Senior Manager - IT Governance & Data Privacy - Life Insurance Firm (5-10 yrs)

Our client is one of the leading private sector Life Insurance Company. It is listed on National stock exchange (NSE) and Bombay stock exchange (BSE).

Role- Senior Manager - IT Governance and Data Privacy

Department - Cyber Security Team

Location - Mumbai

Key Responsibilities

- Assist in review of information and cyber security policy, guidelines and procedures

- Conduct information security risk assessments for existing and new areas

- Assist business teams to conduct risk assessment, or information security related documentation

- Implement privacy governance framework to manage data use in line with privacy regulations

- Develop/review templates for data collection, assisting with data mapping, storage and retention

- Working with internal stakeholders for review of projects related data to ensure compliance

- Assist in conducting data privacy impact assessments as per the requirements.

- Serving as the primary point of contact for internal/external stakeholders for data protection

- Reviewing vendor contracts and consents needed to implement projects

- Assist in providing information and updates to internal governance committees

- Managing and conducting ongoing reviews of privacy governance framework

- Monitoring changes to privacy laws and providing suitable recommendations

- Develop/review policies, standards and procedures as per the requirements of privacy regulations

- Develop and deliver privacy training to various business functions as per the requirement

- Drive strategies and initiatives to ensure engagement with key internal and external stakeholders

- Implement, monitor and manage consent and request as per service levels

- Oversee information security audits, performed by organization or third-party

- Co-ordinate for audit requirements and be single point of contact for any data requirements, discussion with internal teams, discussing the audit findings, tracking implementation and closure

- IS and data privacy user awareness program management

- Maintain IS/data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, request or notifications.

Qualification / Experience

- MBA Information Security/ Computer Engineering Graduate with working knowledge in the domain of IS governance, data security and privacy.

- Relevant experience of 5-7 years in the domain of Information security governance and Privacy.

- Working knowledge of IS and Privacy risk assessment and conducting control reviews

- Good understanding of technology components, software applications & IT infrastructure, security architecture and frameworks.

- Hold Certifications such as ISO27701, CDPSE, CISSP, ISO 27001