Some careers have more impact than others.
If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.
Global Risk is a thriving and expert risk management function supporting HSBC globally with all aspects of risk management.
The team actively manages a varied and dynamic range of risk types, including security, fraud, information security, contingency, geopolitical, operational, credit, pension, insurance, market and reputation risks.
All parts of the Global Risk team use their skills, insight and integrity to handle established threats and those they see emerging, acting to protect and enable HSBC to deliver sustainable growth.
We are currently seeking a high calibre professional to join our team as a Data Protection Manager.
Data Privacy Officers (DPOs) are responsible for ensuring HSBC meets its obligations under data protection and privacy laws within their particular jurisdiction.
They provide expert advice, guidance and direction and support the necessary standards and controls to enable the Bank, including its employees and relevant third parties, to manage privacy risks and comply with obligations under data protection laws in relation to the processing of personal data.
To establish a culture of privacy within HSBC, the DPO will need to work collaboratively with key senior stakeholders across the business and will be accountable for keeping executives appraised of privacy risks and issues.
The role holder is one of the designated DPOs within jurisdiction Hong Kong and Macao and is responsible for carrying out the following tasks :
Informing and advising the business and its employees of their data privacy and protection compliance obligations
Providing expert guidance, oversight and challenge on all aspects of data protection and privacy risk strategy and compliance focusing efforts on areas that present higher data privacy risks
Monitoring compliance with data privacy provisions and with HSBC Group policies relating to the protection of personal data, including the assignment of responsibilities, staff education and awareness training, and ensuring remediation of any related audit findings;
Reviewing and advising on Data Protection Impact Assessments (DPIAs) and monitoring performance of mitigations, where necessary
Cooperating with the regulatory authority
Acting as the contact point internally and externally with data subjects and the regulatory authority
Advising on, and providing the business with support, to ensure the necessary safeguards and controls are in place to ensure compliance with requirements for international data transfers by identifying all circumstances in which personal data is transferred outside of the relevant jurisdiction
Provide incident management advice and / or support as needed and ensure that data incidents and breaches are responded to and managed effectively with data subjects and that the relevant authorities are informed within necessary timeframes
Knowledge and experience of Data Privacy and Information Governance and preferably some working knowledge of the laws in the jurisdiction in which the role operates in
A relevant data protection or privacy certification such as CIPP (preferred)
Corporate experience and Compliance experience an advantage, but not essential
Knowledge of the HSBC Group corporate structures, its business and personnel and a clear understanding of HSBC’s corporate culture (preferred)
Strong ability to prioritise
Strong communication and inter-personal skills
Proven ability to establish and maintain a high degree of confidentiality, respect, trust and credibility at all levels
Experience in communicating, interacting and maintaining good working relationships with supervisory authorities
Strong written and verbal communication skills
Well-developed interpersonal skills; ability to interact effectively with people
Ability to work independently and influence change
Ability to use independent judgement and discretion when making the majority of decisions
Detail-focused approach needed to recommend and implement strategic improvements on a range of data privacy and data protection issues