Manager - Data Privacy and Regulatory Compliance

Job Role - Privacy and Regulatory Compliance Manager

Role Summary

• PRCO (Privacy and Regulatory Compliance Officer) is responsible for execution of the global compliance and privacy program for India region.
• This position reports directly to Privacy and Regulatory Compliance Officer (PRCO).

Certifications

- CISA/CISM/CISSP/ISO 27001/ISO 27701 (Any one)

- CIPT/CIPM/CIPP/Internal Auditor certification (Preferred)

Mandatory Skills

- 5 Years experience in information security, privacy, risk management (Compliance).

- Proficient in MS Office.

- Strong knowledge for Data Privacy and Information Security Domain.

- Experience in project management that has managed projects from inception to implementation.

- Working knowledge of Data Privacy Regulations with an Information security or Privacy certification from the IAPP/ISACA/ISC2/ISO or the ability to gain CIPP Certification within the first 6 months in the position.

- Strong analytical skills and the ability to apply critical thinking skills to a given problem or project.

Competencies

- Makes Decisions

- Builds Collaborative Relationships

- Supports Innovation & Continuous Improvement

- Maintains composure

Roles and Responsibilities

• PRCO is responsible and accountable for the following activities as well as other activities at the direction of the local leadership team or the Privacy and Compliance Office.

• Privacy Notice/Consent Form Communication and Reporting

- Ensure all new hires receive privacy notice/consent upon hire and all employees receive updated notices and consents as needed, working with local HR, and recruitment teams.

• Monitor appropriate notices and consent.

Evaluate and coordinate with the Privacy Office on the communication of any privacy notice and consent.

• Responsible for Privacy controls compliance and personal data processing activities and escalating new or changes to existing personal data processing activity to the Privacy Office.

• Ensure completion of Records of Processing (ROP) within OneTrust for Controller & Processor ROPs, including:

- Ensure new or changes to existing personal data processing activities are appropriately documented and/or updated (controller and processor).

- Ensure new clients or changes to existing client processing activities are appropriately documented and/or updated.

- Coordinate with India IT and review IT ROPs to ensure accuracy, completeness, and regular updations.

- Coordinate with India Support Functions ensure that new personal data processing activities are appropriately documented in the ROP Controller and is regularly updated with any changes to existing activities.

- Records of Processing (ROP) Quality Review ensure completion and accuracy. Coordinate with functional team leads as necessary to ensure accuracy.

Client Contracts

- Work with Legal and Operations, ensure existing clients have been notified regarding data privacy amendments, the negotiation process has been initiated, and client contracts have been updated with data privacy amendments as needed.

- Work with Business Development, SAM, or local Account Managers, as appropriate, ensure liaison with the Legal Department so that contracts with new clients include the appropriate data privacy provisions.

Vendor Due Diligence / Privacy Assessment Review

- Ensure the Privacy Due Diligence process is conducted on all existing, as well as new vendors for the country or subsidiary working with both local procurement.

- In accordance with the process established by the Privacy Office, review and approve completed Vendor Due Diligence Questionnaires, or escalate as needed to Country Privacy Lead.

- In coordination with Procurement team, ensure that the Privacy Due Diligence process is completed prior to any new vendor contract execution.

- Assist PRCO in TPSC proposal privacy assessment review.

Data retention

- Monitor the ramp down processes and ensure the data is surrendered to client / purged from TP environment within 90 days of contract termination.

- Reporting and providing specific reporting metrics as required by the Privacy Office on a regular and consistent basis.

Act as a POC for BCR/GDPR and/or ISO and other audits, Regional / Global Projects

Role Summary

• PRCO (Privacy and Regulatory Compliance Officer) is responsible for execution of the global compliance and privacy program for India region.
• This position reports directly to Privacy and Regulatory Compliance Officer (PRCO).