About the Company
Our client is a wholly owned subsidiary of BSE Ltd. ("BSE") and is involved in carrying out the functions of clearing, settlement, collateral management, and risk management for various segments of BSE.
About the Role
The Data Protection Officer (DPO) oversees the Client's data protection and privacy framework in alignment with the Digital Personal Data Protection Act (DPDP Act), SEBI regulations, and financial market infrastructure requirements. The role ensures robust governance of personal data across operations, technology, members, employees, and third parties, acting as the central point of contact for regulators, Data Principals, and internal stakeholders.
Responsibilities
Data Protection Governance
- Develop and maintain data protection policies, standards, and data lifecycle controls.
- Drive privacy-by-design integration, data classification, and employee awareness programs.
Regulatory Compliance (DPDP Act & SEBI)
Ensure compliance with DPDP Act, SEBI / RBI norms, and internal policies.Maintain records of processing, consent management, data retention schedules, and conduct DPIAs and periodic audits.Incident & Breach Management
Lead response for data breaches and unauthorized access incidents.Conduct root-cause analysis and ensure timely regulatory reporting and remediation.Advisory & Stakeholder Alignment
Provide guidance to Technology, Operations, Legal, HR, Risk, and Business units on privacy implications for new processes and systems.Coordinate with CISO and CRO on security and risk management controls.Third-Party & Vendor Data Risk
Assess vendor data practices and ensure compliance with privacy / security clauses.Monitor third-party data access, transfers, and storage controls.Monitoring & Reporting
Maintain documentation, dashboards, and compliance reports for Senior Management and Board Committees.Track KPIs / KRIs on data protection, consent, breaches, and compliance adherence.Qualifications
Educational QualificationBachelor’s / Master’s in Law, IT, Computer Science, Cybersecurity, or related field.Preferred certifications : CIPP / E, CIPM, CDPSE, ISO 27001 LA / LI.Required Skills
Strong knowledge of DPDP Act, SEBI regulations, data governance, and privacy frameworks.Analytical decision-making, high integrity, and ability to manage confidential information.Cross-functional collaboration, regulatory communication, and stakeholder influence skills.Preferred Skills
9–13 years’ experience with 3–5 years in Data Protection, Privacy, Risk, Compliance, or Information Security.Experience in regulated financial / market infrastructure institutions desirable.