You should ideally;

• possess minimum 5 years of experience in data protection, legal compliance, information security, or data governance
• possess a Bachelor’s degree in Law, Information Security, Data Governance, or Information Technology; a Master’s degree in related field is highly preferred
• possess relevant certifications in Data Protection (e.g., CIPP/E, CIPM), Information Technology, or GRC are advantageous
• be familiar with the PDPA Act No. 19 of 2022 and international data protection frameworks (e.g., GDPR) is essential
• possess knowledge of ISO 27001, ISO 20000, ISO 22301 (will be an added advantage).

You will be mainly responsible for;

• establishing a comprehensive data protection framework for PDPA and legal compliance, collaborating with CISO to integrate data protection into cybersecurity
• ensuring data practices align with GRC standards and legal requirements across all subsidiaries, and oversee data privacy risk management
• advising senior management on data privacy, including anonymization and retention policies
• guiding DPIAs and privacy-by-design strategies, and collaborating with legal to apply PDPA requirements in transactions and partnerships
• creating and enforcing organization-wide data protection policies to ensure PDPA and global standards compliance
• regularly updating policies to align with legal and technological changes
• overseeing personal data governance in analytics, ensuring legal compliance and responsible data use for insights, in line with privacy regulation
• establishing processes and contingency plan to effectively address data subject rights under the PDPA
• assessing and monitoring third-party vendors for data protection compliance, ensuring proper data handling agreements
• coordinating with risk and audit teams for continuous vendor performance monitoring
• collaborating with the CISO to mitigate cyber risks related to data, focusing on encryption, access control and secure storage
• ensuring ethical and secure data use across operations, including marketing and customer analytics
• leading data protection and privacy training for employees, ensuring understand their roles and responsibilities in maintaining compliance
• monitoring data processing activities, report compliance to senior management, and highlight risks and improvements
• collaborating with auditors to ensure PDPA and international standards compliance, preparing for audits as needed
• serving as the primary contact for the Data Protection Authority of Sri Lanka, ensuring compliance with regulatory requirement

We are an equal opportunity employer, committed to promoting an inclusive and diverse environment. Recruitment to the Bank is based solely on merit and competency irrespective of other characteristics that make our employees unique. Any form of canvassing is discouraged. Correspondence will only be with the short-listed candidates.

Click here to download the DFCC Bank application form and apply now via the below portal by 10 November 2025.

Chief Human Resources Officer
DFCC Bank PLC, 73/5 Galle Road, Colombo 03
website – www.dfcc.lk