Data Protection Officer

Company Name: Alliance Finance Company PLC (AFCI)
Established: Incorporated in 1956, it is the oldest finance company in Sri Lanka.
Foundation: Built on a solid foundation of trust, stability, and responsibility.
Recognition: Has an unblemished track record for ethical business practices; one of only two companies in South Asia to be certified as a value driven sustainability certified financial institution.
Offerings: Diverse product consisting of Leasing, Gold Loans, Gold Investment, Fixed Deposits, Savings, Climate Smart Agriculture Loans, and many more financial solutions.

Data Protection Officer (Assistant Manager/Manager)

Oversee the company's data governance framework and ensure compliance with PDPA, CBSL, and other regulatory requirements.
Integrate data protection and privacy controls into business operations, systems, and new projects.
Collaborate with Legal, Compliance, IT, and Information Security teams to align policies and practices with regulatory and international standards.
Advise on data protection laws in contracts, vendor agreements, transactions, and risk assessments.
Ensure ethical and secure use of data, including anonymization, pseudononymization, and data minimization practices.
Respond to data subject rights requests (DSRs) and act as the main point of contact for the Data Protection Authority (DPA).
Conduct privacy impact assessments (PIAs) and regular data protection audits to monitor compliance and identify gaps.
Monitor and manage data breaches and security incidents, ensuring timely reporting to regulators and stakeholders.
Maintain records of data processing activities (RoPA) in line with regulatory requirements.
Support cross-border data transfer compliance and assess international data sharing risks.
Lead privacy awareness, training, and capacity-building programs across the organization.
Develop and maintain key data protection metrics and reports for senior management and the Board.

Previous experience in a financial institution would be an added advantage.
Strong understanding of PDPA, CBSL regulations, and broader government compliance frameworks.
Familiarity with international data protection standards (e.g., GDPR, ISO 27701, NIST Privacy Framework, APEC Privacy Principles).
Minimum 3 years' experience in data privacy, compliance, or governance, ideally within financial services.
Bachelor's degree in Law, Finance, Banking, IT, or related technical field.
Certifications such as CIPP/E, CIPM, CIPT, GRC, or ISO 27701 Lead Implementer/Auditor are an advantage.
Strong analytical, communication, and stakeholder management skills, with the ability to influence senior management and embed a culture of privacy and data ethics.

Submission: Send your CV with names and contact details of two non-related references and copies of relevant certificates.
Subject Line: Please mention the post applied for in the subject line of the email.
Email: hr@alliancefinance.lk
Address (for reference): The Group Head of HR, ALLIANCE FINANCE CO. PLC, 84, Hyde Park Corner, Colombo 02.
Phone: 011 2 673 673

MANAGER – SECURITY