Hiring for: One of India's leading financial services company in India offering a wide range of insurance and risk management solutions across health, motor, and commercial segments.
Role: Data Security Manager (SaaS background) - Reports to CTO - General Insurance
Positions: 1
Experience: 20 to 28 years
Location(s): Chennai
Type: On-site / Permanent
Salary: 60LPA Fixed range + Variable
Notice Period: 30 days
IMPORTANT:
A) This role requires significant Data Security experience with SaaS / Enterprise Product companies.
B) DO NOT APPLY if only from IT Services / IT Infra / InfoSec backgrounds.
Purpose
Responsible for managing an organization's data protection practices, ensuring compliance with relevant privacy regulations, identifying potential data security risks, implementing preventative measures, and educating employees on proper data handling procedures, acting as the primary point of contact for data privacy concerns within the company and work closely with IT teams to monitor data access and security controls across systems and applications.
Key Responsibilities
Responsibilities will include but will not be restricted to:
Data Privacy Compliance:
- Develop and maintain comprehensive data privacy policies and procedures aligned with industry regulations like DPDA.
- Conduct regular data privacy impact assessments and audits of data privacy practices in implementing data protection for identified compliance gaps.
- Monitor data processing activities to ensure adherence to privacy principles.
- Respond to data subject access requests and privacy complaints.
Data Risk:
- Identify and assess potential data security risks across the organization
- Implement data protection controls and mitigation strategies to address identified risks
- Conduct data protection impact assessments (DPIAs) for new projects or data processing activities
- Oversee high level RACI metrics PIA data processing to ensure how need based PI data access implemented.
- Maintain a data breach response plan and incident management procedures
Employee Training and Awareness:
- Develop and deliver data privacy training programs for all employees at various levels
- Educate staff on data handling practices, data classification, and security protocols
Third-Party Vendor Management:
- Evaluate the data security practices of third-party vendors processing sensitive data
- Prescribe and assess PI risk management procedure along with compliance for third party
- Ensure data sharing agreements with third-parties comply with data privacy regulations
Stakeholder Communication:
- Act as the primary point of contact for internal and external stakeholders regarding data privacy issues
- Recommend leadership on data privacy implications of new initiatives and business decisions
- Collaborate with legal and compliance teams on data privacy matters
Technical and Qualitative requirements
- Bachelor's degree in Computer Science, Information Systems, or related field plus 10+ years of Governance experience within the industry and inclusive of 2+ years working within a Data Office or data related programs
- Demonstrated aptitude in data governance activities and best practices
- Excellent communication and presentation skills to communicate business and functional requirements to stakeholders
- Strong understanding of data governance frameworks, regulations, and best practices
- Experience in implementing and managing data governance policies and procedures
- Maintains confidentiality and exercises discretion
- Experience with data privacy regulations such as DPDPA, GDPR, CCPA, and HIPAA is a plus
- Certification in CDPSE will be an added advantage.
- Prior experience in privacy operations along with tools (DLP) for privacy management and compliance.
