivating a diverse and inclusive workplace that reflects different abilities, backgrounds, beliefs, experiences, identities and perspectives.

Deel will provide accommodation on request throughout the recruitment, selection and assessment process for applicants with disabilities. If you require accommodation, please inform our Talent Acquisition Team at of the nature of the accommodation that you may require, to ensure your equal participation.

We use Covey as part of our hiring and/or promotional processes. As part of the evaluation process, we provide Covey with job requirements and candidate-submitted applications. Certain features of the platform may qualify it as an Automated Employment Decision Tool (AEDT) under applicable regulations. For positions in New York City, our use of Covey complies with NYC Local Law 144.

We began using Covey Scout for Inbound on March 30, 2025.

For more information about our data protection practices, please visit our Privacy Policy. You can review the independent bias audit report covering our use of Covey here:

Apply for this Job

【Job Description】

1. Responsible for the data subject rights request fulfilment, data breach incident handling and reporting, third party vendor assessment and review of contract terms on data and privacy.

2. Maintain data protection and privacy related policies, guidelines, standards; lead the privacy risk assessments; and drive data protection initiatives to mitigate privacy risks.

3. Act as a subject matter expert, provide advice to all related internal stakeholders on data protection and privacy, help them understand the risks associated and solve their problems.

4. Lead the privacy related audit or certificate programmes, including DPTM, CBPR, EU COC, etc.

5. Build and maintain strong relationships with internal and external stakeholders, in particular with business teams, to work on projects related to compliance with data protection and privacy laws.

6. Manage tools/systems to assist internal data protection and privacy related processes.

7. Develop and deliver data protection and privacy trainings to internal teams.

8. Keep abreast of new laws and regulations, as well as technology trends, assess impacts and risks and report to management and leadership.

【Qualification】

1. Minimum of 3 years of experience in data protection and privacy compliance.

2. Expert knowledge and experience of Data Protection and Privacy Laws in APAC, Middle East, US and the EU/UK.

3. Relevant privacy qualification (e.g. CIPP/A, CIPP/E, etc.) is a plus.

4. Bachelor degree minimum, preferably with technology background.

5. Strong project management skills, and able to work independently with minimum supervision.

6. Proven and strong capability to communicate privacy and risk-related concepts effectively to the business at all levels, and able to make judgement calls independently.

7. Ability to act with integrity and maintain an ethical mindset.

8. Can use English and Chinese languages in professional settings, and any other languages would be a plus.

9. Can work in a fast-paced environment, and perform well under pressure and strict timeline.

Join to apply for the Manager/Associate Director, Data Privacy and Protection, Technology Consulting role at KPMG China

1 year ago Be among the first 25 applicants

Join to apply for the Manager/Associate Director, Data Privacy and Protection, Technology Consulting role at KPMG China

KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients’ needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you’ll translate insights into action and reveal opportunities for all—our teams, our clients and our world.

Service Line Overview

At KPMG's Consulting practice, we do not limit ourselves to either strategy or implementation. We deliver both. Our Hong Kong division is the fastest growing within KPMG China and represents a young and enthusiastic team that always pushes for success. Since our inception, we have acquired in-depth knowledge of an incredibly broad range of sectors and services.

KPMG is the firm that views cyber security as a business enabler, and not just an IT issue. From the boardroom to back office, we help clients through Strategy and Governance, Transformation, Cyber Defense and Cyber Response. So that they are prepared for uncertainty and use cyber security to advance the business, not stand in the way.

We are now seeking Manager and Associate Director candidates for Data Privacy and Protection Team.

Key Responsibilities

• Lead the team to assess risks, identify gaps and provide advice on data protection and privacy for our client
• Evaluate data privacy and data protection practices of our clients
• Develop and manage relationships, and meet with relevant data protection and privacy, and security stakeholders within our clients
• Conduct Privacy Impact Assessments
• Deploy processes to manage privacy matters and stay compliant with relevant regulations
• Collaborate data governance engagements across the full set of capabilities at KPMG, including data strategy, data privacy governance and policy, privacy by design, personal data protection, personal data lifecycle management, third party management, compliance and risk management
• Identify and communicate engagement findings to management and client personnel
• Simultaneously work on multiple client engagements of varying size, scope and complexity
• Collaborate in advising the team to conduct research focused on identifying emerging technology solutions that reduce costs, increase efficiencies, provide more value, provide more capabilities, reduce risks, and increase data protection
• Communicate best practices by giving presentations, working with project teams, and authoring content aimed at educating others about standards, strategies, and otherwise defined best practices
• Lead a team to work individually and collaboratively with team members to ensure breadth and granularity of strategies, standards and reference architectures for consistency and integration
• Drive preparation of proposals and put together solutions, supporting literature, diagrams, write-up, responses, etc
  
  
  

• Bachelor/Master degree from an accredited college / university in Computer Science, Law & compliance or other related field
• Technology related qualification holder on Privacy and data protection certifications will be preferrable (e.g. CIPP, CIPM, CIPT, CDPSE)
• Minimum of 5 years’ experience in data privacy and data protection, ideally within a professional services environment or internal consultancy function delivering privacy related services
• Profound knowledge of data protection regulations, especially Hong Kong’s PDPO, European’s GDPR and China’s Personal Data Protection Law
• Understanding of data privacy, confidentiality and data protection from a process and risk perspective
• Experience and knowledge in performing privacy impact assessments, privacy compliance assessments, design of data privacy policies and guidelines, personal data flow mapping and analysis, implementation of privacy training and awareness programs and advising on privacy by design
• Experience with usage or implementation of privacy tools preferred
• Appetite to develop your privacy skills further
• Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese)
• Strong client services orientation and accustomed to taking an active role in executing client engagements
• Candidate with less experience will be considered as Manager
  
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Professional Services

Referrals increase your chances of interviewing at KPMG China by 2x

Wan Chai District, Hong Kong SAR 1 month ago

Islands District, Hong Kong SAR 2 months ago

Sha Tin District, Hong Kong SAR 2 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Manager/Associate Director, Data Privacy and Protection, Technology Consulting role at KPMG China

1 year ago Be among the first 25 applicants

Join to apply for the Manager/Associate Director, Data Privacy and Protection, Technology Consulting role at KPMG China

KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients’ needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you’ll translate insights into action and reveal opportunities for all—our teams, our clients and our world.
Service Line Overview
At KPMG's Consulting practice, we do not limit ourselves to either strategy or implementation. We deliver both. Our Hong Kong division is the fastest growing within KPMG China and represents a young and enthusiastic team that always pushes for success. Since our inception, we have acquired in-depth knowledge of an incredibly broad range of sectors and services.
KPMG is the firm that views cyber security as a business enabler, and not just an IT issue. From the boardroom to back office, we help clients through Strategy and Governance, Transformation, Cyber Defense and Cyber Response. So that they are prepared for uncertainty and use cyber security to advance the business, not stand in the way.
We are now seeking Manager and Associate Director candidates for Data Privacy and Protection Team.
Key Responsibilities

• Lead the team to assess risks, identify gaps and provide advice on data protection and privacy for our client
• Evaluate data privacy and data protection practices of our clients
• Develop and manage relationships, and meet with relevant data protection and privacy, and security stakeholders within our clients
• Conduct Privacy Impact Assessments
• Deploy processes to manage privacy matters and stay compliant with relevant regulations
• Collaborate data governance engagements across the full set of capabilities at KPMG, including data strategy, data privacy governance and policy, privacy by design, personal data protection, personal data lifecycle management, third party management, compliance and risk management
• Identify and communicate engagement findings to management and client personnel
• Simultaneously work on multiple client engagements of varying size, scope and complexity
• Collaborate in advising the team to conduct research focused on identifying emerging technology solutions that reduce costs, increase efficiencies, provide more value, provide more capabilities, reduce risks, and increase data protection
• Communicate best practices by giving presentations, working with project teams, and authoring content aimed at educating others about standards, strategies, and otherwise defined best practices
• Lead a team to work individually and collaboratively with team members to ensure breadth and granularity of strategies, standards and reference architectures for consistency and integration
• Drive preparation of proposals and put together solutions, supporting literature, diagrams, write-up, responses, etc
  

• Bachelor/Master degree from an accredited college / university in Computer Science, Law & compliance or other related field
• Technology related qualification holder on Privacy and data protection certifications will be preferrable (e.g. CIPP, CIPM, CIPT, CDPSE)
• Minimum of 5 years’ experience in data privacy and data protection, ideally within a professional services environment or internal consultancy function delivering privacy related services
• Profound knowledge of data protection regulations, especially Hong Kong’s PDPO, European’s GDPR and China’s Personal Data Protection Law
• Understanding of data privacy, confidentiality and data protection from a process and risk perspective
• Experience and knowledge in performing privacy impact assessments, privacy compliance assessments, design of data privacy policies and guidelines, personal data flow mapping and analysis, implementation of privacy training and awareness programs and advising on privacy by design
• Experience with usage or implementation of privacy tools preferred
• Appetite to develop your privacy skills further
• Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese)
• Strong client services orientation and accustomed to taking an active role in executing client engagements
• Candidate with less experience will be considered as Manager
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Professional Services

Referrals increase your chances of interviewing at KPMG China by 2x

Wan Chai District, Hong Kong SAR 1 month ago

Islands District, Hong Kong SAR 2 months ago

Sha Tin District, Hong Kong SAR 2 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.