Deputy Vice President - Vision plus DPDP Program

About Us

SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in rewarding benefits. At SBI Card, the motto Make Life Simple inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone.

SBI Card is proud to be an equal opportunity & inclusive employer and welcome employees without any discrimination on the grounds of race, color, gender, religion, creed, disability, sexual orientation, gender identity, marital status, caste etc. SBI Card is committed to fostering an inclusive and diverse workplace where all employees are treated equally with dignity and respect which makes it a promising place to work.

Join us to shape the future of digital payment in India and unlock your full potential.

What's in it for YOU

1. SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees
2. Admirable work deserves to be rewarded! We have a well curated bouquet of rewards and recognition program for the employees
3. Dynamic, Inclusive and Diverse team culture
4. Gender Neutral Policy
5. Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits
6. Commitment to overall development of an employee through comprehensive learning & development framework

Role Purpose

1. To lead and govern the implementation of RBI's Digital Personal Data Protection (DPDP) Act mandates across SBI Card's core processing platforms - VisionPLUS, UPI Switch, and ACS.
2. This role ensures that explicit customer consent, data minimization, and secure data handling practices (as required by the DPDP Act) are embedded into these systems. By doing so, the DPDP Project Manager safeguards sensitive customer data on these platforms, mitigates regulatory risk (preventing non-compliance penalties), oversees vendor compliance for our SaaS-based VisionPLUS platform, and reinforces SBI Card's reputation as a privacy-conscious financial institution.
3. Ultimately, the role's purpose is to strengthen data privacy and regulatory compliance in core operations while enabling business continuity and efficiency through privacy-by-design.

Role Accountability

This role is accountable for the overall DPDP compliance posture of SBI Card's core platforms and the outcomes of related initiatives. Key accountabilities include:

1. DPDP Compliance Implementation:

• Interpret and apply RBI's DPDP Act requirements across core systems. Enforce necessary controls on VisionPLUS, UPI Switch, and ACS - including implementing explicit consent capture mechanisms, data minimization rules, proper data retention schedules, and encryption of sensitive data at rest and in transit.
• Work with IT development teams to embed these controls into system enhancements and new projects from the design phase onward, ensuring privacy-by-design for all platform changes.

2. Governance & Monitoring:

• Establish and maintain DPDP compliance policies, standards, and audit routines for the core platforms. Continuously monitor platform-level compliance through regular audits, system checks, and data privacy assessments.
• Provide regular compliance reports to senior management on DPDP status, highlighting compliance levels, incidents, and remediation actions.
• Promptly investigate and close any compliance gaps or data protection weaknesses identified, to ensure full adherence to RBI directives at all times.

3. Cross-Functional Coordination:

• Collaborate closely with multiple stakeholder teams to enforce data protection standards. Work with IT Development teams to integrate DPDP requirements into system upgrades and new feature designs partner with Information Security (InfoSec) to align on security controls and incident response coordinate with Legal & Compliance departments to interpret regulatory guidelines and ensure our controls meet legal requirements and engage with Operations teams to adjust workflows for compliance (e.g. data deletion, consent management processes).
• Develop and deliver training sessions and DPDP awareness programs for core platform teams, ensuring all relevant employees and vendors understand proper data handling and privacy practices.

4. Stakeholder Liaison

• Act as the single point of contact for all DPDP compliance matters related to VisionPLUS, UPI Switch, and ACS. Provide timely updates to senior leadership on compliance status, significant risks, and project progress in implementing DPDP controls.
• Prepare materials and responses for any regulatory inquiries or audits on data protection, ensuring that regulators questions are addressed accurately and promptly.
• Liaise with the VisionPLUS platform vendor (Fiserv) and other third-party providers to communicate our data protection requirements and obtain their adherence, thus overseeing vendor alignment with DPDP obligations and addressing any vendor-related compliance issues.

5. Project management:

• Holds regular status meetings with project team.
• Keeps project team well informed of changes within the organization
• the candidate would need to display inclusiveness to lead as well as take the team along the life of the Program
• Effectively communicates relevant project information to superiors
• Resolves and/or escalates issues in a timely fashion

Measures of Success

1. Regulatory Compliance Rate:100% compliance with all DPDP Act requirements on VisionPLUS, UPI Switch, and ACS. Zero penalties or regulatory citations related to data privacy. All RBI audits or inspections conclude with satisfactory compliance ratings.
2. Closure of Compliance Gaps: All identified DPDP compliance gaps or audit findings are addressed within agreed timelines.
3. Compliance Reporting & Monitoring: Timely submission of regular compliance reports (e.g., monthly/quarterly) to management, with clear metrics on consent capture rates, data retention compliance, etc. A high quality of reporting (accurate and actionable data) and positive feedback from senior management on visibility into DPDP status.
4. Vendor DPDP Alignment: Demonstrated vendor compliance with DPDP obligations - e.g., quarterly compliance certificates or audit reports from the VisionPLUS vendor confirming adherence to data protection controls.

Technical Skills / Experience / Certifications

1. Data Privacy & DPDP Act Expertise : Certifications or training in data privacy (for example, ISO 27701, CIPP, or relevant RBI mandated certifications) would be beneficial.
2. Subject Matter expert on credit card Domain
3. VisionPLUS Platform Expertise
4. UPI Switch & ACS Knowledge
5. Security Controls & Encryption
6. Audit & Compliance Monitoring
7. Vendor Management & SaaS Governance
8. Cross-Functional Project Management
9. Strong analytical skills

Competencies critical to the role

Stake holder Management, Vendor management and pricing review

Qualification

B.E, Btech / MCA

Preferred Industry

Credit Cards/NBFC