What Jobs are available for Data Privacy in Hong Kong?

Responsibilities:

• Develop and Implement Privacy Program: Design, develop, and implement a comprehensive privacy program that aligns with Mox's risk management framework and complies with relevant data protection regulations, such as PDPO, PIPL, GDPR
• Conduct Privacy Impact Assessments (PIAs): Conduct PIAs to identify and mitigate potential privacy risks associated with new and existing products, services, and processes.
• Data Inventory: Maintain an up-to-date inventory of personal data
• Privacy Policies and Procedures: Develop, review, and update privacy policies and procedures to ensure they are current, effective, and compliant with regulatory requirements and accommodate business needs.
• Data Subject request: provide response to the data access and correction request
• Training and Awareness: Provide training and awareness programs for employees on privacy best practices, data protection regulations, and the organization's privacy policies and procedures.
• Incident Management: Develop and implement procedures for responding to data breaches and other privacy incidents, including notification to relevant authorities and affected individuals.
• Vendor management: Assist third-party vendor risk management program to ensure compliance with data protection regulations and organizational privacy policies, through vendor risk assessments, due diligence, contract review, and ongoing monitoring.
• Regulatory Compliance: Monitor and ensure compliance with relevant data protection regulations, including responding to regulatory inquiries and audits.
• Stakeholder Collaboration: Collaborate with various stakeholders, including IT, Risk, Compliance, Legal and Business teams to ensure privacy is integrated into business processes and operations.
• Continuous Monitoring and Improvement: Continuously monitor the privacy program's effectiveness and identify areas for improvement, implementing changes as necessary.

Requirements:

• 5+ years of experience in a privacy or data protection role, preferably in a fintech or banking environment.
• Strong knowledge of data protection regulations, such as PDPO, GDPR, PIPL.
• Experience in developing and drafting privacy & data related governance documents
• Experience in developing and implementing a privacy program, conducting PIA, handling data incident, managing data subject access and correction request.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively with various stakeholders across the organization
• Provide advisory and consultation to assist stakeholders to navigate the regulatory compliance during daily operation, product design, third party vendor onboarding, customer enquiries, etc.
• Act as Subject Matter Expert for the first line of defense
• Strong attention to detail and organizational skills.
• Professional education & certification in data protection or privacy, such as law, CISA, CISSP, CIPP, CIPM, CIPT.
• Experience with data inventory.
• Experience & knowledge on fintech and banking operations.

The Data Privacy Manager reports to the Data Privacy Officer and leads first-line privacy assurance across projects, operations, clients, and the three lines of defence. This role owns the data governance and privacy control environment, ensuring compliance with applicable data protection laws and internal policies, refining strategy and procedures, and delivering privacy training to data stakeholders. Candidates with less experience will be considered for the Data Privacy Specialist title.

Key responsibilities

• Governance & policy
  : Review, update and maintain the data governance and management framework, policies, guidelines and assessment reports to meet regulatory and business requirements.
• Privacy programme & controls
  : Design, implement, monitor and continuously improve the privacy management programme and related controls, including control validation, sample testing, documentation of findings and remediation recommendations.
• Risk & impact assessments
  : Conduct privacy risk assessments and privacy impact assessments for projects, changes and third parties; define, track and validate mitigations.
• Data lifecycle & classification
  : Classify data per the data dictionary, validate retention justifications, and ensure retention, housekeeping and data-quality practices are enforced.
• Incidents, audits & regulatory response
  : Lead breach response activities and reporting, incorporate lessons learned into controls, coordinate privacy audits with auditors, and support regulatory inquiries or inspections and remediation.
• Stakeholder enablement & tooling
  : Engage stakeholders through meetings and materials, deliver and improve privacy training, and partner with development teams to specify requirements for data governance tooling (data lineage, MDM, quality).

Required qualifications and skills

• 5–8 years of hands-on, first-line experience in data privacy, data governance, or related compliance roles; less-experienced candidates considered for Data Privacy Specialist.
• Demonstrable experience designing, operating, maintaining, and optimising data governance frameworks and privacy controls.
• Practical knowledge of relevant data protection laws and regulations such as PDPO and GDPR.
• Proven ability to manage and influence multiple data stakeholders across business, operations, and technology.
• Excellent written and verbal communication and presentation skills in English.
• Project management experience is a plus.

Job Description: Data Privacy Assistant

Location: HK

Salary Range:22k-28k HKD

Department: Cyber Security Department

Reports to: Cyber Security & Data Privacy Manager  

1. Position Overview

Your responsibilities will include:

Assisting in the completion of Data Protection Impact Assessments (DPIAs) and facilitating the implementation of required improvements;

1. Supporting the integration of GDPR principles, data protection controls, and ISO/IEC 27001 requirements;

2. Collaborating with external auditors to complete privacy compliance audits and tracking follow-up actions;

3. Monitoring regulatory updates in European jurisdictions and assisting in internal compliance alignment;

4. Participating in the design and delivery of data privacy training programs for employees and stakeholders;

5. Assisting in data collection and organization to ensure adherence to regulatory requirements;

6. Reviewing data privacy-related documents and business justifications for data retention periods;

7. Drafting data breach incident reports and regulatory notification letters;

8. Supporting the development and maintenance of data inventories.

2. Key Responsibilities

2.1 Compliance Monitoring & Policy Support

Assist in monitoring compliance with data protection regulations (e.g., GDPR, CCPA, PDPO);

Support the development, maintenance, and updates of internal data privacy policies and procedures.

2.2 Data Subject Request Handling

Help process and respond to data subject requests regarding personal information (e.g., access, correction, deletion).

2.3 Privacy Impact Assessments & Project Coordination

Support the implementation of Privacy Impact Assessments (PIAs/DPIAs) for new projects and data processing activities;

Assist in task planning, stakeholder coordination, and documentation of deliverables.

2.4 Training & Awareness

Contribute to the development and delivery of companywide data privacy training programs.

2.5 Incident Management & Audit Support

Assist the incident response team in managing data breaches and security incidents, including drafting reports;

Support internal and external privacy compliance audits and followup actions.

2.6 Data Governance & Documentation

Help maintain data inventories and ensure proper documentation for compliance purposes.

3. Qualifications

Essential Requirements:

Fresh graduates are welcome;

Excellent written and verbal communication skills in English;

Strong analytical, organizational, and detailoriented mindset;

Genuine interest in data privacy, risk management, and compliance within IoT/Cloud Services/SaaS domains.

Preferred Qualifications:

Knowledge of EU data regulations (e.g., GDPR, EU Data Act) is a plus;

Prior experience or background in software development/IT environments is advantageous.

Application Deadline:
27 October 2025

Department:
Technology-CDSIO

Location:
Hong Kong (SAR)

Description
About Mox
Mox is built by and for the ones who aspire to live life to the fullest – we call them Generation Mox The name Mox reflects the endless opportunities we can create, - Mobile eXperience; Money eXperience; Money X (multiplier), eXponential growth, eXploration… it's all up for us to define together.

Why Mox
Everything at Mox – from our products, features, to rewards – is designed based on customer research, tailor made for your needs. We care about what customers care about, especially in data security and privacy. Data ethics is core to everyone here at Mox. Mox rewards you with an array of banking and lifestyle benefits. Who says banking can't be fun?

Who are we looking for?
We are seeking an experienced Cards Product Owner to lead the development and delivery of our card products, ensuring they meet customer needs and maintain a market-leading position. You will drive the product roadmap, manage the product backlog, and collaborate with cross-functional teams, payment schemes, and vendors to deliver innovative card payment solutions. This role requires strong leadership, deep expertise in card payments, and a passion for agile methodologies.

Responsibilities

• Develop and Implement Privacy Program: Design, develop, and implement a comprehensive privacy program that aligns with Mox's risk management framework and complies with relevant data protection regulations, such as PDPO, PIPL, GDPR
• Conduct Privacy Impact Assessments (PIAs): Conduct PIAs to identify and mitigate potential privacy risks associated with new and existing products, services, and processes.
• Data Inventory: Maintain an up-to-date inventory of personal data
• Privacy Policies and Procedures: Develop, review, and update privacy policies and procedures to ensure they are current, effective, and compliant with regulatory requirements and accommodate business needs.
• Data Subject request: provide response to the data access and correction request
• Training and Awareness: Provide training and awareness programs for employees on privacy best practices, data protection regulations, and the organization's privacy policies and procedures.
• Incident Management: Develop and implement procedures for responding to data breaches and other privacy incidents, including notification to relevant authorities and affected individuals.
• Vendor management: Assist third-party vendor risk management program to ensure compliance with data protection regulations and organizational privacy policies, through vendor risk assessments, due diligence, contract review, and ongoing monitoring.
• Regulatory Compliance: Monitor and ensure compliance with relevant data protection regulations, including responding to regulatory inquiries and audits.
• Stakeholder Collaboration: Collaborate with various stakeholders, including IT, Risk, Compliance, Legal and Business teams to ensure privacy is integrated into business processes and operations.
• Continuous Monitoring and Improvement: Continuously monitor the privacy program's effectiveness and identify areas for improvement, implementing changes as necessary.

Requirements

• 5+ years of experience in a privacy or data protection role, preferably in a fintech or banking environment.
• Strong knowledge of data protection regulations, such as PDPO, GDPR, PIPL.
• Experience in developing and drafting privacy & data related governance documents
• Experience in developing and implementing a privacy program, conducting PIA, handling data incident, managing data subject access and correction request.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively with various stakeholders across the organization
• Provide advisory and consultation to assist stakeholders to navigate the regulatory compliance during daily operation, product design, third party vendor onboarding, customer enquiries, etc.
• Act as Subject Matter Expert for the first line of defense
• Strong attention to detail and organizational skills.
• Professional education & certification in data protection or privacy, such as law, CISA, CISSP, CIPP, CIPM, CIPT.
• Experience with data inventory.
• Experience & knowledge on fintech and banking operations.

All personal data provided by applicants will be used for recruitment and other employment-related purposes only. Personal data of unsuccessful applicants will be erased within 24 months of rejection of the applicant's application.

A reputable technology company is looking to strengthen their risk and compliance function by recruiting a Data Privacy Manager / Senior Analyst. This role will play a critical part in ensuring the organisation's adherence to data privacy regulations and governance frameworks.

The successful candidate will collaborate closely with project, operations, client teams, and various lines of defence to maintain and improve privacy controls, conduct risk assessments, and manage compliance audits. They will also lead initiatives to promote data privacy awareness through training and stakeholder engagement.

Candidates should have experience and skills in the following areas:

• Proven track record in designing, operating, and optimising data governance frameworks and privacy controls
• Strong understanding and working knowledge of data privacy regulations such as PDPO and GDPR is a plus
• Ability to conduct privacy impact and data privacy risk assessments effectively
• Experience supporting data breach incident management and compliance investigations
• Excellent communication, presentation, and report-writing skills in English
• Ability to manage multiple data stakeholders and work independently under pressure
• Proficiency in Microsoft Office applications, particularly Word, Excel, and PowerPoint
• Minimum, 5-8 years of hands-on experience in data privacy-related roles, preferably within regulated environments

This is an excellent opportunity for candidates looking to make a significant impact in data privacy and governance, working collaboratively across teams while reporting to senior compliance leadership.

Feel free to reach out to me at OR

Location:

Hong Kong, Central and Western District

Team:

Compliance

Job Requisition #: R

Date posted: Oct. 09, 2025

About this role

BlackRock's Compliance team partners with business units to develop investment management products and business solutions that meet the complex regulatory requirements governing our global operations. The team is responsible for overseeing regulatory matters, advising on new and existing products, strategies, and investments, establishing compliance policies and programs, and delivering training and guidance across the firm.

We are seeking a highly motivated compliance professional to join our APAC Compliance team, supporting the Offshore Product Advisory, Sustainability, and Marketing Compliance functions. This cross-functional role offers a unique opportunity to contribute to strategic business and compliance initiatives across Hong Kong and other APAC markets, with a particular focus on UCITS products, ESG regulations, and marketing and selling practices. The successful candidate will serve as a key regulatory contact for UCITS-related matters, provide expert guidance on cross-border product initiatives, and play a pivotal role in advancing sustainability and transition-related compliance efforts. The role also supports APAC-wide marketing compliance initiatives and governance of digital and social media platforms.

Key Responsibilities:

• Provide compliance advisory support for UCITS products, including fund launches, repositioning, terminations, and ongoing maintenance across Hong Kong and APAC.
• Act as the primary liaison between APAC and EMEA Legal & Compliance teams on UCITS-related matters.
• Manage Hong Kong regulatory inquiries, filings, and surveys; partner with business teams to ensure product governance, including client onboarding, due diligence questionnaires, RFPs, and holdings disclosure compliance.
• Monitor and assess new regulatory developments; evaluate their impact on business activities and support implementation of regulatory change initiatives.
• Develop and deliver training materials and compliance guidance tailored to internal stakeholders.
• Review marketing materials to ensure alignment with internal standards and local regulatory requirements.
• Provide compliance advisory support for APAC digital and social media marketing initiatives.
• Monitor and assess ESG and AI-related regulatory developments across APAC.
• Review sustainability and transition-related content, including voting policies, stewardship reports, and ESG product disclosures.
• Support implementation of global ESG frameworks and provide compliance advisory support for technology initiatives.

Key Qualifications:

• Bachelor's degree in Business, Law, or a related discipline.
• Minimum of 3–5 years of compliance experience within the financial services sector, preferably in asset management, regulatory bodies, law firms, or audit practices.
• Familiarity with UCITS regulations and cross-border fund distribution frameworks is preferred.
• Solid understanding of the regulatory landscape in Hong Kong and/or other key APAC markets.
• Excellent verbal and written communication skills, with the ability to engage effectively across all levels of the organization and with external stakeholders.
• Detail-oriented with strong analytical and problem-solving skills; able to work independently and exercise sound judgment.
• Demonstrates adaptability and a proactive mindset, with a commitment to continuous learning in response to evolving business and regulatory environments.
• Exposure to ESG regulations, AI developments, and digital asset compliance is a plus.
• Proficiency in both spoken and written English and Chinese is required.

Our benefits

To help you stay energized, engaged and inspired, we offer a wide range of benefits including a strong retirement plan, tuition reimbursement, comprehensive healthcare, support for working parents and Flexible Time Off (FTO) so you can relax, recharge and be there for the people you care about.

Our hybrid work model

BlackRock's hybrid work model is designed to enable a culture of collaboration and apprenticeship that enriches the experience of our employees, while supporting flexibility for all. Employees are currently required to work at least 4 days in the office per week, with the flexibility to work from home 1 day a week. Some business groups may require more time in the office due to their roles and responsibilities. We remain focused on increasing the impactful moments that arise when we work together in person – aligned with our commitment to performance and innovation. As a new joiner, you can count on this hybrid model to accelerate your learning and onboarding experience here at BlackRock.

About BlackRock

At BlackRock, we are all connected by one mission: to help more and more people experience financial well-being. Our clients, and the people they serve, are saving for retirement, paying for their children's educations, buying homes and starting businesses. Their investments also help to strengthen the global economy: support businesses small and large; finance infrastructure projects that connect and power cities; and facilitate innovations that drive progress.

This mission would not be possible without our smartest investment – the one we make in our employees. It's why we're dedicated to creating an environment where our colleagues feel welcomed, valued and supported with networks, benefits and development opportunities to help them thrive.

For additional information on BlackRock, please visit @blackrock | Twitter: @blackrock | LinkedIn:

BlackRock is proud to be an Equal Opportunity Employer. We evaluate qualified applicants without regard to age, disability, family status, gender identity, race, religion, sex, sexual orientation and other protected attributes at law.

Job Requisition #

R

Officer, Group Data Privacy Compliance (Welcome Fresh Graduate)

Our Group Risk Management and Compliance Department is looking for young talent to support the day-to-day Data Privacy Compliance-related matters for PCCW Group. If you are passionate about becoming a subject matter expert in Data Privacy Compliance, this position offers an opportunity to achieve your career aspirations.

Your role

• Support the Data Privacy Compliance team to maintain an effective data privacy protection framework for the Group
• Perform research for advisory support that relates to Data Privacy, including changes in the regulatory landscape, in respect of the group and affiliated companies
• Conduct periodical review and update of the Group's Data Privacy-related policies and guidelines
• Assist the team to complete related assessments with different Business Units, eg, Privacy Impact Assessments (PIAs), Data Processing Agreements, Vendor Risk Assessments, etc.
• Arrange training/ workshop to promote staff awareness of data privacy requirements and expectations across the group
• Track the status of different privacy initiatives with stakeholders
• Keep abreast of the latest trends, changes and developments of local and global privacy laws

To succeed in this role

• University graduate in any Law/ Legal Studies related disciplines
• Experience in data protection and privacy practices is a definite advantage
• Basic understanding of data protection-related laws and practices, e.g. PDPO, GDPR
• Passionate about developing a career in Data Privacy Compliance
• Self-motivated, agile, good analytical and communication skills
• Good command of both written and spoken English and Chinese
• Fresh graduates are welcome to apply

If you have the desire for an exciting and rewarding career, please apply by sending your resume immediately, quoting your present and expected salary by clicking "Apply Now" or email to
career-

For more information on other job opportunities of PCCW/HKT Corporate Functions, please visit our website. )

【Job Description】

1. Responsible for the data subject rights request fulfilment, data breach incident handling and reporting, third party vendor assessment and review of contract terms on data and privacy.

2. Maintain data protection and privacy related policies, guidelines, standards; lead the privacy risk assessments; and drive data protection initiatives to mitigate privacy risks.

3. Act as a subject matter expert, provide advice to all related internal stakeholders on data protection and privacy, help them understand the risks associated and solve their problems.

4. Lead the privacy related audit or certificate programmes, including DPTM, CBPR, EU COC, etc.

5. Build and maintain strong relationships with internal and external stakeholders, in particular with business teams, to work on projects related to compliance with data protection and privacy laws.

6. Manage tools/systems to assist internal data protection and privacy related processes.

7. Develop and deliver data protection and privacy trainings to internal teams.

8. Keep abreast of new laws and regulations, as well as technology trends, assess impacts and risks and report to management and leadership.

【Qualification】

1. 8 years or above experience in data protection and privacy compliance.

2. Expert knowledge and experience of Data Protection and Privacy Laws in APAC, Middle East, US and the EU/UK.

3. Relevant privacy qualification (e.g. CIPP/A, CIPP/E, etc.) is a plus.

4. Bachelor degree minimum, preferably with technology background.

5. Strong project management skills, and able to work independently with minimum supervision.

6. Proven and strong capability to communicate privacy and risk-related concepts effectively to the business at all levels, and able to make judgement calls independently.

7. Ability to act with integrity and maintain an ethical mindset.

8. Can use English and Chinese languages in professional settings, and any other languages would be a plus.

9. Can work in a fast-paced environment, and perform well under pressure and strict timeline.