Chief Manager / AVP – Governance Risk & Compliance (GRC) & Data Privacy

About GeM

Government eMarketplace (GeM) is a unified digital platform that facilitates end-to-end procurement of goods and services

by various government departments, organizations, and public sector undertakings (PSUs). Our Honourable Prime Ministers concerted efforts to harness the power of digital platforms to achieve Minimum Government, Maximum Governance led to the genesis of GeM in 2016.

GeM provides a paperless, cashless and contactless ecosystem for government buyers to directly purchase products and services from pan-India sellers and service providers through an online platform. GeM covers the entire gamut of procurement process, right from vendor registration and item selection by buyers to receipt of goods and facilitation of timely payments. GeM has envisioned to utilise the agility and speed that come along with a digital platform created with a strategic intent to reinvigorate public procurement systems and bring about a lasting change for the underserved as well as the nation.

Built on the pillars of Efficiency, Transparency and Inclusivity, GeM has emerged as a digital tool in nations interest, aimed at catalyzing excellence in public procurement. To know more about us, please visit- https://gem.gov.in/

You may also follow us on social media platforms like Twitter, LinkedIn, Koo App, YouTube, Facebook

GeM invites applications from eligible candidates for recruitment to the following position(s) on Contractual Basis:

This is a contractual engagement under the Project Management Unit (PMU) for an initial period of 5 years, extendable based on performance and organizational requirements.

Eligible applicants can apply by submitting their applications including CV by 17-Feb-26.

GeM selection committee reserves the right to relax or extend the eligibility criteria and educational qualifications. The crucial date for determining eligibility will be the last date of receipt of applications. No applications shall be entertained under any circumstances after the stipulated date. Incomplete applications without application form shall not be considered. GeM reserves the right to shortlist candidates for interview. Applicants should note that mere fulfilment of minimum eligibility criteria may not ensure consideration for short listing for interview. GeM will not entertain any correspondence on this subject and decisions of GeM will be final in all matters.

JOB SPECIFICATION

JOB SUMMARY

We are seeking an experienced Chief Manager or AVP for Governance Risk Compliance (GRC) & Privacy with a minimum of 10 years of experience in building governance and privacy programs in alignment with regulatory requirement and industry best practices. The ideal candidate will have required skills in developing, implementing, and maintaining the organizations data privacy and compliance programs in alignment with regulatory requirements & Industry best practices (such as DPDP Act, Aadhaar Act, ISO 27001, ISO 20000-1, ISO22301 etc.),internal policies, and procedures. This role will oversee the privacy governance framework, manage risk assessments, conduct audits, and ensure adherence to applicable data protection laws across the enterprise.

The candidate will help to build the required compliance framework which will ensure to have a secure and compliant with relevant cyber security frameworks. Additional responsibilities will include to define &monitor security KPIs/KRAs/SLAs internal & external.

ROLE AND RESPONSIBILITY:

• Lead the design and operation of compliance monitoring and improvement activities to ensure compliance with relevant standards and regulations (e.g.,ISO 27001, ISO22301, ISO 20000, PIMS,QMS, COBIT, Aadhaar Act, DPDP Act, GDPR).
• Monitor compliance with Privacy, ISO requirements and internal policies and ensure appropriate privacy notices, consents, and breach notification processes are in place.
• Develop, implement, and maintain the organizations privacy compliance

framework in line with applicable laws and regulations (e.g.,DPDP Act, GDPRetc.).

• Responsible for building the Business Continuity practice and overseeing the development and implementation of disaster recovery and business continuity plans.
• Establish security policies, procedures, and standards for both internal systems and client environments.
• Act as a subject matter expert on data privacy and regulatory compliance, providing guidance to internal stakeholders.
• Conduct regular Business impact assessment (BIAs)privacy impact assessments

(PIAs) / data protection impact assessments (DPIAs)for new systems, vendors, and processes.

• Manage internal and external audits and assessments related to privacy and compliance.
• Liaise with regulatory bodies as needed and ensure timely submission of required documentation.
• Coordinate with Legal, IT,HR, and business units to ensure alignment and integration of privacy practices and compliance requirements.
• Lead incident response for data breaches, including investigation, documentation, reporting, and corrective actions.
• Any other responsibility as may be assigned from time to time.

EXPERIENCE REQUIREMENTS

• Minimum of 11 years of progressive experience in GRC (Governance Risk and Compliance), ISO Standards such as ISO 27001, ISO 22301, ISO 20000, Privacy, Data protection, or Managing regulatory compliance.
• At least 3 years of experience in data privacy regulatory DPDP / GDPR and industry standards such as PIMS.
• Strong understanding of DPDP Act and compliance frameworks.
• Experience in conducting risk assessments, audits, and policy development.
• Risk-based thinking and attention to detail
• Strong problem-solving and analytical skills
• Ability to influence and drive compliance culture
• Ethical judgment and high integrity
• Vendor / contract management of IT partners through SLAs, KPIs.
• Exposure to agile methodologies and strong understanding of Project Management processes.
• Ensure to share and update the Change Request documentation.
• Experience with Dashboarding and reporting Management
• Good Communication skills.

EDUCATION REQUIREMENTS

• Bachelors or Masters degree in Engineering/Technology/Computer Science/ Information Technology/any related field from a reputed university.

GOOD TO HAVE SKILLS

• Familiarity with compliance regulations and CSA (cloudsecurity alliance) / CIS Critical Security Controls /NIST frameworks and standards.
• Candidate should have excellent troubleshooting capabilities and be experienced in diagnostic/tracing tools.
• Develop and deliver ISO / privacy awareness and training programs for employees.
• Maintain up-to-date knowledge of regulatory changes, case law, and best practices in privacy and compliance.
• Experience in standards and certifications such as Cobitand QMS.
• Basic understanding of Cloud Security technologies and experience in e-commerce domain will be an added advantage.
• Knowledge of security and compliance requirements.
• Having good understanding of Procurement processes
• Strong analytical and problem-solving skills, with the ability to evaluate complex systems and make data-driven decisions.