Deputy Vice President - Program Management (IT Controllership, Governance & DPDPA)

About Us

SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in rewarding benefits. At SBI Card, the motto Make Life Simple inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone.

SBI Card is proud to be an equal opportunity & inclusive employer and welcome employees without any discrimination on the grounds of race, color, gender, religion, creed, disability, sexual orientation, gender identity, marital status, caste etc. SBI Card is committed to fostering an inclusive and diverse workplace where all employees are treated equally with dignity and respect which makes it a promising place to work.

Join us to shape the future of digital payment in India and unlock your full potential.

What's in it for YOU

1. SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees
2. Admirable work deserves to be rewarded! We have a well curated bouquet of rewards and recognition program for the employees
3. Dynamic, Inclusive and Diverse team culture
4. Gender Neutral Policy
5. Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits
6. Commitment to overall development of an employee through comprehensive learning & development framework

Role Purpose

The role is responsible for establishing, governing, and assuring the organization's cybersecurity controls, AI governance framework, and DPDPA compliance posture. The purpose of the role is to protect enterprise assets, ensure lawful and ethical use of data and AI, and maintain regulatory-ready security and privacy governance across all business units and digital platforms. The role ensures that technology, data, and AI-driven operations remain secure, compliant, trustworthy, and audit-ready, enabling the business to grow without regulatory or cyber risk.

Role Accountability

1. DPDP Act Risk & Governance
   • Interpret and implement requirements of the Digital Personal Data Protection (DPDP) Act across infrastructure and applications.
   • Enforcedata privacy policies, standards, and procedures aligned with regulatory expectations.
   • Establish governance frameworks for data collection, processing, storage, sharing, and deletion.
   • Ensure consent management mechanisms are embedded into applications and customer journeys.
2. Policy Development & Implementation
   • Ensure data residencyencryption, anonymization, and pseudonymization controls for sensitive data.
   • Embed'privacy by design principles into new projects, systems, and processes.
   • Validate secure configurations for APIs, databases, and applications handling personal data.
   • Overseedata retention and deletion policies, key management controls ensuring compliance with DPDP timelines.
3. Data Lifecycle & Risk Management
   • Facilitate and assist PrivacyImpact Assessments (PIAs)for new applications, infrastructure changes, and digital initiatives.
   • Overseedata lifecycle managementacross infra and apps, ensuring lawful and secure handling of personal data.
   • Oversee requests for access, correction, deletion, or portability of personal data.
   • Define and monitor Key Risk Indicators (KRIs) for privacy and data protection.
4. Audit & Monitoring
   • Establish continuous monitoring of privacy controls across infra and apps.
   • Maintain artefacts and evidence for regulatory submissions and compliance reporting.
   • Coordinate internal audits, external assessments, and regulatory inspections related to data privacy.
   • Track compliance metrics and report findings to senior management.
5. Project & Stakeholder Governance
   • Act as technical SPOC for business, risk, legal, security, and compliance teams
   • Present DPDPA project status, risks, and metrics to senior leadership and steering committees
   • Ensure Model governance and risk assessment reports and Executive dashboards on AI performance, risk, and value realization
   • Drive risk registers, issue tracking, and decision logs
   • Support regulatory, internal audit, and client assessments
6. Team Leadership & Capability Building
   • Mentor AI engineers, data scientists, and platform teams
   • Define coding standards, architecture patterns, and best practices
   • Build AI capability roadmaps and upskill teams on emerging technologies
   • Promote responsible AI culture across delivery teams

Measures of Success

1. Control Effectiveness & Maturity: Improvement in control maturity scores (ISO/NIST/PCI/SOX/IFC) year-over-year, Reduction in control deviations and policy exceptions by ≥ 20% annually, Measurable uplift in ITGC, access control, cloud security, and application security controls.
2. Governance and Policy Effectiveness: Completionrate of AI risk assessments, Low Audit Observations related to AI reduced YoY.
3. Regulatory and Compliance Readiness: Timely adoption of DPDPA rules, notifications and amendments.
4. Security and Data Protection: Effective consent management mechanisms implemented enterprise-wide, Implementation of privacy notices.
5. Risk Reduction: Decrease in high/critical vulnerabilities and misconfigurations across infra, cloud, and apps, Third-Party & Ecosystem data Governance, Integration with Digital, Cloud & AI Initiatives, Awareness Training & Cultural Adoption.

Technical Skills / Experience / Certifications

1. Deep understanding of ISO 27001, NIST CSF, NIST 800-53, COBIT, PCI DSS, SOC2, SOX/IFC, and cloud security standards.
2. Strong experience in application security, infrastructure audits, network security, endpoint security, and identity governance.
3. Experience preparing for regulatory inspections, statutory audits, and cyber posture reviews.
4. Experience performing AI Risk Assessments, Explainability reviews, and AI DPIAs.
5. Experience aligning AI systems to organizational security and privacy controls.
6. Exposure to model governance tools: IBM AI Governance, MLflow, Domino, Amazon SageMaker Governance, Azure AI governance tools
7. Understanding of monitoring: Data drift, Bias metrics, Model performance KPIs.
8. Capability to lead DPDPA implementation enterprise-wide and Privacy by Design in SDLC and AI lifecycle.
9. Experience with enterprise risk frameworks, KRIs/KPIs, risk heatmaps, and reporting to governance committees.

Competencies critical to the role

1. Regulatory, Legal & Ethical judgement
2. Executive Decision-Making & Accountability
3. Cross-Functional Influence & Colloration
4. Communication & Board-Level Articulation
5. Program & Operating Model Execution
6. Incident Crisis Management
7. Cross-Domain Technical Experience
8. Data Privacy & DPDPA Skills

Qualification

1. Bachelor's Degree in one of the following:Computer Science / Information Technology
2. Engineering (IT, Electronics, AI, Data Science)
3. Certifications: CIPP, CIPM, CDPSE, ISO27001, CIPT
4. Master's Degree (Preferred): MBA in Technology / Risk / Strategy / Information Systems
5. MS / M Tech in AI, Data Science, Computer Science, or Cyber Security

Preferred Industry

IT, BFSI, Financial Institutions, Computer Science, Electronics