Data Protection Officer - Head Office (Assistant Manager Grade)
About the Employer
Job Description
DATA PROTECTION OFFICER (Assistant Manager Grade)
Location - Head Office
As a Data Protection Officer, you will lead the implementation of data governance and ensure compliance with PDPA and GDPR. You will develop policies, oversee DPIAs, manage data breaches, and promote data privacy awareness across the organization to ensure ethical and lawful data practices. You will report directly to the Chief Executive Officer (CEO) and be part of a dynamic team of professionals in the Non-Banking Financial Services sector. This role offers a valuable opportunity to build a mutually rewarding career within the organization.
The ideal candidates should possess the following profile:
The Job Role
- Lead the implementation of data governance frameworks in alignment with the Sri Lankan Personal Data Protection Act (PDPA) and international standards such as GDPR.
- Act as the primary advisor to the data controller or processor regarding data protection obligations and ensure alignment with regulatory requirements from CBSL and other authorities.
- Develop, review, and maintain comprehensive data protection policies, procedures, and frameworks.
- Conduct and oversee Data Protection Impact Assessments (DPIAs) and promote privacy-by-design principles across systems and projects.
- Monitor compliance with data protection laws, internal policies, legal obligations, and industry best practices.
- Serve as the main point of contact for supervisory authorities and liaise with legal teams on data laws in business transactions.
- Lead incident response planning and breach notification processes, ensuring timely reporting and mitigation.
- Handle and respond to data subject rights requests in line with regulatory timelines.
- Collaborate with cross-functional teams (IT, legal, compliance, analytics) to integrate data protection controls into organizational processes.
- Drive awareness and provide training on data privacy responsibilities to staff across all levels.
- Evaluate risks related to data processing, identify non-compliance, and recommend mitigation strategies.
- Ensure ethical data use, anonymization in analytics, and governance controls that promote accountability and transparency.
Experience / Qualifications / Skills
- Minimum of 4 years of experience in data protection, legal compliance, information security, or related domains within the banking, finance, or insurance sectors.
- In-depth knowledge of the PDPA of Sri Lanka, GDPR, and other international data protection frameworks.
- Proven ability to collaborate with internal stakeholders (IT, Legal, Compliance) to enforce data protection standards.
- Bachelor's degree in law, IT, Finance, Accountancy, or a related field from a recognized university. A Master’s qualification will be an added advantage.
- Strong analytical thinking, legal interpretation, documentation, and conceptual communication skills.
- Demonstrated leadership and strategic thinking in managing data privacy programs and driving compliance initiatives.
Candidates are invited to send their detailed CVs to [email protected] or by post, including the contact details of two non-related referees, to reach us within 14 days of this advertisement. Please mention the post applied for on the top left corner of the envelope or in the subject line of the e-mail.
Head of Human Resources & Administration,
Fintrex Finance PLC,
No.851, Dr. Danister De Silva Mawatha,
(Baseline Road), Colombo 14.
