Digital - Data Privacy Manager

Godrej Enterprises Group

Godrej Enterprises Group (comprising Godrej & Boyce and its subsidiaries) has a significant presence across diverse consumer and industrial businesses spanning Aerospace, Aviation, Defence, Engines and Motors, Energy, Locks & Security Solutions, Building Materials, Green Building Consulting, Construction and EPC Services, Heavy Engineering, Intralogistics, Tooling, Healthcare Equipment, Consumer Durables, Furniture, Interior Design, Architectural Fittings, IT solutions and Vending Machines.

KRA:

• Lead the development and execution of comprehensive privacy programs, including policies, procedures, and templates. Identify gaps in privacy processes.
• Improve overall compliance from Data Privacy perspective
• Enhance awareness of Privacy initiatives
• Develop and publish metrics

About the Role:

Data privacy is highly important in India because it is considered a fundamental right under the Indian Constitution, i.e individuals have the right to control their personal information and protect it from unauthorized access, which is crucial to prevent identity theft, financial fraud, and other forms of misuse, especially with the growing digital landscape in the country.

The recent "Digital Personal Data Protection Act" further emphasizes this protection by regulating how companies collect and handle personal data. Godrej Enterprises Group is looking to prioritize data privacy to maintain customer trust, comply with regulations, and avoid potential legal repercussions from data breaches.

Godrej Enterprises Group is looking to prioritize data privacy to maintain customer trust, comply with regulations, and avoid potential legal repercussions from data breaches.

This position will lead privacy initiatives and ensure organizational compliance with data protection regulations. He/she should have a deep understanding of privacy concepts, laws and a proven track record in managing privacy programs within complex environments.

Lead the development and execution of comprehensive privacy programs, including policies, procedures, templates and Identify gaps in privacy processes-

• Work with business teams to understand the business's current use of Personally Identifiable Information (PII).
• Work with Privacy partner to identify gaps and work towards the remedial options suggested.
• Manage privacy incidents, including breach investigations and reporting.
• Develop and enhance consent management framework.
• Oversee vendor and third-party data privacy compliance, including contract negotiations and audits.

Improve overall compliance from Data Privacy perspective-

• Build good connections with peers in BUs and their IT SPOCS.
• Identify gaps as per applicable privacy law.
• Improve by implementing appropriate technologies & processes.
• Serve as the primary point of contact for privacy-related matters for internal stakeholders, data subjects and for regulatory authorities.
• Monitor and respond to changes in privacy legislation, ensuring the organization adapts to remain compliant.
• Conduct advanced Data Protection Impact Assessments (DPIAs), and risk assessments to identify and mitigate privacy risks.
• Prepare and update Records of Processing Activities (RoPAs) mapping the lifecycle of personal data across business processes.

Enhance awareness of Privacy initiatives-

• Use all the channels such as regular communication to all employees, e-modules, workshops, Digi TALKS / relevant stakeholders to keep their awareness level up to date on Data Privacy
• Build a good connection with stakeholders and drive maximum adoption of overall Privacy initiatives.
• Prepare mandatory and role-specific privacy training and awareness programs for the organization.

Develop and publish metrics-

• Deliver executive-level reporting on privacy metrics, risks, and program effectiveness.
• Build and share matrices with CISO and CSC members from Privacy perspective
• Help CISO to drive Privacy related campaigns
• Assist with data protection audits and manage privacy risk register for the organization.

Essential:

Bachelor/master’s degree in computer science/ IT /Privacy or any field.

In-depth knowledge of global privacy laws and frameworks, including GDPR, DPDPA, HIPAA, and others.

Overall 8 -10 years in Cybersecurity domains and relevant 3-5 years of experience in privacy compliance and data protection.

Preferred

Professional certifications such as ISO 27001:2022 / CISA / CISM / DCPP / DCPLA / CIPP/E, CIPM, CIPT, or equivalent is desirable but not mandatory.

Special Skills Required:

Technical Skills –

• In-depth knowledge of global privacy laws and frameworks, including GDPR, DPDPA, HIPAA, and others.
• Good understanding of data protection technologies such as DLP, Data classification, CASB, Access control etc.
• Good understanding of Privacy platforms / technologies to meet DPDP Act or other privacy act requirements.
• Experience in managing privacy programs, incidents and compliance audits.

Soft Skills -

• Good communication and analytical skills
• Questions status quo and navigates through roadblocks
• Using judgment and ingenuity in maintaining objectives and technical standards.
• Self-motivating and able to work under own initiative.
• Able to thrive in a highly pressurized and changing environment.
• Diplomatic with the ability to interact successfully with all levels of the business.
• Strong project management skills with the ability to lead cross-functional teams.
• Professional with strong work ethics.
• Ability to work outside of working hours.
• Strong security mindset and a fast learner.
• Thinks out of the box
• Identify and assists in maturing capability gaps
• An ability to translate privacy requirements and standards into easily understood business concepts and vice versa.

Preferred Skills Required:

• Self-motivating and able to work under own initiative.
• Good stakeholder communication skills
• Strong security mind set
• Good stakeholder communication skills
• Excellent command on English language