SCM – Privacy Officer – (THN) Full Time

A Privacy Manager plays a critical role in ensuring compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act). The position involves overseeing privacy governance, implementing consent and notice frameworks, Policy & Procedures, managing grievance redressal, and acting as the single point of contact with the regulatory body. Core responsibilities include conducting Data Protection Impact Assessments (DPIAs) for high-risk processing, monitoring compliance with retention and erasure norms, handling rights requests, and managing data breaches. The role also requires developing privacy policies, training employees, and embedding privacy by design in financial products and digital platforms.

Functional skills include deep knowledge of the DPDP Act and sectoral regulations (RBI guidelines, SEBI norms are additional), risk assessment, incident management, and familiarity with Technology, IT security controls, encryption, and data governance frameworks. Certifications like DCPP / DCPLA (DSCI), FDPPI privacy certification, CIPM, CIPP/E, and ISO 27001:2022 Lead Auditor, ISO 27701 Implementer are highly valued.

Education Background: Bachelor’s / Master’s degree in law, Cyber Security, Information Technology, Information System

Year of experience: 10 to 14 year of work experience

Soft skills : Strong communication to explain complex privacy concepts to business and tech teams, stakeholder management across compliance, IT, and operations, analytical thinking for risk mitigation, ethical judgment, and leadership to drive a privacy-first culture in a highly regulated environment.

Key Result Areas (Max 1325 Characters)

Supporting Actions (Max 1325 Characters)

Ensuring compliance & designing frameworks.

• Privacy Manager is responsible for oversight on the Organization data privacy framework and ensuring compliance with applicable laws and regulations
• Ensure compliance with the Digital Personal Data Protection Act (DPDPA), IT Act and adherence to all rules, operating guidelines and reporting requirements under these Acts.
• Work closely and effectively in collaboration with Central DPO & all functions, to ensure complete compliance and control over the Framework
• Ensure the data privacy and protection control and testing framework is built into the organizational ORM framework
• Ensure process of communication, reporting and accountability is in place for intimation of “Data breach” to all the affected Data Principals and also to the DPDP Board.

Conduct Assessments & Data Testing

• Conduct data protection impact assessments and take necessary steps to mitigate the risks and take necessary measures to fix the gaps
• Actively engage and co-ordinate with all relevant departments within the organization, to maintain the data privacy protocols
• Ensure reasonable security safeguards are in place and meet all the requirements required of a Data Fiduciary
• Ensure that Data Processing controls are well established and effective checks are in place, including any data, which may be published or processed outside India if any.

Ensure Awareness

• Ensure organization wide training and awareness is conducted regularly and ensure that each employee and third-party vendors, fully comprehend and adhere to the guidelines.
• Be the focal point of contact for queries and issues related to the client data
• Support the Auditors in the process of data protection audit and assurance, and ensure the Audit gaps and findings are duly addressed