Role Overview
We are seeking a Director / Senior Manager – Data Privacy & Governance to support and drive the organization's global privacy operations and data governance framework.
This is a hands-on execution role, responsible for implementing privacy processes, ensuring regulatory compliance, and embedding data governance practices across business functions. The role will work closely with Legal, Technology, and Business teams to operationalize privacy requirements across jurisdictions.
Key Responsibilities
1. Privacy Operations Management
- Manage and execute core privacy processes:
- Data Subject Rights (DSAR) requests
- Data Protection Impact Assessments (DPIA)
- Records of Processing Activities (RoPA)
- Ensure timely and compliant closure of all privacy workflows
- Maintain documentation and audit trails
2. Regulatory Compliance
- Support compliance with:
- GDPR
- Digital Personal Data Protection Act, 2023
- HIPAA (as applicable)
- Assist in implementation of policies, procedures, and controls
- Monitor regulatory updates and support internal alignment
3. Data Governance Implementation
- Support rollout of frameworks for:
- Data classification
- Data retention and deletion
- Data minimization
- Assist in maintaining enterprise data inventory and mapping
- Coordinate with technology teams for implementation
4. Healthcare Data Privacy Support
- Support compliant handling of:
- Patient data / PHI
- Clinical and research datasets
- Assist in anonymization and pseudonymization initiatives
- Ensure adherence to healthcare-specific requirements
5. Third-Party Privacy Management
- Review and support execution of:
- Data Processing Agreements (DPAs)
- Conduct privacy assessments for vendors and partners
- Track third-party compliance obligations
6. Incident & Breach Support
- Support investigation and response to personal data breaches
- Assist in regulatory notification and documentation
- Coordinate with Information Security teams
7. Stakeholder Coordination
- Work with:
- Legal
- Product / Engineering
- Business teams
- Provide practical guidance on privacy requirements
- Support privacy-by-design implementation
8. Training & Awareness
- Support development and delivery of privacy training programs
- Promote awareness of responsible data handling practices
9. Emerging Areas & Responsible Data Use
- Support initiatives related to responsible data use
- Assist in review of high-risk data processing activities
- Contribute to evolving governance practices
Role Boundaries
In Scope
- Privacy operations (DSAR, DPIA, RoPA)
- Regulatory compliance execution
- Data governance implementation
Out of Scope
- Information Security / Cybersecurity operations
- IT systems or infrastructure ownership
- AI model development
Candidate Profile
Experience
- 9–12 years of experience in:
- Data privacy / data protection
- Compliance / risk / legal operations
- Hands-on experience in privacy operations is mandatory
Core Expertise
- Working knowledge of:
- GDPR
- Digital Personal Data Protection Act, 2023
- Exposure to:
- HIPAA (preferred)
- Practical experience with:
- DPIA, DSAR, RoPA
- Data lifecycle management
Preferred Background
- IT services / consulting / BFSI / healthcare
- Experience in multinational or regulated environments
Certifications (Preferred)
- CIPP/E or CIPP/US
- CIPM
- DPO certification (good to have)
Key Skills
- Strong execution and attention to detail
- Ability to translate policies into processes
- Stakeholder coordination across functions
- Problem-solving and pragmatic approach
Success Metrics
Here is a simplified, clean, and non-duplicative version of Success Metrics — easy to track and use for performance:
- DSARs and DPIAs completed within defined timelines
- RoPA maintained with high accuracy and coverage
- Data classification and retention frameworks implemented
- Audit readiness maintained with no major findings
- Privacy incidents reduced and managed effectively
- Breach responses and notifications completed on time
- Privacy-by-design applied to all new projects
- Strong adoption of privacy practices across teams
- Organization-wide privacy training completed
- Key vendors covered under DPAs and privacy assessments
Career Path
This role provides a pathway to:
- Head – Privacy & Data Governance
- Data Protection Officer (DPO)
- Regional Privacy Lead
Summary
This role is designed for a strong privacy operator who can:
- Execute privacy processes at scale
- Support global regulatory compliance
- Drive implementation of data governance frameworks
- Work cross-functionally to embed privacy into business operations
