Data Privacy Manager (5-7 yrs)

Location : Mumbai

Mode : Hybrid

Budget : 15 Lakh - 20 Lakh

Key Responsibilities :

Compliance and Governance :

- Develop and maintain a robust data privacy program that aligns with the Information Technology Act, 2000, and other applicable data privacy laws.

- Monitor compliance with data protection laws and internal policies through regular audits and assessments.

- Serve as the point of contact for data protection authorities and individuals whose data is processed (employees, customers, etc.).

Policy Development :

- Draft, implement, and update the organization's data protection policies and procedures.

- Ensure that data privacy policies are integrated into the organization's overall risk management and compliance framework.

Training and Awareness :

- Develop and conduct data protection and privacy training programs for employees and stakeholders.

- Promote data privacy awareness and culture within the organization.

Data Management and Security :

- Collaborate with IT, Business Units, LRM and Security teams to ensure data security measures are in place and effective.

- Manage data breach response processes, including notification and remediation efforts.

Legal and Regulatory Liaison :

- Stay current with changes in privacy laws and regulations and communicate these changes to the relevant stakeholders.

- Advise on contractual and legal matters related to data privacy, including data processing agreements.

Risk Management :

- Conduct data privacy impact assessments (DPIAs) for new projects, systems, or processes involving personal data.

- Identify and mitigate data privacy risks within the organization.

Incident Response :

- Manage and respond to data breaches and data subject access requests (DSARs).

- Ensure timely reporting of data breaches to regulatory authorities and affected individuals as required.

Qualifications :

- Bachelor's degree in law, Information Technology, Business Administration, or a related field. A Master's degree or professional certification (e.g., CIPP/E, CIPM, CIPT) is preferred.

- Extensive knowledge of data protection laws, including the Information Technology Act, 2000, and emerging data privacy regulations in India i.e. DPDPA and globally.

- Understanding of ISO 27001:2022, ISO 31000

- Minimum of 5-7 years of experience in data protection, privacy, compliance, or a related field.

- Proven experience in developing and implementing data protection programs.

Skills and Competencies :

- Strong understanding of Information technology and data management systems.

- Excellent analytical and problem-solving skills.

- Exceptional communication and interpersonal skills.

- Ability to work independently and as part of a team.

- High level of integrity and professional ethics.