Job Title

Purpose of this Role: We are seeking a seasoned Data Protection Officer (DPO) to spearhead our data privacy, protection, and compliance program across the enterprise. The DPO will lead the design, implementation, and oversight of data protection controls aligned with India’s DPDP Act, 2023, GDPR, and other applicable global privacy regulations. This role is responsible for advising the business, assessing privacy risks, ensuring lawful processing of personal data, and acting as the primary point of contact for data principals, supervisory authorities, and internal stakeholders. The ideal candidate brings deep expertise in privacy law, strong governance and risk management acumen, and a pragmatic, business-enabling mindset—balancing compliance requirements with operational realities.KEY INTERFACES OF THIS ROLE: 1) Governance, Policy & Strategy Establish and maintain the Privacy Governance Framework: policies, standards, data classification schemes, retention schedules, and lawful processing bases. Develop the organizational privacy roadmap, aligned to business objectives and regulatory timelines. Chair or co-chair the Privacy Steering Committee; provide updates to executive leadership and board when required. 2) Regulatory Compliance & Advisory Ensure compliance with DPDP Act, 2023 (India), GDPR, and other relevant jurisdictions (as applicable). Serve as the independent advisor to business units on data processing activities, consent management, and lawful bases. Monitor regulatory developments; interpret changes and translate into actionable controls and training. 3) Data Protection Impact Assessments (DPIA) & Privacy by Design Lead DPIA / PIA / LIA processes for high-risk processing, new products/features, vendor onboardings, and data sharing. Embed privacy by design and default into product development lifecycles (SDLC), procurement, and marketing workflows. Review and approve data flows, purpose limitation, minimization, and retention strategies. Deploy and implement DPDPA tools including Consent Management, Revocation etc 4) Data Subject Rights (DSR) & Incident Response Operationalize processes for data principal requests (access, correction, erasure, grievance redressal), ensuring timely SLAs and auditability. Coordinate privacy incident response: detect, assess, triage, notify, and remediate breaches; manage regulator and stakeholder communications. 5) Vendor, Cross-Border & Contractual Controls Oversee third-party risk and data processing agreements (DPAs): due diligence, SCCs/BCPs, contractual clauses, and audits. Govern cross-border data transfers, ensuring lawful mechanisms and technical safeguards (e.g., encryption, tokenization). 6) Awareness, Training & Culture Design and deliver privacy training, role-based awareness modules, and behavior change initiatives. Promote a privacy-first culture across functions (IT, HR, Marketing, Finance, Operations, Product). 7) Reporting, Metrics & Audit Define and track privacy KPIs/KRIs: DSR SLA performance, DPIA completion, vendor risk posture, incidents, training coverage, and audit findings. Coordinate internal/external audits; maintain evidence for compliance and assurance. 8) Stakeholder Management Act as the primary liaison with supervisory authorities, data principals, and internal stakeholders. Partner closely with Legal, IT Security, Risk, Compliance, Product, and HR to ensure end-to-end alignment.UNIQUE ACCOUNTABILITY: Regulatory compliance readiness for DPDP Act, GDPR (where applicable), and relevant sectoral norms. Accuracy and completeness of privacy documentation (Records of Processing Activities, DPIAs, retention schedules). Timely DSR handling and incident notification within statutory timelines.Core Technical Skills: - Regulatory interpretation & practical application. - DPIA, ROPA, and DSR process design and execution. - Privacy by design integration into SDLC and product roadmaps. - Policy writing & governance with measurable controls. - Stakeholder influence & executive communication. - Metrics, reporting, and audit coordination. - Cross-functional program leadership.Additional Knowledge: - Hands-on with privacy tooling: OneTrust, TrustArc, Collibra, BigID, or equivalent. - Security control alignment: NIST, ISO 27001/27701, CIS Controls. - Data engineering familiarity: ETL/ELT, data lakes/warehouses (Snowflake, BigQuery), event streams (Kafka). - Product & UX exposure: consent UX, preference centers, cookie governance. - For marketing contexts: ePrivacy, consent frameworks (TCF), and clean-room strategies..Experience: - 10–14 years total experience, with 6+ years in privacy/compliance, including program leadership. - Demonstrable experience running DPIAs/PIAs, DSR operations, and privacy incident response. - Experience implementing privacy governance in regulated or data-intensive environments.Qualification Required for this Role:Minimum Qualification :BE (Computers)/MCADesirable Qualification:B.Tech/M.Tech in Computers/IT Years of experience Required for this role:Minimum Exp. :18 Desirable Exp.: 23Note: Please share your Current CTC details while you apply for this job