Legal Counsel - Suntory PepsiCo

A. Data Privacy Program Build-Up & Operations (Primary Focus)

- Privacy Program Governance: Develop and maintain privacy frameworks and policies and automation platform; embed privacy-by-design into new systems and processes; oversee consent governance and data subject rights handling.

- Regulatory Compliance: Monitor and interpret evolving privacy regulations; ensure timely regulatory reporting and manage data breach response protocols. Risk Assessment & Continuous Improvement.

- Conduct privacy gap assessments and compliance health checks: recommend and implement corrective actions; maintain records of processing and oversee data classification and retention practices.

- Data Subject Rights & Consent Management: Create centralized systems for handling data subject requests; ensure SLA compliance and audit traceability; design and maintain consent collection and management procedures.

- Training & Awareness: Support to develop and deliver role-based privacy training programs; lead awareness campaigns; promote a privacy-first culture through internal communication and CEC updates.

- Cross-Functional Collaboration: Work with IT, People & Culture, Marketing, and Operations to embed privacy controls into business processes; support vendor due diligence and contractual safeguards for data handling.

- Technical & Operational Controls: Implement and maintain privacy platform (OneTrust) and controls, including Record of Processing, data classification, retention protocols, Data Loss Prevention (DLP), and access rights review programs.

B. Compliance & Business Ethics Support (Secondary Scope)

- Support the implementation and execution of SPVB’s Compliance & Business Ethics programs, helping reduce regulatory and reputational risks.

- Speak Up Program: Assist in governance and administration of the Speak Up framework, including case intake tracking and investigation coordination.

- Control Environment Committee (CEC) support: Support preparation of quarterly compliance reports, thematic updates, and case studies; Internal communications to reinforce compliance and integrity awareness; Support CEC in cascading compliance priorities and updates to business units.

- Collaborate with relevant functions to close gaps and implement corrective action and enhancement.

(iii) Compliance Healthcheck: Support execution of compliance health checks, data collection, and reporting; track corrective actions.

(iv) Anti-Corruption & Policy Support: Assist in training delivery, risk-based approvals, and third-party due diligence.

(v) Culture of Integrity: Help organize compliance roadshows, training sessions, and internal communication initiatives.

(vi) Special Projects: Provide legal and compliance support for disciplinary cases and emerging priorities

• Bachelor’s degree in Law/ Finance/ Auditing/ Economic or higher
• Minimum 5 years’ experience in one or more of the following: Law firm, Big4 advisory (privacy, technology, or regulatory practice). In-house legal/compliance function (preferably FMCG or MNC). Audit, internal control, or risk management with data privacy exposure.
• Strong understanding of Data Privacy regulations and principles, including consent, data subject rights, breach notification, and cross-border data handling and hands-on or working-level exposure to privacy program implementation is preferred.
• Professional privacy certification is an advantage.
• Strong communication and stakeholder-management skills.
• Proficient English for communication and writing.
• Competent computer skill – Excel, Power Point.