Data Privacy And Internal Audit Manager- Ortigas

Job Summary:

The Data Privacy and Internal Audit Manager plays a dual role. As Data Protection Officer (DPO), they will be responsible for ensuring the organization’s compliance with the Data Privacy Act of 2012 and related international data protection standards (e.g., GDPR, PCI-DSS). As Internal Audit Team Manager, they will lead a team of at least 8 internal auditors responsible for conducting audits aligned with ISO standards, operational risk assessments, and compliance reviews. This role reports to the Head of Compliance or the Country Leadership Team and works independently in their DPO capacity.

Key Responsibilities:Auidit

As Data Protection Officer (Independent Contributor):

• Serve as the official DPO registered with the National Privacy Commission (NPC).

• Develop, implement, and monitor the company’s data privacy and protection strategies and ensure compliance with the Data Privacy Act and relevant standards (e.g., ISO 27001, PCI DSS).

• Conduct privacy impact assessments (PIA) for new and existing systems/processes.

• Act as the point of contact for all data subject concerns and regulatory inquiries.

• Lead data breach response initiatives, including investigation, notification, and remediation.

• Train and educate employees on data privacy principles and internal protocols.

• Maintain an updated Data Privacy Manual, Retention Policy, and Privacy Notices.

• Coordinate with global data protection counterparts (if applicable).

As Internal Audit Team Manager:

• Lead, coach, and develop a team of at least 8 internal auditors to deliver regular internal audits across all departments (Ops, HR, Finance, IT, etc.).

• Ensure the audit program complies with ISO 9001, ISO 27001, PCI DSS, and internal risk management protocols.

• Prepare, schedule, and oversee risk-based audits, special reviews, and investigations.

• Analyze audit findings, recommend improvements, and monitor implementation.

• Collaborate with department heads to align business practices with audit recommendations.

• Report audit findings to senior management and/or the Board (as applicable).

Qualifications:

• Bachelor’s Degree

• Certified Data Protection Officer or have equivalent experience/training (certification is a plus but is not required)

• At least 5 years of experience in internal audit, risk management, or compliance, with 2+ years in a leadership role

• Strong knowledge of the Data Privacy Act of 2012, GDPR, ISO standards, and PCI DSS requirements

• Demonstrated experience in audit planning, execution, and reporting.

• Strong communication, stakeholder management, and team leadership skills.

• Experience in a BPO or highly regulated environment is preferred

Job Type: Full-time

Pay: Php100,000.00 - Php120,000.00 per month