Assistant Vice President

About the Company

Our client is a wholly owned subsidiary of BSE Ltd. ("BSE") and is involved in carrying out the functions of clearing, settlement, collateral management, and risk management for various segments of BSE.

About the Role

The Data Protection Officer (DPO) oversees the Client's data protection and privacy framework in alignment with the Digital Personal Data Protection Act (DPDP Act), SEBI regulations, and financial market infrastructure requirements. The role ensures robust governance of personal data across operations, technology, members, employees, and third parties, acting as the central point of contact for regulators, Data Principals, and internal stakeholders.

Responsibilities

Data Protection Governance

• Develop and maintain data protection policies, standards, and data lifecycle controls.
• Drive privacy-by-design integration, data classification, and employee awareness programs.

Regulatory Compliance (DPDP Act & SEBI)

• Ensure compliance with DPDP Act, SEBI/RBI norms, and internal policies.
• Maintain records of processing, consent management, data retention schedules, and conduct DPIAs and periodic audits.

Incident & Breach Management

• Lead response for data breaches and unauthorized access incidents.
• Conduct root-cause analysis and ensure timely regulatory reporting and remediation.

Advisory & Stakeholder Alignment

• Provide guidance to Technology, Operations, Legal, HR, Risk, and Business units on privacy implications for new processes and systems.
• Coordinate with CISO and CRO on security and risk management controls.

Third-Party & Vendor Data Risk

• Assess vendor data practices and ensure compliance with privacy/security clauses.
• Monitor third-party data access, transfers, and storage controls.

Monitoring & Reporting

• Maintain documentation, dashboards, and compliance reports for Senior Management and Board Committees.
• Track KPIs/KRIs on data protection, consent, breaches, and compliance adherence.

Qualifications

• Educational Qualification

• Bachelor’s/Master’s in Law, IT, Computer Science, Cybersecurity, or related field.
• Preferred certifications: CIPP/E, CIPM, CDPSE, ISO 27001 LA/LI.

Required Skills

• Strong knowledge of DPDP Act, SEBI regulations, data governance, and privacy frameworks.
• Analytical decision-making, high integrity, and ability to manage confidential information.
• Cross-functional collaboration, regulatory communication, and stakeholder influence skills.

Preferred Skills

• 9–13 years’ experience with 3–5 years in Data Protection, Privacy, Risk, Compliance, or Information Security.
• Experience in regulated financial/market infrastructure institutions desirable.