Head Data Protection

Mobilink Bank

发布 May 27, 2025 165 查看 Report Job

What is Head Data Protection - MMBL?

Mobilink Microfinance Bank Limited seeks a visionary and technically proficient Data Protection Officer (DPO) to lead the bank s enterprise-wide data protection and privacy program. Reporting directly to the Head of Information Security, the DPO will be responsible for establishing the governance, architecture, and operational execution of the Bank s privacy and data protection obligations.
This leadership role will oversee the implementation of a formal Data Protection and Governance Program, manage the lifecycle of sensitive and regulated data, deploy advanced Data Loss Prevention (DLP) systems, and ensure full compliance with relevant State Bank of Pakistan (SBP) regulations, Pakistan s Personal Data Protection Act (when enacted), and applicable international standards, including ISO/IEC 27001 and PCI DSS.
The DPO will serve as the Bank s authority on privacy, act as a secondary liaison to regulators and law enforcement via the Compliance function, and serve as the internal champion for all privacy-by-design and data accountability initiatives.

What Head Data Protection - MMBL does?

Strategic Privacy Program Design & Leadership
Develop, own, and drive the enterprise privacy and data protection strategy in alignment with SBP s regulatory expectations and international best practices.
Establish and operationalize a centralized Data Protection Office, defining its charter, structure, roles, and reporting lines.
Define a bank-wide data protection operating model, integrating privacy requirements into enterprise risk management and governance frameworks.
Champion data ethics, responsible data handling, and privacy-by-default principles across the organization.
2. Regulatory Compliance & Privacy Risk Management
Ensure continuous compliance with:
o SBP s Framework on IT Governance and Risk Management,
o SBP s Cybersecurity Framework,
o Pakistan s Personal Data Protection Bill,
o ISO/IEC 27001, PCI DSS, and GDPR (where applicable).
Act as the bank s focal point or designated secondary liaison with SBP and other relevant regulatory bodies through the Compliance and Legal departments.
Lead Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new systems, products, and processes.
Monitor changes in local and global data privacy regulations and proactively adjust compliance strategies.
3. Data Governance & Inventorization
Lead implementation of data classification, tagging, and ownership models across data types and systems.
Oversee and maintain accurate and up-to-date Records of Processing Activities (RoPAs) in line with SBP and global privacy standards.
Ensure policies for data minimization, retention, disposal, and lifecycle management are in place and enforced.
4. Technology & Data Loss Prevention (DLP) Oversight
Collaborate with IT, SOC, and Information Security teams to ensure privacy-by-design and privacy-by-default in systems architecture.
Oversee the deployment, configuration, and monitoring of DLP solutions across all critical data touchpoints endpoints, email, file storage, and networks.
Ensure technical controls are aligned with SBP s cybersecurity baseline controls.
5. Vendor, Third-Party & Contractual Privacy Assurance
Evaluate third-party vendors, partners, and outsourcing arrangements for privacy and data protection risks.
Ensure Data Processing Agreements (DPAs), SLAs, and contractual clauses reflect regulatory and internal privacy requirements.
Conduct vendor risk assessments and ensure privacy obligations are embedded in procurement and onboarding processes.
6. Privacy Incident Management & Breach Handling
Develop, maintain, and test the Privacy Incident Response Plan in alignment with SBP s incident handling guidelines.
Maintain a personal data breach register and ensure timely notification to SBP and affected stakeholders in case of qualifying breaches.
Work with SOC, IT, and Legal to coordinate breach response and containment.
7. Awareness, Training & Culture Building
Develop and roll out privacy awareness programs, including mandatory and role-specific training modules for staff.
Promote a culture of privacy through KPIs, employee engagement campaigns, and executive support.
Regularly assess training effectiveness and incorporate feedback from business units.
8. Reporting & Stakeholder Communication
Provide periodic updates to senior management and the Board of Directors on the maturity and effectiveness of the data protection program.
Contribute to internal audits and regulatory examinations, ensuring evidence of compliance is maintained and auditable.
Generate dashboards and metrics on privacy risks, incident trends, and regulatory compliance status.

What are we looking for and what does it require to be Head Data Protection - MMBL?

Education:
- Bachelor s or Master s degree in Information Security, Law, Cybersecurity, Risk Management, or related field.
Certifications (Preferred):
- CDPO, CIPM, CIPP/E, CISA, CISSP, CRISC, ISO/IEC 27001 Lead Implementer, PCI DSS knowledge.

工作详细内容

全部职位:

1 发布

工作类型:

全职/长期工

工作地址:

伊斯兰堡, 巴基斯坦

性别:

没有偏好

在之前申请:

Jun 05, 2025

发布日期:

May 27, 2025

Mobilink Bank is providing banking services to over 42 million registered users including 16+ million monthly active customers across Pakistan. With a hybrid model that combines traditional microfinance with mobile/digital banking technologies, the bank now operates with over 100 branches and 200,000 branchless banking agents and provides a USSD (GSM) based digital channel offering savings, micro enterprise (MSME) loans, small housing loans, remittances, collection (utility bills and loan installments), mobile wallets, insurance, G2P, B2B & B2P payments; thus, playing a leading role in the promotion of financial inclusion. MMBL is committed to fostering a positive and productive workplace, and our core values reflect this focus. These values include promoting innovation and entrepreneurship, encouraging teamwork and collaboration, and prioritizing a customer-centric approach in all aspects of our business.