Data Protection

NACL is hiring for its Chennai location and is seeking candidates who can join immediately. Only immediate joiners will be considered.

KEY RESPONSIBILITIES

• Review and update data privacy policy and procedures in alignment with ISO 27701, DPDPA, SDPI Rules and all applicable regulatory requirements.
• Lead and approve Privacy Impact Assessments (PIA) / Data Protection Impact Assessments (DPIA) for new projects/ systems, and critical third-party engagements.
• Review personal data classification levels, ensure consistent implementation across business functions, and maintain the privacy risk register with timely updates and tracking.
• Oversee compliance with data subject rights management, including access, correction, erasure, portability, etc., for SLA adherence and regulatory compliance.
• Oversee consent management processes, including collection, recording, tracking, and withdrawal of consent for personal data processing; ensure alignment with Records of Processing Activities (RoPA), privacy policy, and applicable regulations.
• Perform privacy risk assessments of third-party vendors during onboarding, periodic evaluation, and continuous monitoring.
• Manage and track all privacy-related regulatory requirements, including DPDPA obligations, sectoral guidelines, cross-border data transfer rules, and internal audit observations.
• Govern data classification, retention, minimization, and risk registers, ensuring consistent implementation across all business units.
• Establish and manage key privacy risk and compliance metrics (KRIs, KPIs) and report them to senior management/committees.
• Lead enterprise-wide privacy awareness initiatives, including campaigns, simulations, mandatory training.
• Review IT and security systems/ product evaluations from a privacy compliance standpoint, guiding teams on data protection requirements during procurement and implementation.
• Formulate strategies and initiatives to foster engagement with key internal and external stakeholders.
• Oversee and lead the annual review cycle for all privacy and related policy documents, ensuring version control, regulatory alignment, and organizational adoption.
• Collaborate with the Information Security team to maintain comprehensive records of all data assets and exports, while managing a data security incident response plan to ensure timely remediation. This includes conducting impact assessments, responding to security breaches, handling complaints and claims, managing notifications, and addressing data subject requests.
• Monitor privacy-related alerts, incidents and breaches and ensure resolution in coordination with the respective teams.
• Collaborate with IT, Information Security, and business teams to manage privacy risks across processes, systems, and third-party integrations.
• Support the compliance department in regulatory reporting, incident notifications/ updates and compliance documentation, as required.
• Involve in preparing privacy compliance dashboards, regulatory updates, and management committee decks for periodic management review meetings with senior management/ committee.

SKILLS AND QUALIFICATIONS

• 6+ years of hands-on experience in implementation of data privacy and protection frameworks, including audits and compliance monitoring.
• Strong understanding of applicable privacy and data protection standard and regulatory requirements (DPDPA, SDPI Rules, ISO 27701, etc.).
• ISO 27701 PIMS LI Certified (Preferred).
• Professional certifications such as CIPP, CDPO or CIPM are beneficial.
• Ability to understand and align with NBFC business processes.
• Ability to work collaboratively across departments and manage multiple projects simultaneously.
• Ability to handle confidential and sensitive information with the appropriate discretion.
• Conceptual knowledge of IT infrastructure and security technologies (e.g., servers, development platforms, firewalls, NAC, routers).
• Excellent verbal communication skills and proactive.

SPECIFICATIONS: QUALIFICATIONS, EXPERIENCE, & COMPETENCIES

Minimum Qualification: Graduate/ Post-Graduate

Minimum Experience: 68 years in data privacy and protection.

Competencies:

• Result-oriented and persistent.
• Analytical and detail oriented.
• Strong communication and stakeholder management skills.