Senior Manager, Data Protection

Job Description

We are looking for a Data Protection Senior Manager to oversee StarHubs compliance with the Personal Data Protection Act (PDPA) and other applicable data protection laws across the markets in which the Group operates. This role will be part of our Legal Team.

Key responsibilities include advising on StarHubs compliance with local and regional data protection laws, monitoring adherence to applicable standards, updating and enforcing internal policies, maintaining an inventory of personal data across the Group, and delivering data protection training to staff to increase awareness of data protection compliance.

As StarHub expands regionally, this role will also provide oversight, guidance and coordination of data protection compliance across the Group, ensuring alignment with Group policies while taking into account local regulatory requirements.

To be successful in this role, the candidate must have an in-depth knowledge of the PDPA in Singapore and Malaysia, and familiarity with regional data protection laws and international frameworks. Familiarity with our industry is not a must, but the ability to perform audits on our current procedures is essential. The candidate will also be expected to work closely with the IS and cybersecurity teams for regulatory compliance.

Responsibilities:

Maintain and continuously enhance the Groups Data Protection Management Programme
Drive compliance with recognised frameworks (e.g. Data Protection Trustmark) and support audits, certifications and regulatory assessments
Oversee and operationalise data protection risk management, including:
- Identify and evaluate data processing activities
- Implement appropriate technical and organisational controls
- Maintain data inventories and records of processing activities
Establish, implement and maintain Data Protection Impact Assessment (DPIA) and risk assessment frameworks across the Group, including for new products, systems and high-risk processing (e.g. AI, analytics and cross-border transfers)
Act as central advisory function on data protection matters, providing practical and risk-based guidance across the Group
Develop and drive organisation-wide data protection awareness and training programmes (in-person and self-guided formats) to strengthen a culture of privacy and accountability
Monitor regulatory developments from relevant authorities (e.g. PDPC, IMDA and regional/global regimes), proactively assess business impact and spearhead necessary changes
Serve as the primary point of contact for:
- Data subject requests
- Do Not Call compliance
- Regulatory engagement and inquiries
Lead and manage data breach and incident response processes, including:
- Investigation, risk assessment and containment
- Notification obligations and regulatory liaison
- Post-incident reviews and remediation
Conduct and manage both internal and external audits, compliance reviews and monitoring activities to ensure adherence to data protection obligations and internal policies
Support vendor and third-party risk management by:
- Reviewing and advising on data protection clauses
- Assessing vendors data protection posture
- Ensuring appropriate safeguards for cross-border data transfers
Partner with cybersecurity, legal and risk functions to align data protection with cybersecurity, enterprise risk management and governance frameworks

Represent StarHub in regulatory and industry engagements, including:
- Working with PDPC, IMDA and other authorities
- Participating in industry consultations and shaping regulatory outcomes
- Building relationships with regulators and industry peers

Qualifications

Bachelors degree in any discipline
Professional data protection certifications such as CIPP, CIPM or equivalent
Minimum 5 to 8 years of working experience, with at least 3 years in data protection, privacy governance or related roles, and with experience in managing large volumes of personal data
Strong working knowledge of PDPA and practical experience in its implementation familiarity with regional or international data protection regimes is an advantage
Experience in areas such as DPIAs, incident management, vendor risk management or regulatory engagement preferred
Familiarity with privacy management platforms (e.g. OneTrust) is a plus
Excellent stakeholder management, communication and influencing skills across both business and technical teams
Strong analytical skills with attention to detail, and the ability to translate regulatory requirements into practical business solutions
Self-driven, organised and able to operate effectively in a fast-paced and evolving regulatory environment