GLOBAL EXPERIENCE
​
Founder & Executive Leader, Noris Ismail Consulting, Strategy & Policy Ltd
Founded Noris Ismail Consulting, Strategy & Policy (NICSP); an agile advisory and pragmatic data protection, privacy, governance risk consulting firm that embraces diversity, equity and inclusion. Open to collaborate with other firms and data driven organisations, aimed to deliver quality consulting projects. Open to contribute as remunerated Advisor; Non Executive Director (NED) in mid-market organisations that are investing heavily and tactically in Artificial Intelligence, Machine Learning and Quantum Computing or organisations that require check and balance relating to global data governance and risk linked to strategy, scenarios and futures planning, target operating model, implementation and improvement. Open to teamwork in trendy subject matter remunerated research and training that might pose potential risk to data protection, data governance, cybersecurity and ESG (carbon management).
Open to exploring role as an interim Chief Privacy Officer (CPO), Data Protection Officer (DPO), Data Governance Lead, AI Ethics Lead/Advisor and Data Compliance Lead/Advisor, and/or as an extended team of any global data privacy, data governance, cybersecurity, AI consulting projects (either via recruiters' clients, Big4, non-Big4, law firms and boutique risk & consulting, and managed services firms) inside/outside IR35. Daily fixed rate (competitive based on an organisation's budget range, requirements and expectations). Open to giving back to the world via 40 hours of yearly pro-bono mentoring and coaching (subject to conflict of interest clearance). Let's team up together globally!
​
Managing Director, Breakwater Solutions
September 2021-February 2023
Leadership and accountability: Part of global consulting leadership team based in London, with 20+ years of in-house technology counsel and global consulting experience. Leading and growing Global Data Privacy Consulting Team; U.K GDPR, GDPR, CCPA/CPRA, PIPL, DSL and emerging data privacy legislative frameworks in China, Hong Kong and Macau Special Administrative Regions, India, MENA, ASEAN (Malaysia, Singapore, the Philippines, Indonesia) & APAC (Japan, South Korea) Implementation/Improvement Lead in proposals, thought leadership and clients' delivery/engagement.
Technical scope, skillsets and experience: Data Classification (Data lifecycle management), Data Protection Impact Assessment, Legitimate Interest Assessment, Cookies audit/assurance, Privacy by Design/re-Design, Records of Processing Activities, Data Subject Access Request, Third Party Vendor risks, Mergers & Acquisitions data, security and governance risk due diligence, global data transfer, data localisation/sovereignty, data breach triage, workflow & process, global data privacy & governance technology implementation, re-alignment, re-calibration, simplification and improvement. Sectors: data driven & non data-driven sectors.
Global inclusive & humanised leadership: Shaping thought leadership contents triggered by data-driven sectors' feedback, pain points and outlook - emerging data trends, technologies, digital risks, governance and controls, AI, Blockchain and Machine Learning (via roundtables, webinars, podcasts, panels, workshops, seminars, panel sessions - in person, hybrid and online). Key stakeholders: Founders/Owners/Investors, Board of Directors, C-suite, Senior Leadership, CPO, DPO, CISO, CIO, CDO, CRO, CMO, Information Commissioner's Office, Data Protection Authorities, IAPP, global/regional & local law firms, GRC, Security and Privacy technology vendors, insurance and brokers firms, risk consulting firms, and partners/contractors.
​
Managing Director, Ankura
January 2019-June 2021
Led U.K, EMEA and APAC Data Privacy & Governance Consulting Practice. Championed Diversity, Inclusion & Belonging in Ankura (represented EMEA & APAC in VOICE Council). VOICE stands for: Valuing Opportunities for Inclusion, Community & Equality. Mentored and coached future Data & Technology Leaders. Led relationship management with key clients, law firms, technology vendors and alliance by way of collaborative GTM and Business Development activities.
​
Asia Advisory Board (Pro-Bono & Non-Profit Governance role)
IAPP - International Association of Privacy Professionals
Mar 2016 – Jan 2019
Nominated and appointed as one of the IAPP Inaugural Asia Advisory Board members. The role was Pro-Bono and did not have any direct or indirect interest/relationship with Ernst & Young.
The Asia Advisory Board is comprised of a group of privacy professionals actively contributing to the rapid development of the privacy profession in Asia. The board’s responsibilities include, but are not limited to, programming for IAPP Asia conferences and virtual programming events, contributing to the Asia Pacific Dashboard Digest for our Publications department and further development of a training module for use in Asia. The board collaborates via email and occasional conference calls and by networking with peers to promote, support and field inquires about IAPP Asia programs.
​
Senior Manager, Data Protection and Privacy (GDPR Lead for EY UK) EY
Dates EmployedJun 2015 – Jan 2019
Assessing risks, using recognised sources of threat intelligence and business impact assessments; and assessing management of privacy ranging from: people, physical, process and to technology aspects.
Advising on and, where required, managing the transformation and improvement of privacy and security programme in a client organisation; Advising on and implementing performance management and assurance frameworks for privacy and security; Planning and delivery of privacy and security engagements.
Writing client reports; Reviewing quality assurance of client deliverables; Engaging assurance and commercial risk management; and Managing and mentoring junior engagement team members.
​
Board Member/Scientific Director (Pro-Bono & Non-Profit role)
European Privacy Association (EPA)
Dec 2015 – Mar 2017
Brussels Area, Belgium
Disclaimer and disclosure: The appointment did not represent or replace my present role in EY and aimed to be 'Pro-Bono' and 'Non-Profit' oriented. I did not have any shares and substantial transaction interests in EPA.
EPA is a pan-European think-tank leader in the contemporary global debate on privacy, personal data protection and information security. EPA has evolved over time to now offer forward-looking studies which enhance data protection and data security while ensuring the sustainability, grow and innovation which are vital to the new and current businesses.
EPA think-thank brings together experts from the fields of data protection law, Information Technology and security.
​​
​
Executive Director/Head of Data Protection Academy Advisory Board
Jun 2013 – Jun 2015
Kuala Lumpur, Malaysia
Co-founded the first Data Protection Academy (DPA) in Malaysia and Southeast Asia on 18th June 2013 with Eddie Law of e-Lawyer.
Conducted local, regional and global data protection and privacy trainings in Malaysia, Singapore, London and Brussels. Clocked more than 180 hours of data privacy training (since 2010).
Delegates attended:
Leading Multi-national companies
Leading global, regional and local legal firms
Governmental agencies
Academics
Researchers
Advocacy Groups
Consumer-based organisations
​
Co-Founder / Managing Consultant
Jun 2011 – Jun 2015
London and Kuala Lumpur-Singapore
Selected data privacy works:
- Advised a leading global legal firm (based in London) on strategic data privacy issues in its Cloud Computing platforms in ASEAN for its underlying client (the world’s specialist in mobile broadband)
- Consulted the Malaysian Data Protection Commissioner pertaining to the impacts of the Proposed European Data Protection Regulation to the Malaysian Personal Data Protection Act (PDPA) 2010 (Act 709)
- Advised a leading global firm (based in London) on PDPA’s registration, code of practices, subject access request formalities and data transfer issues from the EEA to ASEAN for its underlying client (a leading global conglomerate)
- Consulted a leading Business Coaching London-based firm on practical data privacy matters in talent movement and mobility (within the context of mergers and acquisitions)
- Consulted a dynamic German-based technology company in relation to data privacy culture in Malaysia, ASEAN and APAC
- Consulted a leading global London legal firm (on behalf of its client) on data privacy and other sector specific regulatory issues affected their client's Software As A Service's global roll out platform in Malaysia and Indonesia
- Reviewed and recommended the best practices in data security, retention, deletion and transfer for dynamic and award winning MSC-status companies
- Joint-audited several start-ups's information governance system and recommended BYOD, Social Media, privacy and information security policies
- Reviewed Data User Registration Form 15.1 for a leading global Metadata business provider, having its business and operations entities in the Multimedia Super Corridor Designated Centre based in Penang
- Led and coordinated with a global bank based in London to assisting its Malaysian entity’s data protection readiness and compliance roll out plan via relationship management with the Malaysian Data Protection Commissioner.
- % Breakdown of consulting works: 60% (Business) 20% (Government) 20% (Others)
​
​
HeiTech Padu Berhad​​​:
General Counsel / Company Secretary
Sep 2009 – Sep 2011
Subang Jaya, Selangor Darul Ehsan, Malaysia
As the General Counsel/Company Secretary, reported to the Executive Chairman and the Board of Directors. Overall: Strategised and managed the legal affairs, local, regional and global sector specific legislation data protection strategy & governance, local, regional and global regulatory compliance, intellectual property, risk management and corporate governance of HeiTech Padu Berhad (HeiTech) and its group of companies.
Key Performance Indicators:
- Drafted & reviewed basic to complex global corporate agreements - Joint Venture, Shareholders, Master Outsourcing, Managed Services, Employment, Business Partnership, Reseller, Exclusive Reseller, Intellectual Property Rights & Licensing, Business Loan, Consultancy, Distributorship, and other third parties Agreements;
- Negotiated and resolved legal disputes on behalf of HeiTech (mostly by way of Alternative Dispute Resolution - out of court settlements);
- Enforced intellectual property rights of HeiTech;
- Minimised regulatory risks under the Communications and Multimedia Act (which HeiTech holds as the licensee - Network and Application Service Provider Licenses);
- Coordinated with appointed panel lawyers and investment bankers in relation to various corporate exercises (amongst others, Sale and Leaseback of HeiTech Village, Employee Stock Option Scheme and global, regional and local acquisitions);
- Acted as the Joint-Company Secretary of HeiTech Group to ensuring its corporate governance compliance under the Bursa Securities Berhad Stock Exchange Rules and other applicable legislation;
- Worked tactically and strategically with the Internal Audit, Risk Management, Human Capital, Group Finance on issues relating to regulatory compliance (including but not limited to HeiTech Group - Associate and Investment Companies); and
- Worked holistically with the Corporate Communications team and the Annual Report Working Committee in relation to Annual Report exercise.​
​
Group General Counsel / Company Secretary
Sep 2007 – Sep 2009
Subang Jaya, Selangor Darul Ehsan, Malaysia
Reported to the Senior Vice President, Corporate Services. Overall: Leading, managing and executing all legal affairs ranging from data protection, regulatory compliance, risk management, corporate governance, intellectual property and to mergers and acquisitions.
Achieved Key Performance Indicators:
- HeiTech Intellectual Property rights enforced (Trade Mark and other aspects of HeiTech's copyright and know how notified through paper advertisement and other branding platforms - Annual Report, Intranet and Agreements);
- Zero reprimand by the Bursa Malaysia Securities Berhad;
- Minimum regulatory audits by the Malaysian Communications and Multimedia Commission;
- Resolved most legal disputes by way of Alternative Dispute Resolution - achieved zero litigation either as a Plaintiff, Defendant or a second Plaintiff or Defendant;
- Restructured the Group Legal and Corporate Secretarial via dynamic engagement throughout HeiTech Group business operations/units;
- Kicked-off and managed the General Counsel Quarterly Roadshow and sharing of best practices with other industries (Oil & Gas & Telecommunications);
- Conducted comprehensive due diligence exercise prior and post merger & acquisition of HeiTech Subsidiary Companies in Colombo, Sri Lanka, Jakarta, Indonesia and the Middle East;
- Mitigated legal risks in complex Request For Proposals, Tenders and Contract negotiations with leading local, regional and global companies. Demography outreach: Australia, United Kingdom, United States of America, Germany, China, Indonesia, Singapore, United Arab Emirates and Thailand;
- Assisted the Industrial Relation (IR) Tribunal on matters pertaining to IR laws - by way of expert opinion, independent review an invited legal expert to the IR Tribunal;
- Warned domain name hijackers to stop soliciting the prospective domain name registration of HeiTech;
- Resolved various shareholders' disputes pertaining to intra company business loan.
​
Head, Compliance & Regulatory Affairs
Sep 2005 – Sep 2007
Subang Jaya
Managed and led the compliance and regulatory affairs of HeiTech Padu Berhad (HeiTech) and its group of companies. Worked very closely with the Risk Management, Internal Audit & Assurance, Legal, Group Finance, Human Resource and Administration and Senior Managers of the Group to ensuring compliance with related legislation affecting HeiTech business operations and investments.
​
Compliance Executive
Jun 2002 – Aug 2005
Subang Jaya
Appointed as the first Compliance Executive of HeiTech Padu Berhad (HeiTech) after its 2nd year of listing on the Bursa Malaysia Stock Exchange. Managed the intellectual property (Trade mark, Copyright and Know-How matters), Bursa Malaysia Listing Requirements and other sector specific legislation affected HeiTech's business operations.
Exposed with multifaceted levels of operational exposure throughout HeiTech - ranging from the Account Managers, Project Managers, Managers and to the Senior Management. Presented Compliance Updates to the Management (through quarterly reporting and selected periodic updates).
​​
​
IP/IT Legal Assistant - Michael Chai & Co
Oct 2001 – May 2002
Kuala Lumpur, Malaysia
Assisted the Partners of the firm on contentious and non-contentious Trade Marks, Patents and Copyright matters. 60% of the works involved Intellectual Property Rights works and 40% involved corporate, litigation and and conveyancing works.
Pupil in Chambers - Khaw & Partners
Jun 2000 – May 2001
Kuala Lumpur, Malaysia
Underwent 9 months pupillage under a Senior Partner of the firm. Exposed with variety of corporate, conveyancing, intellectual property (trade mark & copyright) and litigation matters.
​
​
​
​
​
​
​
​