Data Security Lead

Role & responsibilities

1. Data Protection Strategy & Governance:

1.1. Build a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of protected information across all media types.

1.2. Ensure data protection controls and policies are consistently applied across all data storage and processing facilities, including on-premises data centers, cloud environments (SaaS, PaaS, IaaS), and hybrid infrastructure.

1.3. Align data security governance with the overall data governance for the enterprise.

1.4. Monitor end-to-end data lifecycle and create appropriate policies and processes for data disposal.

Data Classification, DLP, and IRM:

2.1. Define, implement, and maintain the organization's Data Classification framework to accurately label and handle data based on sensitivity and regulatory mandates, ensuring framework coverage extends to all data locations.

2.2. Implement and manage the Data Loss Prevention (DLP) solution across endpoint, network, and cloud environments (including CASB) to prevent unauthorized data exfiltration.

2.3. Lead the strategy and execution of Information Rights Management (IRM) to ensure persistent protection for sensitive files both internally and externally.

2.4. Implement and manage data protection controls for the organization.

2.5. Ensure requisite technologies and systems are in place to control data, securing information for both internal customers (employees) and external customers.

Monitoring, Reporting, and Incident Response:

3.1. Oversee day-to-day operations and monitor incidents and threats related to data leakage or risk of leakage.

3.2. Lead the reporting and investigation of any data security risks or breaches related to data classification policy violations, DLP alerts, or unauthorized IRM usage.

3.3. Scan internal and external environment for identifying threats to data and plan to mitigate the identified risks through improvement in specific processes, policies, or technologies.

3.4. Oversee physical security operations aimed at securing critical data assets.

Regulatory & Project Management:

4.1. Ensure regulatory mandates are duly complied with.

Respond to ad-hoc requests and address queries posted by government and other regulatory authorities on data privacy and security matters.

Preferred candidate profile

1. Expertise in Data Loss Prevention (DLP), Information Rights Management (IRM), and Data Classification tools and best practices.
2. Demonstrable experience working in data protection compliance or a related field.
3. Expertise in Global & Indian data protection & privacy laws and regulations.
4. Experience in using & managing privacy tools like One Trust, Data Grail, Security etc.
5. Certification in ISO 27001 Implementation preferable.
6. Certifications on either CISA / CISSP/PMP preferable.
7. Strong analytical & problem-solving skills with ability to translate ideas into practical implementation.
8. Ability to manage stakeholder relationships including team members, vendors and partners.
9. Excellent leadership and communication skills with ability to present and communicate effectively with both technical and non-technical audience.
10. Ability to provide technical and professional leadership, guidance, and training to others.