Data Protection Officer, APPRO Venture – SC Ventures  (2200017670)


: Technology

Primary Location

: Africa & Middle East-United Arab Emirates-Dubai


: Full-time

Employee Status

: Permanent

Posting Date

: 05/Jul/2022, 10:07:19 AM

Unposting Date

: Ongoing



APPRO is a new fintech start-up by Standard Chartered Ventures , that aims  to simplify the on-boarding journey of customers in retail banking.

For individuals looking for new products and credit recommendations, APPRO will provide a quick, easy application process and fast results.

This is a rare opportunity to join a fresh tech company backed by an established financial institution. We are looking for nimble, hardworking and outcome-oriented individuals to join us in this exciting journey to rewire the DNA of Retail banking.

The Role Responsibilities


  • The DPO will play an essential role in developing and implementing a strong risk control framework to managing data privacy, data protection and ICS risks.

  • Design, implement, and monitor healthy 1st line controls for technology whilst upholding the integrity of technology and operational risk within risk appetite

  • Provide focal point of managing information and cyber security risk in the venture, including the design of effective controls and the systematic monitoring of risks

  • Provide expert guidance on the interpretation, application and implementation of laws and regulations pertaining to privacy and secrecy.


  • Monitor relevant legislative and regulatory changes and advise on associated impact to the business and operational functions.


  • Develop and implement a robust plan for managing Information security related risks.

  • Review, assess and advise on Privacy Impact Assessments (PIAs), Records of Processing Activities and data incidents.

  • Develop and deliver training where required.

  • Draft mandatory documentation, such as Standards and guidelines, and help maintain a library of mandatory documentation.

  • Draft and maintain additional, non-mandatory documentation such as FAQs, Privacy-related communications including content for the Internal Communications

People and Talent

  • Develop and provide training to colleagues at all levels to ensure data protection principles and good practices are adopted.

  • Collaborate with Businesses and Functions to foster an environment that drives appropriate data privacy and risk control behaviour, including early anticipation, identification, and mitigation of privacy risk, escalating issues in line with the SCV’s Operational Risk Framework.

Risk Management

  • Oversee, monitor and challenge implementation of controls to mitigate risks.

  • Ensure privacy and data protection controls are regularly tested in accordance with the controls testing plan.

  • Lead risk assessments to identify gaps and deficiencies and help determine remedial action to correct or mitigate risk.

  • Provide expert guidance and support on data privacy and information security risk identification and management.

  • Ensure proactive and timely identification, assessment, advice and dissemination of evolving legal and regulatory changes / practices and associated risks on client data privacy issues across the Group.

  • Assist in agreeing the scope of audits and second line / Compliance Monitoring Reviews.

  • Support with firm-wide internal audits as well as audits of third parties.

  • Integrate data privacy and ICS requirements into the third-party vendor framework to ensure data protection and ICS risks are appropriately integrated.


  • Draft committee papers pertaining to data privacy and information security.

  • Establish and maintain strong relationships with key stakeholders at all levels, while independently performing own duties.

  • Work with Businesses and Functions, and colleagues in CFCC, to identify and develop innovative solutions to personal data processing and data privacy related matters.

Our Ideal Candidate

  •   Solid experience in information security and risk management

  •   Experience in governance, risk management, or operational risk

  •   Experience in the three lines of defence risk model

  •   Good knowledge of authentication, authorization, cryptography, certificates management, password management, user lifecycle management, network security, firewalls, encryption: in flight, at rest.

  •   Cloud knowledge and prior experience implementing solutions on public cloud (AWS / GCP)

  •   Practical experience in threat modelling and risk assessment.

  •    Knowledge and experience to proactively identify vulnerabilities.

  •   Ability to understand and overcome the differences in the risk management of an agile bank compared to a traditional bank

  •   A respectful and balanced attitude towards both risk management and business development

  •   Excellent communication and organisational skills

  •   Certifications in the following areas are desirable, though not mandatory: Certified Information Systems Auditor (CISA); Certified Information Systems Security Professional (CISSP); or other equivalent qualification or other equivalent qualification, Strong knowledge of Java, Coldfusion, API, Webservices

About SC Ventures

SC Ventures, part of Standard Chartered Bank (the “Bank”), is the platform and catalyst for innovation, investments in disruptive financial technology and exploration of alternative business models.

  • Our eXellerator enables us to facilitate innovation and culture change within the Bank and with our ecosystem partners; to change the way the Bank serves clients.

  • Our innovation investment fund enables our investment in validated fintech to develop future tech capabilities; integrating technology and capabilities into the Bank and ventures to drive speed and scale.

  • Our venture building stream explores new business models, with the objective of providing ‘optionality’ for the Group in the way it engages existing and new customers and markets.

Across our workstreams, we are building ecosystems around high conviction themes, the building blocks of financial system of the future; including Digital Banking & Lifestyle platforms; E-commerce, Online economy & Payments; SMEs, World Trade & Supply Chains; Digital Assets & Tokenization; Capability as a service; and Sustainability & Inclusion.

We are a global team of “Members” (excluding individual ventures), including dedicated colleagues from the Group’s support functions, based in Singapore, Hong Kong, Shanghai, Nairobi, London and San Francisco.  To view information on our benefits including our flexible working please visit our career pages. We welcome conversations on flexible working.


Tagged as:

About Standard Chartered

We offer banking services that help people and companies to succeed, creating wealth and growth across our markets. Our heritage and values are expressed in our brand promise – Here for good.

With more than 86,000 employees and a presence in 60 markets, our network serves customers in close to 150 markets worldwide. We're listed on the London and Hong Kong Stock Exchanges as well as the Bombay and National Stock Exchanges in India.