Privacy & AI Risk and Rights Senior Analyst

Do you want to take the first step in making Filipinos’ lives better everyday? Here in GCash we want to stay at the forefront of the FinTech industry by creating innovative, meaningful, and convenient financial solutions for the nation! G ka ba? Join the G Nation today!

Key Responsibilities

Data Subject Rights and External Requests

• Review, manage, and fulfill data subject requests (DSRs) under applicable laws (e.g., access, erasure, objection, rectification), including those related to AI-generated outputs or automated decisions.
• Handle inquiries from external stakeholders, such as regulators, partners, or vendors, relating to privacy and AI compliance.
• Draft or contribute to due diligence reports showcasing the company’s data protection practices.
• Maintain request logs and ensure accurate, timely responses aligned with regulatory deadlines.

Risk Assessment and Pre-Launch Governance

• Support completion of Privacy Impact Assessments and AI Risk Assessments, including threshold analysis for systems involving AI or ML.
• Review user-facing privacy and AI-related UI/UX flows for regulatory alignment and transparency.
• Collaborate with product, engineering, and legal teams to identify, document, and mitigate risks during the planning or pre-launch phase of initiatives.

Incident Support and Investigations

• Support the investigation and documentation of privacy and AI-related incidents, including data breaches.
• Participate in root cause analysis and the preparation of reports for internal stakeholders and regulatory bodies
• Monitor implementation of mitigation measures and track incident resolution progress.

Documentation and Reporting

• Maintain structured records of all requests, assessments, and incidents for audit and regulatory purposes.
• Contribute to the development of compliance dashboards and operational reports.

Qualifications and Requirements

Education

• Bachelor’s degree in Criminology, Public Policy, Data Governance, Information Systems, or a related field
• Privacy certifications (e.g., CIPP/E, CIPP/A, CIPM, CIPT, ISO 27701) and AI governance or cybersecurity certifications (e.g., ISO 27001, Responsible AI short courses) are a plus but not required

Experience

• 5–7 years of experience in privacy compliance, data protection operations, risk assessments, or governance-related roles
• Familiarity with global privacy frameworks (e.g., GDPR, Philippine DPA, CCPA) and emerging AI regulatory approaches
• Experience managing DSRs and contributing to risk reviews or privacy assessments

Exposure to handling or supporting incident investigations is preferred

Do you want to take the first step in making Filipinos’ lives better everyday? Here in GCash we want to stay at the forefront of the FinTech industry by creating innovative, meaningful, and convenient financial solutions for the nation! G ka ba? Join the G Nation today!

Key Responsibilities

Data Subject Rights and External Requests

• Review, manage, and fulfill data subject requests (DSRs) under applicable laws (e.g., access, erasure, objection, rectification), including those related to AI-generated outputs or automated decisions.
• Handle inquiries from external stakeholders, such as regulators, partners, or vendors, relating to privacy and AI compliance.
• Draft or contribute to due diligence reports showcasing the company’s data protection practices.
• Maintain request logs and ensure accurate, timely responses aligned with regulatory deadlines.

Risk Assessment and Pre-Launch Governance

• Support completion of Privacy Impact Assessments and AI Risk Assessments, including threshold analysis for systems involving AI or ML.
• Review user-facing privacy and AI-related UI/UX flows for regulatory alignment and transparency.
• Collaborate with product, engineering, and legal teams to identify, document, and mitigate risks during the planning or pre-launch phase of initiatives.

Incident Support and Investigations

• Support the investigation and documentation of privacy and AI-related incidents, including data breaches.
• Participate in root cause analysis and the preparation of reports for internal stakeholders and regulatory bodies
• Monitor implementation of mitigation measures and track incident resolution progress.

Documentation and Reporting

• Maintain structured records of all requests, assessments, and incidents for audit and regulatory purposes.
• Contribute to the development of compliance dashboards and operational reports.

Qualifications and Requirements

Education

• Bachelor’s degree in Criminology, Public Policy, Data Governance, Information Systems, or a related field
• Privacy certifications (e.g., CIPP/E, CIPP/A, CIPM, CIPT, ISO 27701) and AI governance or cybersecurity certifications (e.g., ISO 27001, Responsible AI short courses) are a plus but not required

Experience

• 5–7 years of experience in privacy compliance, data protection operations, risk assessments, or governance-related roles
• Familiarity with global privacy frameworks (e.g., GDPR, Philippine DPA, CCPA) and emerging AI regulatory approaches
• Experience managing DSRs and contributing to risk reviews or privacy assessments

Exposure to handling or supporting incident investigations is preferred