Login Sign Up

Data Privacy Practitioner

DPDP Consultants

2 - 5 years

Pune City

Posted: 29/06/2026

Job Description

About the Role

We are seeking a highly motivated and detail-oriented Data Privacy Practitioner to join our Information Security & Compliance team in Pune. In this pivotal role, you will be responsible for establishing, maintaining, and continuously improving our data privacy and protection framework. You will work cross-functionally to embed privacy-by-design principles across the organization, manage regulatory compliance obligations, and serve as a trusted advisor on all matters relating to data governance, risk, and security.



Key Responsibilities

Data Privacy & Compliance

Design, implement, and maintain a comprehensive Data Privacy Management Program aligned with applicable regulations (DPDPA, GDPR, ISO/IEC 27701).

Conduct Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new and existing processes, systems, and products.

Develop, review, and update privacy policies, notices, consent frameworks, and data processing agreements (DPAs).

Monitor and ensure compliance with evolving global data protection regulations and advise business units on regulatory obligations.

Manage data subject requests (DSAR) : including access, rectification, erasure, portabilitywithin stipulated timelines.



Risk Management

Identify, assess, and document data privacy and information security risks across the organization using structured risk methodologies.

Develop and maintain risk registers, risk treatment plans, and mitigation strategies in coordination with the risk and compliance team.

Conduct periodic risk assessments and gap analyses against ISO 27001, NIST, and applicable data protection standards.

Track and report residual risks, Key Risk Indicators (KRIs), and risk remediation progress to senior stakeholders.

Support incident response activities involving personal data breaches from detection and containment to notification and post-incident review.



GRC (Governance, Risk & Compliance) Operations

Operate and administer GRC platforms (e.g., OneTrust, ServiceNow GRC, RSA Archer, MetricStream, or similar tools) to manage compliance workflows, control libraries, and evidence repositories.

Configure and maintain privacy and risk modules within GRC software to automate compliance tracking and reporting.

Generate dashboards, metrics reports, and compliance status updates for leadership and audit committees.

Coordinate internal and external audits, including evidence collection, walkthroughs, and management of audit observations.



ISO 27001 Audit & Information Security

Lead and manage ISO 27001 surveillance and re-certification audits as a certified Lead Auditor.

Develop, review, and update the Information Security Management System (ISMS) documentation policies, procedures, SOA, and control objectives.

Plan and execute internal ISO 27001 audits, prepare audit reports, and track corrective action plans (CAPAs) to closure.

Collaborate with IT, DevOps, and business teams to implement and validate technical and organizational controls aligned with Annex A.



Collaboration & Stakeholder Management

Partner with Legal, HR, IT, Product, and Business teams to embed privacy and security requirements into processes and projects.

Serve as the primary point of contact for internal teams, external auditors, regulators, and third-party vendors on data privacy matters.

Deliver privacy awareness training and workshops to employees across departments.

Support vendor due diligence assessments from a data privacy and security perspective, including third-party risk reviews.



Required Qualifications

Education

Bachelor's degree in Computer Applications (BCA) or Bachelor of Science in Computer Science (B.Sc. CS).

Additional certifications in Information Security or Data Privacy will be a strong advantage.



Experience

3 to 5 years of hands-on experience in data privacy, information security, or GRC roles.

Demonstrated experience working with GRC platforms (OneTrust, RSA Archer, ServiceNow GRC, MetricStream, or equivalent).

Proven experience conducting ISO 27001 audits as a Lead Auditor.

Practical knowledge of data protection regulations including GDPR, India's DPDPA, and related frameworks.

Experience managing data subject rights, consent management, and privacy incident response.



Certifications

ISO 27001 Lead Auditor (mandatory) PECB, BSI, or equivalent accreditation body.

CIPP/E, CIPM, CIPT (IAPP)preferred.

Certified Information Privacy Professional / Manager (CIPM)preferred.

ISO 27701 Lead Implementer/Auditor preferred.


Technical Skills & Tools

Domain Knowledge Domain KnowledgeD Tools & Platforms

GDPR / DPDPA / ISO 27001

Privacy Impact Assessments (PIA/DPIA)

Risk Assessment Methodologies

Data Classification & Governance

Incident Response & Breach Notification

Vendor / Third-Party Risk Management


Tools and Platforms

OneTrust / TrustArc

RSA Archer / ServiceNow GRC

MetricStream / ZenGRC

Jira / Confluence (audit tracking)

MS Office Suite / SharePoint

SIEM tools (awareness level)


Core Competencies

Excellent Communication

Clearly articulate privacy requirements, risks, and audit findings to both technical and non-technical audiences written and verbal.

Proactive Approach

Anticipate privacy and compliance risks before they materialise; independently drive initiatives without waiting to be directed.

Cross-functional Collaboration

Build strong working relationships across Legal, IT, HR, Product, and Business teams to embed privacy into every function.

Analytical Thinking

Ability to assess complex data flows, identify gaps in controls, and translate risk findings into actionable recommendations.

Attention to Detail

Meticulous in documentation, evidence management, audit trail maintenance, and regulatory reporting.

Stakeholder Management

Effectively manage relationships with regulators, external auditors, senior leadership, and technology vendors.


What We Offer

Opportunity to work on a comprehensive, organization-wide privacy and security programme.

Exposure to international data protection regulations and cross-border compliance challenges.

Collaborative, growth-oriented work culture with strong leadership support.

Continuous learning support certifications, training, and conference participation.

Competitive compensation aligned with market standards for Pune.

Services you might be interested in

We Search & Apply Jobs for You!

Our team scans through 1000s of opportunities and applies to roles best suited to your profile

Save 100+ hours and focus on what matters - cracking interviews and landing offers.