Job Description
Role Accountability
- Lead and oversee SBI Card's Data Protection program and related initiatives
- Manage and monitors compliance with all applicable Data privacy laws, regulations, and standards including DPDPA, GDPR etc.
- Perform regular compliance assessments and reporting, i.e. Data Privacy Impact Assessment (DPIA)
- Work with business and technical team members, third party vendors and auditors to ensure adherence to all applicable Data protection law, regulations and standards
- Provide periodic and adhoc security awareness training for employees/contractors to increase Data Protection awareness pertaining to their job functions and evluate training effectiveness
- Recommend and develops KPIs and metrics to evaluate the Data protection / Privacy program and related controls.
- Participate in planning, scheduling and preliminary analysis for all internal and external Data Protection / Privacy audits and assessments and maintain list of outstanding audit actions and works with the remediation team to remediate identified gaps
- Oversee process documentation and compliance adherence
Measures of Success
- Timely implementation of data privacy programs at org level
- Completion of privacy impact assessments as per schedule
- Timely reporting of data privacy incident both internally and to the regulator as per the mandate
- Timely updation and board approval for data privacy policy
- No adverse observations in internal/external audits
- Timely completion of data privacy trainings for all eligible users
- Timely remediation of any findings or recommendations made by any of the internal or external assesors as part of privacy impact assessment
- Adherence to data privacy policy within the organization
Technical Skills / Experience / Certification
- Bachelor's Degree
- One or more certifications related to Privacy, i.e., Certified Information Privacy Professional (CIPP/E), Certified Data Privacy Solutions Engineer(CDPSE) ,Certified Information Privacy Manager (CIPM), DSCI Certified Privacy Professional, CISSP, DSCI Certified Data Protection Officer (DCDPO) or any other equivalent certification
- Experience in technical training and in conducting awareness sessions
- Experience in dealing successfully with different business and external stakeholders
- Experience working with IT programming or infrastructure, including certification in information security standards
- Experience in performing audits of information systems, attestation audits and risk assessments
- Knowledge on how to assess, develop and implement Data Privacy program including drafting of privacy policies, standards, processes, procedures and technology provisions etc.
Over All experience in role: 12 - 14 years of post qualification experience
Relevant Experience with respect to the role: 6 - 8 years of experience in working with privacy laws, including drafting of privacy policies, technology provisions, and working on compliance.
