Lead, Compliance & Data Protection

JOB TITLE: Lead, Compliance & Data Protection
REPORTING TO: Head, Security 

About the Role

EVYD Technology is a healthcare AI company operating at the center of Brunei’s digital health ecosystem, including national platforms such as BruHealth and Dr Buddy. As our regulatory and security landscape continues to evolve across ISO/IEC 27001, Brunei PDPO, SOC 2 and broader privacy compliance initiatives, we are looking for a Compliance & Data Protection Lead to support and strengthen the organization’s compliance and privacy governance programs.

This role will work closely with security, engineering, product, IT, HR, legal, and business stakeholders to support compliance operations, regulatory readiness, and data protection initiatives across the company. The successful candidate will play an important role in policy governance, audit coordination, privacy compliance, and stakeholder engagement activities related to healthcare technology and sensitive data environments.

Candidates with solid foundations in compliance, governance, audit, privacy, or risk management who may not yet have exposure across all listed frameworks are still encouraged to apply.

This role is based in Brunei Darussalam.

Your key responsibilities include:

1. Compliance Governance & ISO/IEC 27001

• Support the maintenance and continuous improvement of the company’s compliance and governance frameworks, including the Information Security Management System (ISMS).
• Coordinate internal audits, management reviews, and external audit activities, including surveillance and certification exercises.
• Track corrective and preventive actions (CAPA) and support closure of audit findings and compliance gaps.
• Maintain and update policies, procedures, standards, and governance documentation.
• Support risk assessment, compliance monitoring, and documentation review activities across business and operational functions.

2. Privacy & Data Protection

• Support the company’s privacy and data protection initiatives in alignment with Brunei PDPO and other applicable data protection frameworks.
• Maintain Record of Processing Activities (RoPA), data inventory, and data flow documentation.
• Coordinate Data Protection Impact Assessments (DPIAs) and privacy reviews for products, systems, operational processes, and vendor engagements where required.
• Work closely with cross-functional teams to support privacy-by-design, data minimization, and data governance practices.
• Support regulatory, customer, and stakeholder engagements related to privacy and data protection matters.
• Assist in reviewing data retention, consent management, and cross-border data handling practices.

3. Compliance Programs & Audit Coordination

• Coordinate compliance readiness activities related to ISO 27001, SOC 2, and internal governance requirements.
• Support audit preparation activities, evidence collection and compliance documentation reviews.
• Assist in tracking compliance obligations, remediation activities, and ongoing governance initiatives.
• Work with internal stakeholders to support continuous improvement of compliance processes and controls.

4. Third-Party & Customer Compliance

• Support third-party due diligence, vendor compliance reviews and related governance activities.
• Assist in reviewing compliance-related contractual requirements and documentation where applicable.
• Support responses to customer compliance questionnaires, audit requests and data protection inquiries.
• Maintaining customer-facing compliance documentation and standard governance materials where required.

5. Governance, Awareness & Stakeholder Collaboration

• Support compliance reporting, KPI tracking, and roadmap coordination activities.
• Coordinate awareness sessions and training initiatives related to compliance, privacy, and data protection.
• Work closely with internal stakeholders on policy updates, governance improvements and regulatory developments.
• Stay informed on emerging compliance, privacy, and AI governance developments relevant to healthcare technology environments.

Required Qualifications and Experience:

• Bachelor’s degree in Information Security, Law, Risk Management, Business, Computer Science, or a related discipline.
• Approximately 5+ years of experience in compliance, governance, privacy, risk management, IT audit, or related functions.
• Practical exposure to ISO/IEC 27001, compliance audits, governance frameworks, or risk management programs.
• Familiarity with privacy and data protection concepts, including PDPO, GDPR, PDPA, or similar frameworks.
• Experience coordinating with cross-functional stakeholders across business and technical teams.
• Strong proficiency in English and Malay is required to support local and stakeholder communications and prepare reports, policies, and documentation independently.
• Organized, detail-oriented, and able to manage multiple priorities effectively.
• Eligibility to work in Brunei Darussalam.

Preferred Qualifications:

• Professional certifications such as CIPP/E, CIPM, CISA, CISM, CISSP, ISO 27001 Lead Auditor/Lead Implementer or related certifications.
• Exposure to healthcare, SaaS, fintech, or other regulated industry environments.
• Familiarity with SOC 2, vendor governance, or customer compliance processes.
• Understanding of data governance, privacy operations, or emerging AI governance frameworks is advantageous.
• Mandarin Chinese is an advantage for collaboration with regional teams.