Data Protection Manager

Key Responsibility Areas:

1. Data Leakage Prevention (DLP)
2. Implementation of DLP
3. Efficiency of Data Protection
4. DLP incident management, control optimization, and stakeholder collaboration
5. Develop metrics, analyse data drive improvements.
6. Organizational Imperatives

In this role, the incumbent will develop security strategies to protect the data of the company. The security strategy should be based on the internal and external Cyber threats. He/she should have in-depth knowledge of the data security controls at different layers of Information technology and also, should be familiar with Data Protection laws and the nature of its data processing activities. He / she should drive the implementation of the DLP controls in support of overall security initiatives.

The incumbent will be responsible for:

1) Data Leakage Prevention (DLP):

- Working with business teams to understand the business's current and future needs from Cyber security perspective and identifying data leakage risks.

- Managing data leakage incidents, including breach investigations and reporting.

- Developing / reviewing required data protection related policies, procedures and guidelines in consultation with key stakeholders.

- Sharing policies and processes to all the users appropriately by using mediums such as emailers, e-modules, workshops, quizzes etc. and ensuring adherence.

- Understand business requirements and develops strategy to address data leakage risks appropriately.

2) Implementation of DLP:

- Implementing DLP security controls and technology tools that support the Information Protection strategy, objectives and operational requirements which align to best practices and regulatory requirements.

- Identifying gaps in data protection controls, implementing relevant technologies to address the same.

- Working with relevant stakeholders to drive adoption at a fast pace.

Internal

- Looking at the new advancement in DLP / data classification & Data discover technologies and assess suitability to the organization and take steps to implement them appropriately.

3) Efficiency of Data Protection:

- Ensuring key data leakage risks and issues are identified, addressed and resolved in a timely manner.

- Assessing efficacy of data protection controls, document and report control failures and gaps to stakeholders.

- Collaborating with stakeholders and partners and identify data leakage gaps.

- Taking initiatives to address the identified gaps in a timely manner.

- Providing remediation guidance and preparing management reports to track remediation activities.

4) DLP incident management, control optimization, and stakeholder collaboration

- Ensuring effective DLP incident triaging, assessing efficacy and efficiency of DLP controls, document and report control failures and gaps to stakeholders.

- Providing remediation guidance and preparing management reports to track remediation activities.

- Developing processes for effective triaging of Data Leakage Prevention (DLP) incidents and collaborating with stakeholders and partners

- Ensuring regular assessment of deployed Data Leakage Prevention (DLP) controls and fine tuning of Data Leakage Prevention (DLP) polices.

- Maintaining track of all changes and ensuring evangelization at all levels.

- Creating and maintaining Data Leakage Prevention (DLP) incident tracker and Risk acceptance process.

- Serving as the primary point of contact for data protection-related matters for internal stakeholders, data subjects and for regulatory authorities.

- Working with vendors to support the Data Leakage Prevention (DLP) technology (troubleshooting, upgrades, etc.)

5) Develop metrics, analyse data drive improvements:

- Developing relevant metrics, analyzing data, identifying trends and helping drive improvements to control environment and data protection security awareness program across the organisation.

- Building and sharing data protection related matrices with CISO and CSC members.

- Helping CISO in Data Protection and other cyber security related matters

- Creating a holistic Cyber awareness program on data protection by looking at the type of users.

- Driving security awareness programs across the organization by using mediums such as workshops/drills/ emailers, e-modules, workshops, quizzes etc.

- Executing awareness programs effectively such as Digi TALKS etc. on Cyber security Do-s / Donts to enhance overall Cyber security awareness.

- Assisting with data protection audits

6. Organizational Imperatives:

- Adhering to safety protocols, IMS, compliance, and organizational initiatives such as Kaizen, Business Excellence etc.

Internal

- Team Development: Fostering the growth and development of team members and subordinates. - Formulate plans and track metrics for key business processes under Enterprise Risk Management

Requisite Qualification:

Graduation in any discipline - Well versed with well-known security frameworks such as ISO 27001:2013 / PCI DSS, DLP policies, related processes and security investigation.

Preferred Qualification:

Degree in Engineering (IT / Computer Science) - Relevant industry certification such as ISO 27001 Lead Auditor, CISSP/ CISM / CISA etc. or equivalent is desirable.

Requisite Experience:

8-10 yrs. of cyber security out of which 4-5 years of experience in Data leak prevention (DLP), Data Classification / Cloud Access Security Broker (CASB) tech implementation.

The candidate who is handling Data Protection portfolio will be preferred.

Special Skills required:

A) Technical Skills:

- Good understanding of Data leakage prevention technologies such as DLP, CASB, Data Classification, Information Rights Management (RMS) Email, Network, Cloud etc.

- Excellent knowledge of methodologies, processes and tools associated with supporting this function effectively.

- Good understanding of the DLP processes to curtail data leakage.

- DLP policies, related processes and security investigations.

- Work with vendors to support the DLP technology (troubleshooting, upgrades, etc.)

- An ability to translate security requirements and standards into easily understood business concepts and vice versa.

- Developing and implementing DLP strategies and solutions.

B) Soft Skills:

- Excellent interpersonal skills, comfortable working at all levels within an organisation and in a wide variety of situations.

- Excellent knowledge of methodologies, processes and tools associated with supporting this function effectively.

- Able to thrive in a highly pressurized and changing environment.

- Diplomatic with the ability to interact successfully with all levels of the business.

- Questions status quo and navigates through roadblocks

- Security project management and planning

- Defining problems, collecting and analysing data, establishing facts and drawing valid conclusions

Preferred Skills:

-Self-motivating and able to work under own initiative.

- Professional with a strong work ethics.

- Good stakeholder communication skills

- Strong security mind set

- Using judgment and ingenuity in maintaining objectives and technical standards