Legal Manager

BGC, Taguig, Philippines
Full Time
Manager/Supervisor

Job Title: Legal Manager
Location: BGC, Taguig
Employment Type: Full-Time

About Us

PalmPay is a fast-growing fintech company dedicated to transforming digital financial services through innovative payment and consumer finance solutions. Our mission is to make financial services more accessible, secure, and rewarding for everyone.

As we continue to expand in the Philippines, we are driving growth through mobile installment solutions in partnership with leading device brands such as Tecno, Infinix, and Itel—empowering consumers with flexible and affordable financing options.

Role Overview:

III. Key Responsibilities
(A) Legal Responsibilities (excluding general compliance management)
1. Full Lifecycle Contract Management
  • Draft, review, revise, and negotiate various commercial contracts and legal documents, including but not limited to:
  • Partnership agreements with mobile phone retailers / distributors / brand owners
  • Agreements with payment service providers, e-wallets, banks, and other financial institutions
  • Data access agreements with data service providers and credit bureaus (e.g., CIC)
  • Service agreements with collection agencies and outsourced service providers
  • User loan agreements, installment service agreements, etc.
  • Establish and maintain a contract template library; optimize contract approval processes to protect the company’s interests and control legal risks.
2. Legal Advisory & Business Support
  • Provide day‑to‑day legal advice to product, operations, marketing, risk, collection, and other departments, including legal risk assessment for new product/feature launches.
  • Interpret and advise on the impact of Philippine consumer credit laws (e.g., Financing Company Act, Lending Company Regulation Act, Consumer Protection Act, etc.) on business operations.
  • Assist business teams in designing legally compliant business models (design and implementation of compliance systems are handled by the compliance team).
3. Dispute Resolution & Litigation Management
  • Manage all legal disputes, litigation, and arbitration cases involving the company, including but not limited to:
  • Overdue repayment disputes with borrowers (legal support for small claim recovery)
  • Contract disputes with merchants, suppliers, and partners
  • Liability disputes with third parties (e.g., collection agencies)
  • Coordinate with external counsel to develop litigation strategies, track case progress, and control legal costs.
  • Handle cease‑and‑desist letters, court documents, and regulatory inquiries (to the extent legal opinions are required; compliance team leads regulatory interface).
4. Legal Risk Identification & Prevention
  • Periodically review business processes, marketing materials, user interface copy, etc., to identify potential legal risks (e.g., false advertising, unfair terms, infringement risks) and recommend corrective actions.
  • Track the latest Philippine laws, regulations, and case law related to consumer finance, e‑commerce, contracts, torts, etc., and issue legal risk alerts to management and relevant departments.
5. Intellectual Property Management
  • Manage trademark registration, maintenance, and enforcement; handle potential trademark or copyright disputes.
  • Review IP‑related agreements (e.g., software licenses, co‑branding agreements).
6. External Counsel Management
  • Select and supervise external law firms to ensure efficient, high‑quality, and cost‑effective services for litigation, due diligence, and special legal projects.
7. Internal Legal Training
  • Provide regular legal training to business, operations, collection, and other departments on topics such as contract execution, consumer protection red lines, and legal boundaries of collection practices.
(B) Data Protection Officer (DPO) Responsibilities
In accordance with the Philippine Data Privacy Act (RA 10173) and the rules and issuances of the National Privacy Commission (NPC) , the DPO shall perform the following statutory duties:

1. Data Privacy Compliance Oversight
  • Monitor the company’s compliance with the Data Privacy Act, its IRR, and relevant NPC circulars (e.g., NPC Circular 20‑01).
  • Develop, maintain, and update the company’s data privacy manual, privacy policies, and standard operating procedures for data processing.
  • Ensure that the collection, processing, storage, transfer, and deletion of personal information (especially sensitive personal information of borrowers) always follow the principles of lawfulness, legitimacy, necessity, and purpose limitation.
2. Record of Processing Activities & Compliance Review
  • Maintain the company’s Record of Processing Activities (ROPA); periodically review the compliance of various data processing activities.
  • Conduct Privacy Impact Assessments (PIA) or compliance reviews for business systems and mobile app permissions (especially sensitive permissions such as contacts and location) that involve personal information.
3. Data Subject Rights Response
  • Establish and manage a mechanism for receiving and handling Data Subject Requests (DSRs), including rights of access, rectification, erasure (right to be forgotten), objection, and data portability.
  • Ensure that the company effectively responds to data subject requests within the legally prescribed period (generally a reasonable time but not exceeding 30 days after verification).
4. Data Breach Management
  • Establish and maintain a data breach response and reporting mechanism.
  • In the event of a data breach, lead the internal investigation, assess the risk, and report material breaches to the NPC within 72 hours, notifying affected data subjects when required.
5. Privacy Impact Assessment (PIA) & Third‑Party Management
  • Initiate Privacy Impact Assessments for new data processing activities, systems, or business processes.
  • Review Data Processing Agreements (DPAs) with third parties (e.g., collection agencies, cloud service providers, data analytics vendors) to ensure they have adequate data security capabilities and assume appropriate responsibilities.
6. Employee Training & Privacy Awareness
  • Organize regular data privacy training for employees to ensure that all personnel handling personal information understand their legal obligations and the company’s privacy policies.
7. Liaison with Regulatory Authorities
  • Serve as the company’s primary point of contact with the National Privacy Commission (NPC), handling regulatory inquiries, compliance inspections, annual reporting (if required), etc.
  • Represent the company before the NPC in case of data‑related disputes or complaints.
8. Privacy Audits & Continuous Improvement
  • Conduct periodic internal privacy compliance audits, identify gaps, and drive remediation.
  • Track the latest NPC guidelines, enforcement actions, and legislative developments; report to management in a timely manner and propose compliance improvement recommendations.
Note: The DPO responsibilities are mandated by law. While performing the DPO functions, this role may coordinate with other departments (e.g., IT security, operations, product) to accomplish tasks, but ultimate oversight for data privacy compliance rests with this position.

IV. Qualifications
Basic Requirements
  • Education: Bachelor of Laws (LL.B.) or Juris Doctor (J.D.) degree.
  • Bar Admission: Must be a duly admitted member of the Integrated Bar of the Philippines (IBP) with a valid lawyer’s license.
  • Experience: At least 5 years of legal practice, including at least 3 years as in‑house legal counsel for a financial institution, consumer credit company, financing company, fintech company, or a reputable law firm. Hands‑on experience in data privacy (e.g., handling DPO functions, data breach response, PIAs) is strongly preferred.
  • Language: Fluent in English (written and spoken) and Filipino/Tagalog, capable of drafting legal documents and communicating with regulators (including NPC) in both languages.

Professional Competencies
  • Legal skills: Strong contract drafting and negotiation skills under Philippine contract law; familiarity with consumer credit regulations; practical experience in civil/commercial litigation or dispute resolution.

  • Data privacy skills: In‑depth understanding of the Data Privacy Act (RA 10173) and NPC regulations; ability to independently perform statutory DPO duties.

  • Problem‑solving: Ability to independently analyze complex legal and data privacy issues and provide clear, actionable, business‑oriented advice.
  • Collaboration: Strong cross‑functional communication skills to work effectively with business, technical, and security teams.
Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume or Paste resume
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

To comply with government Equal Employment Opportunity and/or Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.
Human Check*