Data Privacy & Compliance Specialist

Advisory POD 2

• Implement and manage compliance programs for major data privacy regulations, specifically GDPR (General Data Protection Regulation) and DPDPA (Digital Personal Data Protection Act - India).
• Conduct Data Protection Impact Assessments (DPIAs) and Privacy Impact Assessments (PIAs) for new projects, systems, and data processing activities.
• Advise on data subject rights requests (e.g., access, rectification, erasure) and ensure timely and compliant responses.
• Lead or support HITRUST CSF (Health Information Trust Alliance Common Security Framework) assessments and certification efforts, including control assessment, evidence collection, and readiness reviews.
• Develop, review, and refine comprehensive data privacy and information security policies, standards, and procedures to ensure alignment with GDPR, DPDPA, HIPAA, HITRUST, and ISO 27001.
• Provide expert guidance and consultation to various business units on data privacy and security best practices.

Job Specifications:

• Bachelors degree in Engineering or closely related coursework in technology development disciplines
• Certifications Security+, CIPP/E, CIPP/US, CIPM, CCSFP (good to have, but not mandatory)

2. Experience:

• Total Experience (1): 5-8 years
• Total Experience (2): 2-4 years

Knowledge and Experience:

• Dedicated experience in data privacy, information security compliance, GRC, or IT audit roles.
• Demonstrable practical experience with GDPR principles, implementation, and compliance.
• Strong understanding and practical application experience with HIPAA regulations (Privacy, Security, and Breach Notification Rules).
• Experience with HITRUST CSF assessments, implementation, or ongoing management.
• Proven experience with ISO 27001 implementation, maintenance, or audit support.
• Familiarity with or experience with the DPDPA (Digital Personal Data Protection Act - India) is highly desirable, especially for roles based in or dealing with India.
• Good understanding of information security principles and related compliance controls. Ability to articulate the relevance of the security controls
• Experience in delivery of Information Security risk and compliance advisory services
• Experience in management consulting and information security audits
• Comfortable working in a project based / client serving model

Personal Attributes

• Self-starter and quick learner requiring minimal ramp-up
• Excellent written, oral, and interpersonal communication skills
• Highly self-motivated, self-directed, and attentive to detail
• Ability to effectively prioritize and execute tasks in a high-pressure environment