Job Description

We are looking for a Data Protection Senior Manager to oversee StarHub’s compliance with the Personal Data Protection Act (“PDPA”) and other applicable data protection laws across the markets in which the Group operates. This role will be part of our Legal Team.

Key responsibilities include advising on StarHub’s compliance with local and regional data protection laws, monitoring adherence to applicable standards, updating and enforcing internal policies, maintaining an inventory of personal data across the Group, and delivering data protection training to staff to increase awareness of data protection compliance.

As StarHub expands regionally, this role will also provide oversight, guidance and coordination of data protection compliance across the Group, ensuring alignment with Group policies while taking into account local regulatory requirements.

To be successful in this role, the candidate must have an in-depth knowledge of the PDPA in Singapore and Malaysia, and familiarity with regional data protection laws and international frameworks. Familiarity with our industry is not a must, but the ability to perform audits on our current procedures is essential. The candidate will also be expected to work closely with the IS and cybersecurity teams for regulatory compliance.

Responsibilities:

•    Maintain and continuously enhance the Group’s Data Protection Management Programme
•    Drive compliance with recognised frameworks (e.g. Data Protection Trustmark) and support audits, certifications and regulatory assessments
•    Oversee and operationalise data protection risk management, including:
    - Identify and evaluate data processing activities
    - Implement appropriate technical and organisational controls
    - Maintain data inventories and records of processing activities
•    Establish, implement and maintain Data Protection Impact Assessment (DPIA) and risk assessment frameworks across the Group, including for new products, systems and high-risk processing (e.g. AI, analytics and cross-border transfers)
•    Act as central advisory function on data protection matters, providing practical and risk-based guidance across the Group
•    Develop and drive organisation-wide data protection awareness and training programmes (in-person and self-guided formats) to strengthen a culture of privacy and accountability
•    Monitor regulatory developments from relevant authorities (e.g. PDPC, IMDA and regional/global regimes), proactively assess business impact and spearhead necessary changes
•    Serve as the primary point of contact for:
    - Data subject requests
    - Do Not Call compliance
    - Regulatory engagement and inquiries
•    Lead and manage data breach and incident response processes, including:
    - Investigation, risk assessment and containment
    - Notification obligations and regulatory liaison
    - Post-incident reviews and remediation
•    Conduct and manage both internal and external audits, compliance reviews and monitoring activities to ensure adherence to data protection obligations and internal policies
•    Support vendor and third-party risk management by:
    - Reviewing and advising on data protection clauses
    - Assessing vendors’ data protection posture
    - Ensuring appropriate safeguards for cross-border data transfers
•    Partner with cybersecurity, legal and risk functions to align data protection with cybersecurity, enterprise risk management and governance frameworks

•    Represent StarHub in regulatory and industry engagements, including:
    - Working with PDPC, IMDA and other authorities
    - Participating in industry consultations and shaping regulatory outcomes
    - Building relationships with regulators and industry peers

Qualifications

•    Bachelor’s degree in any discipline
•    Professional data protection certifications such as CIPP, CIPM or equivalent
•    Minimum 5 to 8 years of working experience, with at least 3 years in data protection, privacy governance or related roles, and with experience in managing large volumes of personal data
•    Strong working knowledge of PDPA and practical experience in its implementation; familiarity with regional or international data protection regimes is an advantage
•    Experience in areas such as DPIAs, incident management, vendor risk management or regulatory engagement preferred
•    Familiarity with privacy management platforms (e.g. OneTrust) is a plus
•    Excellent stakeholder management, communication and influencing skills across both business and technical teams
•    Strong analytical skills with attention to detail, and the ability to translate regulatory requirements into practical business solutions
•    Self-driven, organised and able to operate effectively in a fast-paced and evolving regulatory environment