About Thunes
Thunes is the Smart Superhighway for money movement around the world. Thunes' proprietary Direct Global Network allows Members to make payments in real-time in over 130 countries and more than 80 currencies. Thunes' Network connects directly to over 7 billion mobile wallets and bank accounts worldwide, via more than 350 different payment methods, such as GCash, M-Pesa, Airtel, MTN, Orange, JazzCash, Easypaisa, AliPay, WeChat Pay and many more.
Members of Thunes' Direct Global Network include gig economy giants like Uber and Deliveroo, super-apps like Grab and WeChat, MTOs, fintechs, PSPs and banks. Thunes' Direct Global Network differentiates itself through its worldwide reach, in-house Smart Treasury Management Platform and Fortress Compliance Infrastructure, ensuring Members of the Network receive unrivalled speed, control, visibility, protection and cost efficiencies when making real-time payments globally.
Headquartered in Singapore, Thunes has offices in 12 locations, including Barcelona, Beijing, Dubai, London, Manila, Nairobi, Paris, Riyadh, San Francisco, Sao Paulo and Shanghai. For more information, visit: https://www.thunes.com/
Context of the role
As the Data Protection Officer (DPO) you will be responsible for ensuring our company complies with all relevant data privacy laws and requirements where it operates. The DPO will create, enhance and oversee the company's data protection frameworks and controls, monitor compliance, and act as a point of contact for regulatory authorities and data subjects.
You will play a critical role in building trust with our clients, partners and employees by ensuring their personal data is protected and that the company meets all legal and regulatory requirements in respect of data privacy and governance.
Key Responsibilities
- Data Protection Compliance
- Lead and manage the company's data protection strategy and frameworks, as well as developing, implementing, and maintaining adequate technical and operation measures to ensure compliance with all applicable privacy laws (including GDPR (both UK and EU), US Federal and State (including CCPA/CPRA), PDPA (Singapore) and /US Federal, PDPO (Hong Kong) and other regional regulations where the group operates).
- Develop, implement and embed policies and procedures related to data protection, data retention, and data security.
- Maintain the groups data transfer and intra-group data sharing agreements and processes, including EU-US and UK extension data privacy frameworks
- Assist in the negotiation of data processing agreements with the group's customers and maintenance of related templates.
- Ensure that personal data processing activities are conducted in a manner that ensures the confidentiality, integrity, and availability of data.
- Develop systems and processes, and manage timely responses, in respect of data subject access requests.
- Risk Management and Audits
- Conduct Data Protection Impact Assessments (DPIA) and Data Transfer Impact Assessments in respect of the group's operations and for new products, services, and processes.
- Regularly audit data protection practices and provide recommendations for risk mitigation.
- Work with the group's CISO in respect of embedding data protection and cyber security processes and controls.
- Work with internal stakeholders to ensure that third-party vendors adhere to data protection standards.
- Report to the Thunes Risk Committee on a regular basis to ensure management oversight and control.
- Assist with regulatory reporting and filings as necessary.
- Training and Awareness
- Develop and deliver training programs to staff on data protection compliance and best practices.
- Maintain and train the wider legal team in respect of data privacy matters and documentation.
- Promote a culture of data privacy and privacy by design within the organisation.
- Data Breach Response
- Oversee and manage the response to data breaches, including communication with regulatory authorities in conjunction with the General Counsel and Head of Compliance and data subjects where necessary.
- Establish protocols for data breach investigation, remediation, and reporting.
- Liaison with Authorities
- Be registered as and act as the primary point of contact with data protection authorities and regulatory bodies.
- Records of Processing Activities (RoPA)
- Maintain and regularly update records of all data processing activities (RoPA) within the group.
Professional Skills and Qualifications
- Educational Background
- Bachelor's degree in Law, Information Security, or related field.
- Professional certifications such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), or equivalent are highly desirable.
- Experience
- At least 7 years of experience in data protection and privacy law, preferably within a FinTech, financial services or payments company.
- Familiarity with implementing data privacy frameworks and regulations, including GDPR, CCPA, and others.
- Experience in conducting and negotiating DPAs, DTIAs, DPIAs, audits, and data breach management.
- Knowledge and Skills
- Deep understanding of data protection laws, regulatory frameworks, and industry best practices.
- Ability to balance regulatory requirements with commercial needs.
- Strong problem-solving skills with the ability to assess risks and provide practical solutions.
- Excellent communication skills, both written and verbal, with the ability to explain complex data privacy concepts to non-specialists.
- Strong organisational skills and attention to detail.
Sound like you? Apply now!