Data Privacy Deputy Manager

Roles and responsibilities:

• Create and implement privacy frameworks aligned with global regulations such as GDPR, DPDPA, CCPA/CPRA, ADHICS, PDPA (Singapore, Malaysia, Philippines), etc.

• Develop and maintain detailed Risk Control Matrices (RCMs) for multi-jurisdictional privacy compliance, mapping each regulatory requirement to control objectives, testing procedures, and evidences.

• Conduct comprehensive Privacy Gap Assessments for clients across sectors (BFSI, EdTech, BPO, Hospitality, Manufacturing, etc.), covering governance, policies, data flow, retention, vendor management, and rights management.

• Perform Data Protection Impact Assessments (DPIA), Legitimate Interest Assessments (LIA), and RoPA (Record of Processing Activities) preparation.

• Review client artefacts, policies, and procedures against regulatory requirements; identify gaps; and recommend practical, risk-based remediation actions with design and implementation guidance.

• Lead or support walkthrough sessions with business functions (HR, IT, Legal, Procurement, IS, Finance, etc.) to evaluate data privacy controls, capture responses, and validate findings.

• Develop privacy governance frameworks, including charters, accountability matrices, DPO office structures, and reporting mechanisms.

• Draft and update privacy documentation including policies, notices, consent mechanisms, SOPs, and privacy clauses in contracts and vendor agreements.

• Conduct technical and process-based assessments of applications, cloud systems, and vendors to evaluate compliance with privacy and security standards.

• Prepare internal and client-facing reports, including IA-style audit reports with detailed observations, root cause analysis, impact assessment, and step-by-step recommendations.

• Design and deliver training and awareness sessions for management and employees on privacy obligations, incident management, and best practices.

• Support incident response and breach management by advising on notification requirements, root cause remediation, and documentation. • Develop data classification frameworks, create data flow diagrams, and support implementation of tools for data discovery and leakage prevention.

• Support integration of privacy controls into enterprise risk, internal audit, and compliance frameworks, including COSO mapping and maturity scoring.

• Collaborate with clients DPOs and compliance teams to monitor regulatory updates and assess operational impact on existing privacy programs.