# Data Protection Officer **Company:** [Techconnect.id](http://jobs.workable.com/companies/3mXoFYHTjf5r9Sf8Rb6SJs.md) **Location:** Jakarta, Indonesia **Workplace:** on site **Employment type:** Full-time [Apply for this job](http://jobs.workable.com/view/005e3eba-86c6-48e3-b824-b6d3917ca464) ## Description - Lead the enterprise-wide data protection strategy, ensuring full compliance with UU PDP, GDPR, ISO 27701, and all applicable national and international privacy regulations. - Authorize data protection policies, privacy frameworks, data processing agreements, and binding corporate rules across all business entities and subsidiaries. - Strategize and oversee the implementation of Privacy by Design and Privacy by Default principles across all new products, systems, processes, and digital transformation initiatives. - Synergize with C-Suite, Board of Directors, Legal, IT, Compliance, and Business Units to embed privacy governance into organizational culture and decision-making. - Lead and manage Data Protection Impact Assessments (DPIAs), Records of Processing Activities (RoPAs), and privacy risk assessments across the organization. - Negotiate and authorize data sharing agreements, data processing agreements (DPAs), and cross-border data transfer mechanisms with third parties and regulatory bodies. - Strategize and lead the organization’s response to data subject rights requests (access, erasure, portability, objection) and personal data breach incidents, including regulatory notifications. - Lead engagement with regulators, including the National Data Protection Authority (Kominfo/BSSN), and serve as the primary point of contact for all regulatory inquiries and audits. - Authorize and oversee privacy training programs, awareness campaigns, and capability uplift initiatives for all staff levels, including senior leadership. - Synergize with the Cybersecurity and IT GRC functions to ensure alignment of information security controls with privacy obligations, including ISMS (ISO 27001) and PIMS (ISO 27701) programs. - Lead the development and continuous improvement of the organization’s privacy maturity model, benchmarking against global best practices and frameworks. - Strategize on emerging technology risks related to AI, Cloud, IoT, and Mobile, ensuring privacy considerations are proactively addressed across the technology landscape. - Lead the development and operationalization of a Data Security Framework covering data classification, Data Loss Prevention (DLP), encryption standards, and access governance in coordination with the CISO and Cybersecurity function. - Oversee and authorize cybersecurity-related privacy risk assessments including third-party vendor security reviews, cloud security assessments, and technology due diligence for data-intensive systems and digital platforms. - Lead coordination with the Security Operations Center (SOC) and CSIRT on personal data breach detection, containment, and regulatory notification procedures under UU PDP and applicable sectoral regulations (including BSSN directives). ## Requirements - Bachelor’s degree in Law, Information Technology, Computer Science, Cybersecurity, or a related field; Master’s degree or postgraduate qualification in Data Privacy, Information Security, or Law is highly preferred. - Minimum 10 years of progressive experience in Data Privacy, Cybersecurity, IT GRC, or a related discipline, with at least 2 years in a senior DPO, privacy advisory, or data governance leadership role. - Demonstrated expertise in Indonesian Personal Data Protection Law (UU PDP No. 27 Tahun 2022) and GDPR, with a proven track record of regulatory compliance implementation across large or complex organizations. - Strong capability to lead, design, and authorize enterprise privacy programs including DPIAs, RoPAs, privacy risk assessments, and incident response frameworks. - Proven ability to synergize with and advise at Board and C-Suite level, translating complex privacy and regulatory requirements into strategic business guidance. - In-depth knowledge of international privacy and security standards and frameworks including ISO 27701, ISO 27001, NIST Privacy Framework, NIST CSF, COBIT, and PCI-DSS. - Experience in negotiating data processing agreements, cross-border transfer mechanisms, and regulatory submissions with government authorities and regulators. - Broad understanding of cybersecurity domains including Cyber Strategy, Security Architecture, Cloud Security, DevSecOps, OT/ICS Security, and Emerging Technology Risks (AI, IoT, Mobile, Cloud). - Strong knowledge of IT Audit, IT Risk Management, IT Governance, Enterprise Architecture, Business Continuity Management (ISO 22301), and Digital Transformation. - Excellent executive communication, stakeholder management, and cross-functional leadership skills, with the ability to influence and drive change at all organizational levels. - Demonstrated experience in acting as an Independent or External Advisor to Boards, Audit Committees, or regulatory bodies is a strong advantage. - Professional certifications required: one or more of CIPP/E, CIPM, FIP, CDPO, or equivalent privacy credentials. Additional preferred certifications include CISM, CISSP, ISO 27001 LA, ISO 27701 LA, ISO 22301 LA, GRCP, GRCA, CCSK, or OT Privacy Expert. ## Benefits - Private Health Insurance - Pension Plan - Training & Development - Performance Bonus