Data Privacy Manager

Job Purpose

The Manager / Senior Manager Data Privacy will be responsible for establishing, implementing, and overseeing the organizations data privacy framework to ensure compliance with applicable privacy and data protection laws, including the Digital Personal Data Protection (DPDP) Act, and other global regulations where the organization operates or plans to expand.

This role will act as a key advisor to business and technology teams, ensuring that privacy principles are embedded into processes, systems, products, and vendor engagements, while also leading breach response, privacy assessments, and awareness initiatives.

Key Responsibilities

1. Privacy Governance & Framework

• Lead the formulation, enhancement, and maintenance of enterprise-wide data privacy policies, standards, and procedures for collection, processing, storage, transfer, and deletion of personal data.
• Design and develop a comprehensive Data Privacy Framework aligned with DPDP Act and other applicable global data protection laws.
• Develop a detailed roadmap for implementation of privacy-related controls across business units.
• Identify internal initiatives to strengthen data privacy maturity and governance.

2. Regulatory Compliance & Advisory

• Ensure compliance with data privacy regulations applicable to jurisdictions where the company operates or plans to expand.
• Act as a subject matter expert on privacy matters for both Data Controller and Data Processor responsibilities.
• Liaise with external Privacy and Data Protection counsels for expert opinions, audits, and regulatory interpretations.
• Review and respond to privacy requirements, questionnaires, and audits from clients and regulators.

3. Business & Technology Partnership

• Proactively partner with cross-functional teams (HR, Finance, Legal, Facilities, IT, Product, Security, CCD, CAG, etc.) to ensure new technologies, processes, and solutions are compliant with privacy regulations.
• Assess new and existing systems, applications, processes, and third-party engagements for privacy risks.
• Provide privacy advisory during development or enhancement of internal systems and business processes.

4. Privacy Risk Assessments & Controls

• Conduct Data Privacy Gap Assessments for in-scope departments, applications, and processes.
• Perform Privacy Impact Assessments (PIA/DPIA) for new technologies and initiatives such as:
• BYOD programs
• Biometric authentication systems
• Mobile and web applications
• Digital platforms and internal tools
• Analyze risks related to Personally Identifiable Information (PII) and recommend mitigation strategies.
• Advocate and implement Privacy by Design and Privacy by Default in products and platforms.

5. Data Breach & Incident Management

• Lead the end-to-end data privacy breach handling process, including:
• Incident assessment
• Regulatory notification support
• Root cause analysis
• Corrective and preventive actions
• Monitor closure of identified gaps and ensure sustained compliance.

6. Individual Rights & Data Subject Requests

• Manage processes related to personal data access requests (DSARs), including review, response coordination, and documentation.
• Ensure requests are handled within statutory timelines and in accordance with legal requirements.

7. Third-Party & Vendor Privacy Risk

• Assess subcontracting and outsourcing arrangements involving personal data processing.
• Recommend privacy controls and review inclusion of appropriate data protection clauses in vendor and client contracts.
• Conduct privacy compliance checks on third parties and internal solutions.

8. Training, Awareness & Continuous Improvement

• Design and deliver privacy training and awareness programs for employees and stakeholders.
• Promote a privacy-conscious culture across the organization.
• Participate in strategic improvement initiatives related to risk, compliance, and governance.
• Monitor implementation effectiveness and continuously improve privacy processes.

Qualifications & Experience

Educational Qualifications

• Graduate or Postgraduate degree in Law, Information Security, Risk Management, IT, or a related field.

Experience

• Minimum 8 years of experience in data privacy, data protection, or privacy operations.