Head Data Protection

7 days ago


Islamabad, Islamabad, Pakistan Mobilink Bank Full time

Department: Information Security

Reports To: Head ISRM

Job Grade: SVP

Total Positions: 01

Job Location: Head Office, Islamabad

What is Head Data Protection - MMBL?

Mobilink Microfinance Bank Limited seeks a visionary and technically proficient Data Protection Officer (DPO) to lead the bank's enterprise-wide data protection and privacy program. Reporting directly to the Head of Information Security, the DPO will be responsible for establishing the governance, architecture, and operational execution of the Bank's privacy and data protection obligations. This leadership role will oversee the implementation of a formal Data Protection and Governance Program, manage the lifecycle of sensitive and regulated data, deploy advanced Data Loss Prevention (DLP) systems, and ensure full compliance with relevant State Bank of Pakistan (SBP) regulations, Pakistan's Personal Data Protection Act (when enacted), and applicable international standards, including ISO/IEC 27001 and PCI DSS. The DPO will serve as the Bank's authority on privacy, act as a secondary liaison to regulators and law enforcement via the Compliance function, and serve as the internal champion for all privacy-by-design and data accountability initiatives.

What Head Data Protection - MMBL Does?

Strategic Privacy Program Design & Leadership:

  • Develop, own, and drive the enterprise privacy and data protection strategy in alignment with SBP's regulatory expectations and international best practices.
  • Establish and operationalize a centralized Data Protection Office, defining its charter, structure, roles, and reporting lines.
  • Define a bank-wide data protection operating model, integrating privacy requirements into enterprise risk management and governance frameworks.
  • Champion data ethics, responsible data handling, and privacy-by-default principles across the organization.

Regulatory Compliance & Privacy Risk Management:

  • Ensure continuous compliance with SBP's Framework on IT Governance and Risk Management, o SBP's Cybersecurity Framework, o Pakistan's Personal Data Protection Bill, o ISO/IEC 27001, PCI DSS, and GDPR (where applicable).
  • Act as the bank's focal point or designated secondary liaison with SBP and other relevant regulatory bodies through the Compliance and Legal departments.
  • Lead Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new systems, products, and processes.
  • Monitor changes in local and global data privacy regulations and proactively adjust compliance strategies.

Data Governance & Inventorization:

  • Lead implementation of data classification, tagging, and ownership models across data types and systems.
  • Oversee and maintain accurate and up-to-date Records of Processing Activities (RoPAs) in line with SBP and global privacy standards.
  • Ensure policies for data minimization, retention, disposal, and lifecycle management are in place and enforced.

Technology & Data Loss Prevention (DLP) Oversight:

  • Collaborate with IT, SOC, and Information Security teams to ensure privacy-by-design and privacy-by-default in systems architecture.
  • Oversee the deployment, configuration, and monitoring of DLP solutions across all critical data touchpoints—endpoints, email, file storage, and networks.
  • Ensure technical controls are aligned with SBP's cybersecurity baseline controls.

Vendor, Third-Party & Contractual Privacy Assurance:

  • Evaluate third-party vendors, partners, and outsourcing arrangements for privacy and data protection risks.
  • Ensure Data Processing Agreements (DPAs), SLAs, and contractual clauses reflect regulatory and internal privacy requirements.
  • Conduct vendor risk assessments and ensure privacy obligations are embedded in procurement and onboarding processes.

Privacy Incident Management & Breach Handling:

  • Develop, maintain, and test the Privacy Incident Response Plan in alignment with SBP's incident handling guidelines.
  • Maintain a personal data breach register and ensure timely notification to SBP and affected stakeholders in case of qualifying breaches.
  • Work with SOC, IT, and Legal to coordinate breach response and containment.

Awareness, Training & Culture Building:

  • Develop and roll out privacy awareness programs, including mandatory and role-specific training modules for staff.
  • Promote a culture of privacy through KPIs, employee engagement campaigns, and executive support.
  • Regularly assess training effectiveness and incorporate feedback from business units.

Reporting & Stakeholder Communication:

  • Provide periodic updates to senior management and the Board of Directors on the maturity and effectiveness of the data protection program.
  • Contribute to internal audits and regulatory examinations, ensuring evidence of compliance is maintained and auditable.
  • Generate dashboards and metrics on privacy risks, incident trends, and regulatory compliance status.

What are we looking for and what does it require to be Head Data Protection - MMBL?

Educational Background:

  • Bachelor's or Master's degree in Information Security, Law, Cybersecurity, Risk Management, or related field.

Experience:

  • Experience in privacy and security governance.
  • Previous experience in regulatory compliance, risk management, or data protection roles.

Technical Proficiency:

  • Certifications (preferred):
  • CDPO (Certified Data Protection Officer)
  • CIPM (Certified Information Privacy Manager)
  • CIPP/E (Certified Information Privacy Professional/Europe)
  • CISA (Certified Information Systems Auditor)
  • CISSP (Certified Information Systems Security Professional)
  • CRISC (Certified in Risk and Information Systems Control)
  • ISO/IEC 27001 Lead Implementer
  • PCI DSS (Payment Card Industry Data Security Standard) knowledge

Soft Skills:

  • Strong analytical and problem-solving skills.
  • Excellent communication and stakeholder management skills.
  • Ability to work independently and in teams.

About MMBL:

Mobilink Microfinance Bank Ltd. is providing banking services to over 48 million registered users including 20+ million monthly active customers across Pakistan. With a hybrid model that combines traditional microfinance with mobile/digital banking technologies, the bank now operates with over 114 branches and 270,000 branchless banking agents and provides a USSD (GSM) based digital channel offering savings, micro enterprise (MSME) loans, small housing loans, remittances, collection (utility bills and loan instalments), mobile wallets, insurance, G2P, B2B & B2P payments; thus, playing a leading role in the promotion of financial inclusion. MMBL is committed to fostering a positive and productive workplace, and our core values reflect this focus. These values include promoting innovation and entrepreneurship, encouraging teamwork and collaboration, and prioritizing a customer-centric approach in all aspects of our business.

Why Join MMBL?

This is an opportunity for someone who is passionate about making a difference and playing a key role in driving transformative change. Our team is committed to empowering millions with the tools necessary to succeed in the digital age, and we're looking for a talented individual to join us in this endeavour.

#J-18808-Ljbffr

  • Islamabad, Islamabad, Pakistan Aetheria Group Full time

    Direct message the job poster from Aetheria GroupInsourcing, Outsourcing & Specialist Recruitment Why This Role MattersFrontline Insourcing, part of Aetheria Group, is one of the UK's trusted NHS clinical insourcing providers, delivering virtual clinics, outpatient services, and patient booking support for hospitals across the UK. Every day, NHS Trusts trust...


  • Islamabad, Islamabad, Pakistan beBeeDataProtection Full time

    Job Title: Data Protection OfficerThis is a career-defining opportunity to lead data protection and compliance efforts for an international organization.We are seeking a highly skilled professional with expertise in UK GDPR, NHS compliance, and IT security. As our Data Protection Officer, you will play a crucial role in ensuring the secure handling of...


  • Islamabad, Islamabad, Pakistan beBeeDataProtection Full time

    Job Title: Chief Information Security OfficerAbout the Job:We are seeking a visionary and technically proficient Data Protection Officer (DPO) to lead our enterprise-wide data protection and privacy program. Reporting directly to the Head of Information Security, the DPO will be responsible for establishing the governance, architecture, and operational...


  • Islamabad, Islamabad, Pakistan JAPAN ELECTRONICS Full time

    Head of Public Relations (PR) – Government AffairsGet AI-powered advice on this job and more exclusive features.Direct message the job poster from JAPAN ELECTRONICSRecruitment Specialist | Head Hunting | Talent Acquisition | HR Enthusiast | INTJ-T | MBA '23 | Web Content Specialist | Open to Remote Projects |…We're Hiring: Head of Public Relations (PR)...

  • Head IT Operations

    3 weeks ago


    Islamabad, Islamabad, Pakistan Mobilink Bank Full time

    Department: Information TechnologyReports To: Chief Information OfficerPosition Title: Head IT OperationsJob Grade: SVPTotal Positions: 01Job Location: Head Office, IslamabadWhat is Head IT Operations - MMBL?The role involves developing and managing IT strategies to ensure system stability, efficiency, and data security, while aligning with organizational...

  • Head of Production

    7 days ago


    Islamabad, Islamabad, Pakistan Filmabad Full time

    Direct message the job poster from FilmabadCreative Direction, Operations, Strategy.Job Description – Head of Production & Programs (Filmabad)Location: Islamabad-based role and travel to other cities for Filmabad Bootcamps, MEHFILM, and special events.Commitment: Minimum 30 hours/weekCompensation: Competitive stipend, with growth potential as Filmabad...


  • Islamabad, Islamabad, Pakistan beBeeWildlife Full time

    Senior Wildlife Conservation OfficerWe are seeking a highly skilled and experienced Senior Wildlife Conservation Officer to join our team.Job DescriptionThe successful candidate will be responsible for overseeing the implementation of wildlife conservation projects, conducting surveys and assessments, and developing strategies to protect and preserve...

  • Data Scientist

    3 weeks ago


    Islamabad, Islamabad, Pakistan North Eastern Services Full time

    About FusemachinesFusemachines is a 10+ year old AI company, dedicated to delivering state-of-the-art AI products and solutions to a diverse range of industries. Founded by Sameer Maskey, Ph.D., an Adjunct Associate Professor at Columbia University, our company is on a steadfast mission to democratize AI and harness the power of global AI talent from...

  • Head of Sales

    3 days ago


    Islamabad, Islamabad, Pakistan Nera Telecommunications Ltd Full time

    The Head of Sales is responsible for leading the sales function to drive revenue growth, expand market share, and ensure long-term business success. This role requires strategic planning, strong leadership, performance management, and close collaboration across departments including marketing, product development, operations, and customer...

  • Data Analyst

    7 days ago


    Islamabad, Islamabad, Pakistan S&P Global Full time

    About the Role:Grade Level (for internal use):07The Team:The current opening is with S&P's Transactions division that publishes Mergers & Acquisitions and Capital Market data. We collect and validates data using search tools, press releases, company websites, stock exchange websites and regulatory filings with a view to provide in-depth, accurate and timely...