Data Protection Officer

Qualifications - 

BTech/MCA, Bachelors/Masters in computers / IT 

Experience - 

8–12+ years of overall experience including - Data protection and privacy compliance - ISO 27701, GDPR, Information security roles

Proven experience in:

Implementing and managing privacy programs

Conducting Data Protection Impact Assessments (DPIAs)

Handling Data Principal / Data Subject rights

Managing privacy incidents and breach response

Experience in regulated industries such as: BFSI / PAPG / Fintech - Payments, banking, or financial services

Exposure to regulatory and audit environments, including:

DPDP Act, IT Act, GDPR, RBI guidelines, ISO 27701 / ISO 27001 audits

Experience working with cross-functional teams (IT, Security, Legal, Compliance, HR, Product)

Certifications (Desirable)

1. ISO/IEC 27701 Lead Implementer or Lead Auditor

2. ISO/IEC 27001 Lead Implementer or Lead Auditor

3. CISA/CISM

Job Description 

1. Act as the designated Data Protection Officer in accordance with the ISO 27701, DPDP Act, 2023 and other applicable regulations.

2. Ensure organisation-wide compliance with applicable data protection laws and regulations.

3. Establish, implement, and maintain an effective Privacy Information Management System (PIMS - ISO 27701).

4. Advise senior management on data protection obligations, risks, and compliance posture.

5. Embed Privacy by Design and Privacy by Default principles across business processes and systems.

6. Conduct and review Data Protection Impact Assessments (DPIAs) for high-risk processing activities.

7. Maintain and periodically update the Record of Processing Activities (ROPA).

8.Oversee lawful collection, use, retention, and deletion of personal data.

9.Manage and monitor the handling of Data Principal rights and grievance redressal requests.

10. Serve as the primary point of contact for data protection authorities and regulators.

11. Support identification, assessment, and response to personal data breaches.

12. Coordinate breach notification activities with Legal, Compliance, and Information Security teams.

13. Review and approve data protection and privacy clauses in vendor, merchant, and partner agreements.

14. Assess and monitor privacy risks arising from third-party engagements and data sharing arrangements.

15. Conduct periodic privacy audits and compliance assessments.

16. Design and deliver privacy awareness and training programs for employees.

17. Monitor adherence to internal privacy policies, standards, and procedures.

18. Report data protection risks, incidents, and compliance status to senior management and the Board.