Legal Counsel (Data Protection Officer)

About the Role

We are looking for a Data Protection Legal Specialist / Counsel based in Singapore to support global privacy, data protection, cybersecurity, and data governance matters. The role requires someone who can independently assess regulatory requirements, provide practical legal advice, and work effectively with business and technical teams to implement compliance solutions. 

Key Responsibilities

• Advise on privacy, data protection, cybersecurity, and data governance matters across global markets.

• Interpret and apply key data protection laws and privacy frameworks, including GDPR, UK GDPR, CCPA/CPRA, Singapore PDPA, and other applicable regulations.

• Support cross-border data transfer compliance, including SCCs, TIAs, consent mechanisms, data localization analysis, and intra-group data transfer arrangements.

• Conduct privacy reviews for products, features, marketing campaigns, analytics tools, AI/data initiatives, vendors, and data-sharing activities.

• Draft, review, and negotiate data protection terms in commercial agreements, including DPAs, privacy clauses, vendor agreements, SCCs, and customer contracts.

• Support DPIAs, PIAs, data mapping, records of processing activities, legitimate interest assessments, and vendor privacy reviews.

• Track regulatory developments and translate legal requirements into practical business guidance, policies, and workflows.

• Support data incident and breach response, including legal assessment, notification analysis, and stakeholder coordination.

• Develop and maintain privacy policies, notices, consent language, internal SOPs, and training materials.

Requirements

• Degree in Law or a related discipline.

• At least 3–5 years of experience in data protection, privacy, cybersecurity, technology compliance, or related legal/compliance work.

• Experience gained in a multinational company, leading technology company, internet platform, fintech, SaaS/cloud company, or reputable law firm is preferred.

• Strong working knowledge of data protection laws and privacy frameworks across major jurisdictions.

• Familiarity with GDPR, UK GDPR, CCPA/CPRA, Singapore PDPA, and other applicable data protection laws.

• Ability to independently assess legal and compliance risks and provide practical, business-oriented advice.

• Experience with cross-border data transfers, privacy impact assessments, vendor assessments, and privacy contract reviews.

• Strong drafting, negotiation, project management, and stakeholder management skills.

• Excellent written and spoken English.

• Ability to work with legal, regulatory, and business materials across multiple jurisdictions.