Data Protection Officer

We want to shape the future with vision and innovation. Be part of it and develop your full potential!

As part of the global NTT DATA Group, one of the most successful IT service providers in the world, we specialize in value-added SAP solutions as NTT DATA Business Solutions. With over 12,000 employees in more than 30 countries, we design, implement, and develop custom-fit SAP solutions for our global customers.

Would you like to take the next step in your career and be part of our highly qualified team?

Are you ready to break new ground?

Job Title: Data Protection Officer (DPO)

Experience:

Job Location:

Role Overview:

The Manager Data Protection & Privacy supports the organizations Data Protection Officer (DPO) function and is responsible for building, operating, and monitoring the privacy compliance framework under the Digital Personal Data Protection Act (DPDP Act) 2023 and global client requirements (GDPR, ISO 27701, SOC 2, etc.).

This role ensures that all personal data is processed lawfully, securely, and transparently across the organization through effective governance, documentation, DSAR handling, vendor assessments, and incident-management coordination.

Key Responsibilities

A.

• Support the DPO in implementing and maintaining compliance with the Digital Personal Data Protection Act, 2023 and GDPR requirements
• Maintain and update the Record of Processing Activities (ROPA) and enterprise-wide data inventory across HR, IT, Sales, Delivery, Marketing, and Vendor functions.
• Assist in preparing privacy notices, consent language, internal guidelines, and data-handling SOPs.

B. DSAR & Rights Handling

• Manage the end-to-end workflow for Data Principal Rights: Access, Correction, Erasure, Consent Withdrawal, and Grievances.
• Maintain DPDP-compliant logs, turnaround times, and reporting dashboards.

C. Privacy Governance & Documentation

• Draft, update, and operationalise policies, including:
• Data Retention & Disposal
• Information Handling & Access
• Vendor Data Protection Guidelines
• Breach Response SOP
• Maintain structured documentation aligned with ESG, ISO 27001/27701, SOC2 and client contract requirements.

D. Vendor & Third-Party Compliance

• Conduct privacy/security assessments for new vendors and tools.
• Review vendor DPAs, NDAs, and data-handling terms under supervision of the Head LRC and DPO.
• Track and escalate high-risk vendor issues.

E. Awareness & Training

• Assist in rolling out privacy awareness programs, toolkits, intranet content, and mandatory training modules.
• Support delivery teams/HR/IT with compliance clarifications.

F. Incident & Breach Support

• Maintain the Breach Register and assist the DPO in triage, documentation, evidence collection, and root-cause analysis.
• Coordinate with InfoSec, IT, HR, and Legal during investigations.

G. Audit & Reporting

• Support internal audits, client audits, vendor audits, and certification assessments (ISO 27701, SOC2).
• Prepare monthly compliance reports for MD/CEO and governance decks for the Board, as required by the DPO

Required Qualifications & Experience

• Education: Bachelors degree required; preference for Law, IT, Management, Cybersecurity, or related fields.

Experience

• 7-9 years of experience in:
• Data privacy
• Legal/compliance
• Information security
• Risk management
• Governance or IT audits

(Experience can be mixed across these domains; direct privacy experience is preferred but not mandatory.)

Skills

• Strong understanding of privacy principles, the DPDP Act, the GDPR and general compliance frameworks.
• Ability to interpret policies, draft documents, and manage structured workflows.
• Good coordination skills across IT, HR, Legal, Delivery, and Operations.
• Strong written & verbal communication.
• Ability to handle sensitive incidents confidentially and professionally.

Certifications (Preferred but not mandatory)

• DCPP (Data Protection Professional – India)
• CIPP/A, CIPP/E, CIPM or equivalent
• ISO 27001/27701 Internal Auditor
• Any recognised privacy or cybersecurity certification

Key Competencies

• Integrity & independence
• Analytical and process-oriented thinking
• Stakeholder management capability
• Meticulous documentation skills
• Ability to escalate issues appropriately
• Understanding of risk and control frameworks

Key Outcomes (First 12 Months)

• Up-to-date ROPA and organisation-wide data map.
• Fully operational DSAR & grievance workflow.
• Updated privacy notices, policies, and internal SOPs.
• Vendor privacy review process established.
• Privacy training delivered to all employees.
• Quarterly compliance dashboards ready for MD/CEO and Board reporting

Get empowered by NTT DATA Business Solutions!

• Are you the person we're looking for? If yes, we look forward to receiving your application for this vacancy. Write to

  satyendra.tvnr@bs.nttdata.com