Job
Description
Role & responsibilities Play a key role in fostering a data protection culture within the organisation and helping implement essential elements of the data protection & confidentiality policy such as the principles of data processing, data subjects rights, data protection by design and default, records of processing activities, security of processing and notification and communication of data breaches. Policy and Procedure Development: Design, implement, and maintain data protection policies and procedures in line with relevant laws and best practices. Monitoring Compliance: Ensure the organization's adherence to privacy and data protection regulations, and regularly review the effectiveness of data protection controls. Legal Support & Data Protection Impact Assessments (DPIA): Oversee DPIAs to evaluate potential risks associated with the processing of personal data and provide legal guidance to mitigate those risks. Privacy Impact Assessment (PIA) & Risk Management: Conduct PIAs to identify and minimize privacy risks, and implement measures for risk management and mitigation. Data Protection Training & Awareness: Develop and deliver data protection training to all staff members, raising awareness of data security and privacy best practices. Vendor & Third-Party Risk Management: Evaluate and manage risks associated with third-party service providers and vendors to ensure their compliance with data protection requirements. Data Governance & Data Stewardship: Establish and oversee the organizations data governance framework, ensuring proper management, usage, and protection of data assets. Data Subject Requests (DSR) Management: Manage requests from data subjects regarding access to personal data, data deletion, or other data-related queries, ensuring full compliance with data protection regulations. Overall responsibility for monitoring compliance with Data Protection Policy; Liaison with IT to collect Data Leakage Prevention reports and analyse them. Identify and monitor the data processors whilst at work, ensuring that they deal with data in a manner consistent with the key data protection principles. To build understanding and awareness of data privacy issues throughout the organization, the DPO must have excellent communication and presentation skills Maintain excellent working relationships with business teams, Business Heads encouraging a positive culture of compliance and ethical behaviour by working with the business to achieve a shared vision and strategy. Develop and maintain a knowledge base for privacy and data protection laws as applicable to Protiviti India Member Firm Provide organizational compliance and conformance reports on privacy and data protection to the top management. Provide guidance to delivery and support functions on processing of personal data. Conduct Assessments, Review processes, identify gaps, and suggest mitigation and follow-up on the closure of identified gaps. Maintain data flow maps for the process where personal data is processed. Undertake data protection and privacy compliance audits in accordance with applicable requirements Support the business in identifying data protection and privacy risks by reviewing and advising on Data Privacy Impact Assessments as required. Take into account the risk associated with processing activities being undertaken and be able to advise the business accordingly having regard to the nature, scope, context and purposes of the processing. Keep track of changes in the relevant legislations related to Privacy and the Data Protection Acts, interpret, convert these requirements into controls and provide guidance to all stakeholders Development and update a comprehensive privacy awareness training program and promote awareness across the company Preferred candidate profile Education: Bachelor's degree in Law, IT, Computer Science, or a related field. A Masters degree in Data Privacy, Information Security, or Cyber Law is highly desirable. • Certifications (Required): Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM) Certified Information Security Manager (CISM) • Certifications (Good to have): Certified Data Privacy Solutions Engineer (CDPSE) ,Certified Information Systems Security Professional (CISSP) Experience: Minimum of 12-14 years of experience in Data Security, Privacy Management, or Information Security. Extensive experience with privacy laws and regulations, including GDPR, CCPA, DPDP Act, etc. Proven track record of implementing and managing data protection and privacy programs in large organizations
