Data Protection & Privacy Officer

Key Roles & Responsibilities

Design and implement data privacy frameworks, data governance, data risk and control framework, policies, and procedures across business units.

Lead privacy-by-design and security-by-design initiatives in collaboration with engineering and IT teams. Conduct system audits, penetration testing, and vulnerability assessments.

Oversee handling of data subject rights requests, and privacy grievance redressal mechanisms. Co-ordinate privacy incident management and response across the organization, including public communication, reporting to affected data subjects, Data Protection and Cyber Security regulators and other authorities.

Ensure compliance with DPDP Act, GDPR, ISO 27001, and other applicable standards.

Serve as the point of contact for grievance redressal and regulatory authorities in relation to data privacy.

Develop and roll out privacy and security training programs across the organization. Promote a culture of data protection and compliance.

Track data-related issues, ownership, reporting requirements and resolution timelines. Provide strategic updates to senior management and maintain metrics for deliverables, adoption and compliance.

Collaborate with various cross functional teams including legal, compliance, technology, information security, customer service to ensure alignment and accountability.

Manage and implement security protocols to ensure data integrity and protection. Advising the senior management on evolving regulations, security threats and adapting strategies accordingly.

Mentor the data protection team, fostering collaboration with cross-functional teams and guide various businesses to ensure compliance with data protection / data privacy requirements.

Oversee vendor contracts and ensure third-party compliance with data protection obligations.

Lead annual Data Protection Impact Assessments (DPIA) and audits as mandated for Significant Data Fiduciaries.

Preferred Certification :

Certified Information Systems Security Professional (CISSP)

Certified Information Privacy Professional (CIPP / E, CIPP / US)