Information Risk & Data Privacy Management

Prudential's purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured, for our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support our people's career ambitions. We pledge to make Prudential a place where you can Connect, Grow, and Succeed.

responsible to act as "first line of defense" providing assurance and oversight on information and privacy risks that might pose a threat to the business.

govern and manage information risk and data privacy area in Prudential Life Assurance Indonesia, including:
1. act as focal point in providing business with assurance that processes, tools and technologies are operating effectively to mitigate risk to information.

2. First line of review in security authorization for request from functions for exemptions to standard access and use of tools and technologies.

3. Coordinate and submit timely regular reporting to PCA Information Risk:

- Sensitive Information Transfer Register
- Incident Reporting

4. Coordinate to ensure PLAI compliant according to local and global governance assurance

5. Coordinate and support completion of PCA led Functional and Risk review as set out in annual timetable.

6. Carrying out awareness and training program both PLAI program and PCA direction awareness campaign to increase the maturity of PLAI in managing information risk.

7. Support the implementation of PCA Information Risk policies and guidance. To role as focal point in supporting functions as required to manage risks to information appropriately:

- To ensure projects to take account of risk to information
- Advice and guidance on information risk issues

8. Carrying out third party information risk review to ensure PLAI interest over information risk are properly managed and controlled. Conduct local initiative awareness. Comply to regulatory, data privacy and others which related.