Data Protection & Information Security Analyst at Niajiri Platform LTD
--Powermax General Electrical Merchants Ltd--
Job Description
The Data Protection and Information Security Analyst supports both internal operations and customer-facing engagements in ensuring compliance with the Personal Data Protection Act (PDPA) 2022, maintaining information security controls in line with ISO 27001, and protecting the confidentiality, integrity, and availability of information assets.
The role involves monitoring, assessing, and improving data protection and information security practices across clients and within the organization. The Analyst will also manage incidents and conduct training and awareness initiatives to strengthen overall compliance and security posture.
Job Industry
Job Salary Currency
Job Salary Fixed
NoKey Deliverables
Data protection and privacy compliance
The Data Protection & Information Security Analyst will be responsible for supporting privacy and compliance activities, including:
- Supporting the implementation and maintenance of the organization’s data protection framework.
- Assisting in developing and maintaining the Record of Processing Activities (ROPA).
- Conducting regular Data Protection Impact Assessments (DPIAs) and advising departments on mitigating privacy risks.
- Reviewing data processing agreements and contracts to ensure compliance with PDPA 2022 requirements.
- Assisting in responding to data subject access requests (DSARs) and managing privacy incidents or breaches.
- Monitoring data transfer activities to ensure compliance with cross-border data flow restrictions.
- Supporting the DPO in preparing periodic compliance and audit reports for management and regulators.
Information security operations
- Implementing, monitoring, and continually improving information security controls under the Integrated Management System (IMS) aligned with ISO 9001:2015 and ISO/IEC 27001:2022 standards.
- Conducting risk assessments and supporting the development of mitigation plans.
- Participating in vulnerability assessments and coordinating with relevant teams for remediation.
- Monitoring system logs, alerts, and incidents to detect and respond to security threats.
- Supporting the development and maintenance of the Information Security Management System (ISMS) documentation.
- Coordinating internal and client security awareness and training programmes.
Governance, policy and awareness
The Analyst will support governance and awareness initiatives through the following duties:
- Developing and maintaining policies, procedures, and guidelines on data protection and information security.
- Conducting awareness sessions for employees, customers, and third parties on privacy and cybersecurity best practices.
- Collaborating with IT, Legal, HR, and other departments to embed data protection and security in daily operations.
Incident management and reporting
The role includes responsibilities related to incident response and reporting, such as:
- Participating in incident response activities, including investigation, containment, and reporting.
- Maintaining the incident register and assisting in preparing incident reports for the DPO and management.
- Supporting business continuity and disaster recovery initiatives.
Essential Qualities
| Essential Qualities |
|---|
Preferred certifications The following certifications would be an added advantage, but are not mandatory:
Skills required
|