Senior Manager, Data Protection and Governance

STATEMENT OF PURPOSE

You will be part of the Group Digital Health team, supporting Data Protection and Governance functions for NHG cluster.

MAJOR DUTIES AND RESPONSIBILITIES

Reviewing and updating the data protection policy and framework in NHG, taking into account various standards for data governance in healthcare context (e.g. Personal Data Protection Act (PDPA), MOH's HealthTech Instruction Manuals (HIM)).

Collaborating with NHG institutions on the implementation of the data protection policy and framework as well as data incident reporting procedures.

Establish and communicate the NHG's data protection objectives and direction effectively to all NHG's units and functions.

• Promote a positive data protection and privacy culture within NHG through proper training and awareness programme.
• Work with NHG's units and functions to proactively implement the appropriate data protection and data security policies and procedures.
• Act as the data protection advisor to NHG's units and functions, and promote data protection risk awareness and accountability amongst Management and Staff in the units and functions.

Assisting the Data Protection Officer (DPO) Committee in reviewing, evaluating and making recommendations on all matters related to data protection.

• Preparing reports for Data Protection Officer Committee and Senior Management team.
• Participate in relevant data protection and governance subcommittees or discussions.
• Liaising with data protection leads in risk monitoring and reporting.
• Report regularly to the senior management on data breach incidents to address data protection risks by minimising the effects of threats and implementing action plans to mitigate risks to an acceptable level.

Managing the data protection training program.

• To oversee the development and maintenance of an up-to-date data protection training program for employees of NHG.
• To work with NHG's units and functions to ensure that all employees are provided with relevant and timely training in data protection.
• To ensure the content of the training program remains current and relevant.

Reviewing and analysing data protection risk registers and risk statistics.

• To review the internal controls in data handling areas and develop appropriate risk mitigation plans to mitigate the risks (e.g. via the use of Privacy Enhancing Technology (PETs)).
• To facilitate the preparation and update the risk registers (and relevant risk reports containing risk indicators) which identify and assess the key data breach risks facing NHG's units and functions

Performing compliance checks on data protection and data security in accordance with PDPA and MOH's HIM policy requirements

OTHER DUTIES AND RESPONSIBILITIES

Any other administrative duties and responsibilities that may be assigned from time-to-time in the areas of Data Protection and Governance matters.

JOB REQUIREMENTS

(A) EDUCATION, TRAINING AND EXPERIENCE

• A good degree in any discipline
• At least 3 years experience in data protection and audit/ compliance role with a robust understanding of the core elements of PDPA
• Those with a recognised Privacy qualification such as CIPP/E, CIPM or Security /Audit qualification such as CISA, CISSP, CIA will be an added advantage
• High proficiency in using Microsoft Word, Excel, PowerPoint and comfortable with various IT tools
• Experience in working in challenging business environment with proven capabilities in organizing, summarizing and presenting complex information

(B) PROFESSIONAL LICENCE

• Not required

(C) PERSONAL ATTRIBUTES

• Strong analytical and critical thinking skills
• Strong attention to detail with the ability to produce high quality report and presentations
• Good communication (oral, written) and influencing skills with the ability to liaise with senior stakeholders
• Enjoys multi-tasking and working on multiple projects across different functions
• A strong team player with positive attitude. Highly driven, autonomous and resilient
• Enjoy working in a dynamic and multi-cultural team and business environment