IT Specialist (Governance, Risk , Compliance)

Responsibilities:

1. Lead and complete the application and acquisition of the company's APEC CBPR (Cross-Border Privacy Rules) certification and the PRP (Privacy Recognition for Processors) certification, including system setup, document preparation, and liaison with auditing bodies. Responsible for the application and maintenance of the company's Singapore DPTM (Data Protection Trust Mark) certification (SS714:2025).
2. Manage the annual reviews, ongoing compliance monitoring, and renewal processes for the above certifications to ensure the company consistently maintains a valid certification status.
3. Liaise with IMDA, the Singapore Accreditation Council (SAC), and designated certification bodies (e.g., GICG) to handle certification-related communications, document submissions, and audit processes.
4. Provide regulatory compliance advice for the company's data centre operations in Singapore, ensuring that data processing activities comply with both Singapore's PDPA and cross-border data transfer requirements of ASEAN member states.
5. Regularly conduct Data Protection Impact Assessments (DPIA/TIA/DTIA) and perform cross-border transfer impact assessments in accordance with the regulatory requirements of each country.
6. Coordinate with external legal counsels, audit firms, and certification bodies to align certification audits and compliance review work.

Requirements:

1. Full-time bachelor's degree or above, preferably in Computer Science, Information Security, Data Protection Law / Cyber Law, Information Technology, or related fields.
2. Able to use both Chinese and English as working languages; proficiency in Southeast Asian languages (Malay, Thai, Vietnamese) is a plus.
3. 5+ years of relevant work experience in data protection, privacy compliance, or information security.
4. Experience with APEC CBPR or PRP certification projects is preferred, with familiarity of the full application process and key requirements.
5. Experience in data compliance management within the automotive industry, IoT industry, or large multinational corporations is preferred.
6. Experience in implementing ISO 27001 information security management systems is preferred.
7. Strong communication skills, with the ability to collaborate effectively with technical R&D, legal, product, operations, and other departments to integrate compliance requirements into product development processes.
8. Excellent documentation skills, with the ability to independently draft and review data protection policies, privacy notices, data processing agreements, compliance reports, and other related documents.