Job Description & How to Apply Below
Purpose of this Role:
We are seeking a seasoned Data Protection Officer (DPO) to spearhead our data privacy, protection, and compliance program across the enterprise. The DPO will lead the design, implementation, and oversight of data protection controls aligned with India’s DPDP Act, 2023, GDPR, and other applicable global privacy regulations. This role is responsible for advising the business, assessing privacy risks, ensuring lawful processing of personal data, and acting as the primary point of contact for data principals, supervisory authorities, and internal stakeholders.
The ideal candidate brings deep expertise in privacy law, strong governance and risk management acumen, and a pragmatic, business-enabling mindset—balancing compliance requirements with operational realities.
KEY INTERFACES OF THIS ROLE:
1) Governance, Policy & Strategy
Establish and maintain the Privacy Governance Framework: policies, standards, data classification schemes, retention schedules, and lawful processing bases.
Develop the organizational privacy roadmap, aligned to business objectives and regulatory timelines.
Chair or co-chair the Privacy Steering Committee; provide updates to executive leadership and board when required.
2) Regulatory Compliance & Advisory
Ensure compliance with DPDP Act, 2023 (India), GDPR, and other relevant jurisdictions (as applicable).
Serve as the independent advisor to business units on data processing activities, consent management, and lawful bases.
Monitor regulatory developments; interpret changes and translate into actionable controls and training.
3) Data Protection Impact Assessments (DPIA) & Privacy by Design
Lead DPIA / PIA / LIA processes for high-risk processing, new products/features, vendor onboardings, and data sharing.
Embed privacy by design and default into product development life cycles (SDLC), procurement, and marketing workflows.
Review and approve data flows, purpose limitation, minimization, and retention strategies.
Deploy and implement DPDPA tools including Consent Management, Revocation etc
4) Data Subject Rights (DSR) & Incident Response
Operationalize processes for data principal requests (access, correction, erasure, grievance redressal), ensuring timely SLAs and auditability.
Coordinate privacy incident response: detect, assess, triage, notify, and remediate breaches; manage regulator and stakeholder communications.
5) Vendor, Cross-Border & Contractual Controls
Oversee third-party risk and data processing agreements (DPAs): due diligence, SCCs/BCPs, contractual clauses, and audits.
Govern cross-border data transfers, ensuring lawful mechanisms and technical safeguards (e.g., encryption, tokenization).
6) Awareness, Training & Culture
Design and deliver privacy training, role-based awareness modules, and behavior change initiatives.
Promote a privacy-first culture across functions (IT, HR, Marketing, Finance, Operations, Product).
7) Reporting, Metrics & Audit
Define and track privacy KPIs/KRIs: DSR SLA performance, DPIA completion, vendor risk posture, incidents, training coverage, and audit findings.
Coordinate internal/external audits; maintain evidence for compliance and assurance.
8) Stakeholder Management
Act as the primary liaison with supervisory authorities, data principals, and internal stakeholders.
Partner closely with Legal, IT Security, Risk, Compliance, Product, and HR to ensure end-to-end alignment.
UNIQUE ACCOUNTABILITY:
Regulatory compliance readiness for DPDP Act, GDPR (where applicable), and relevant sectoral norms.
Accuracy and completeness of privacy documentation (Records of Processing Activities, DPIAs, retention schedules).
Timely DSR handling and incident notification within statutory timelines.
Core Technical
Skills:
- Regulatory interpretation & practical application.
- DPIA, ROPA, and DSR process design and execution.
- Privacy by design integration into SDLC and product roadmaps.
- Policy writing & governance with measurable controls.
- Stakeholder influence & executive communication.
- Metrics, reporting, and audit coordination.
- Cross-functional program leadership.
Additional Knowledge:
- Hands-on with privacy tooling:
One Trust, Trust Arc, Collibra, BigID, or…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×