Legal Regulatory

Carousell Group is one of the world's largest and fastest growing classifieds marketplace platforms across Southeast Asia, Taiwan and Hong Kong.

Started in August 2012, Carousell Group began in Singapore and now has a leading presence in eight markets under the brands Carousell, Mudah, Chot Tot and OneKyat, serving tens of millions of monthly active users. Carousell Group is backed by Telenor Group, Rakuten Ventures, Naver and Sequoia Capital.

The Legal team is responsible for all legal and compliance aspects of Carousell's operations across all countries where Carousell has a local presence including Malaysia, Hong Kong, Taiwan, Indonesia, Philippines, Singapore, Myanmar and Vietnam. This role will be a headquarters role covering all markets.

Do you want your work to impact product features and services used by millions? Are you highly motivated, creative and passionate about law and technology? If so, then Carousell's legal team is looking for you

This role will report to the Legal Director.

**You Will**:

- Work with the business units, information and security, legal and compliance and Trust & Safety teams to scope and perform periodic data privacy risk assessments, mitigation and remediation, including data control design and monitoring, as well as the mitigation of privacy and security risks.
- Manage, monitor and scale the group's existing data protection management plan, including privacy operations and documentation; employee training; policy enforcement, monitoring and auditing; and incident response. Ensure the program's ongoing, consistent and efficient operation
- Support the group's cybersecurity management plan
- Respond to privacy and security-related customer and regulatory inquiries and investigations, and draft regulatory filings, coordinating such responses with global positions
- Draft external privacy notices and disclosures, and manage/update internal policies and procedures to ensure compliance with global laws bearing on privacy and cybersecurity
- Support government relations outreach to legislators and regulatory agencies
- Support the Company's efforts to reduce regulatory obstacles to the Company's ability to develop and support our core and emerging products and capabilities and maintain our ongoing freedom to operate
- Remain up-to-date on relevant consumer protection, privacy and data security laws and regulations, as well as on technological developments, threat vectors, and evolving industry standards to ensure an ongoing ability to provide sound compliance advice

**You have**:

- At least 4 years PQE, with relevant experience in top-tier law firms and/or in-house legal departments, including at least 4 years of experience as regional (preferably APAC) regulatory counsel in corporate, government or law firm environment, with experience in legislative and regulatory engagement
- Experience providing pragmatic and actionable advice on various legal risks and obligations under privacy and data security laws in APAC privacy and data security laws. Experience with the Europe (including Privacy Shield and GDPR) and data security laws a plus
- Developed and implemented cyber security and personal data management plans
- Advised on and managed internal policies and procedures on data use, security, and privacy
- Fluency translating legal advice into actionable guidance for innovative product, engineering, and business teams.
- Experience driving, prioritizing, and effectively managing cross-functional initiatives, and an ability to both work independently and with large multi-stakeholder teams
- Sharp analytical and communication skills, are diligent, proactive, collaborative, and have demonstrated excellent legal and business judgment and strategic thinking
- Experience advising on cyber security, privacy and data security in commercial transactions a plus
- Sound and practical business judgment, intellectual creativity, strong ethical compass, and problem-solving skills
- The ability to demonstrate initiative and practice good judgment when advising on, and building, a practical compliance framework, across different markets
- Experience in fast-evolving and dynamic industries like e-commerce, with legal experience in regulatory, TMT, IP, data privacy, M&A, and consumer protection related issues
- Able to work independently and in a team, with initiative to seek guidance as necessary
- Willingness and enthusiasm to learn and grow with the business
- A particular interest and broad knowledge of e-commerce, consumer technology, convenience and shipping
- Our users at heart