Privacy Analyst - Data Security (1-5 yrs)

Job location : Remote in India

About the role :

As a Privacy Analyst, you will be accountable to define and shape out Sun King's Data security requirements. Your role will involve working with data owners to grasp their data security requirements, designing solutions, enabling necessary tools, and assisting in the implementation and configuration of these tools. Guide data owners to meet regulatory compliance requirements.

What you will be expected to do :

(1) Data Security & Risk Management :

- Work with business, security, and technical teams to grasp their data security goals, difficulties, and compliance requirements.

- Develop data security frameworks, policies, and roadmaps aligned with business needs, industry best practices, and compliance mandates.

- Establish and implement data protection mechanisms such as encryption (AES, RSA, TLS), tokenization, and hashing techniques.

- Conduct data security risk assessments to identify vulnerabilities, classify critical data, and implement remediation measures.

- Define and manage data access controls (AuthN/AuthZ) using RBAC (Role-Based Access Control), ABAC (Attribute-Based Access Control), OAuth, SAML, MFA, and PAM (Privileged Access Management).

- Work with Security Operations and Incident Response teams to detect, address, and mitigate data breaches and unauthorized access.

(2) Data Privacy, Compliance :

- Ensure compliance with global privacy laws (GDPR, CCPA, PDPB India, NDPR Nigeria, Data Protection Act Kenya, etc.) and industry standards such as ISO 27001, SOC 2.

- Stay updated on regulatory frameworks across Sun King's operating regions (India, Kenya, Nigeria, etc.) and translate these into actionable security controls.

- Develop and maintain Privacy by Design (PbD) and Security by Design guidelines in all data processing workflows.

- Define data minimization strategies and implement privacy-enhancing techniques (PETs) such as differential privacy, synthetic data, homomorphic encryption, etc.

- Implement pseudonymization and anonymization techniques for personal data protection in information, reporting, and cross-border data transfers.

- Create data retention & disposal policies based on regulatory retention requirements and risk considerations.

(3) Tools & Technologies Implementation :

- Deploy Data Discovery & Classification tools (e.g., BigID, Varonis, Microsoft Purview) for identifying and categorizing critical data.

- Implement Data Loss Prevention (DLP) solutions (e.g., Symantec DLP, Microsoft Sentinel DLP) across endpoints, cloud, and email.

- Monitor Cloud Security & Access Control using CASB (Cloud Access Security Brokers) to prevent unauthorized data dissemination and shadow IT.

- Enforce data tagging & tracing techniques to monitor data flow across structured and unstructured repositories.

- Securely integrate data processing pipelines using API security best practices, secure tunneling (SSL/TLS), and secure key management (HSM, Vault, AWS KMS, Azure Key Vault).

(4) Data Governance & Security Operations :

- Work with Legal, Compliance, and IT teams to establish Data Protection Impact Assessments (DPIAs) for high-risk data processing activities.

- Define and enforce data subject rights processes, such as DSARs (Data Subject Access Requests), Right to Erasure, and Right to Rectification, per GDPR and regional laws.

- Conduct periodic audits and gap assessments to identify compliance deviations and drive continuous improvements.

- Implement automated compliance monitoring and reporting dashboards to track data security metrics and KPIs.

You might be a strong candidate if you have/are :

- Minimum 1+ year of formal education in Privacy, Cybersecurity, or Data Protection or a bachelor's degree in Cybersecurity, Information Security, Privacy Law, or a related field.

- Possess at least one industry certification :

- Privacy : CIPP/E, CIPT, CDPSE

- Security : CISSP, CISM, CCSP

- Cloud Security : CCSK, AWS Certified Security - Specialty

- Hands-on experience in privacy-enhancing technologies, data security frameworks, and regulatory compliance.

- Strong grasp of data security architecture, encryption methods, identity & access management (IAM), and zero-trust principles.

- Good communication and stakeholder management skills to work with cross-functional teams.