Manager – Corporate Compliance (Data Privacy)

Role: Manager – Corporate Compliance (Data Privacy)

Location: Mumbai

Job Description

Role Overview

We are seeking an experienced and driven manager to strengthen our enterprise-wide privacy program. The successful candidate will serve as a subject-matter expert and trusted advisor, helping the organization to operate data protection obligations, manage privacy risk, and embed a culture of privacy-by-design across all business functions. This is a high-visibility role with direct impact on regulatory standing, customer trust, and strategic risk management.

Key Responsibilities:

Privacy Program Management

• Design, implement, and continuously improve the enterprise data privacy programme in alignment with applicable regulations (GDPR, CCPA, PDPA, and other relevant frameworks).
• Maintain and evolve the organization's privacy governance framework, including policies, standards, procedures, and guidelines.
• Conduct the Records of Processing Activities (RoPA) and ensure regular review and accuracy of all data processing inventories.

Regulatory Compliance & Advisory

• Monitor and interpret global data privacy laws and regulations; provide timely guidance to legal, technology, and business stakeholders on compliance obligations.
• Conduct Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new projects, products, and third-party engagements.
• Manage data subject rights requests (DSARs) processes, ensuring timely and compliant responses across jurisdictions.

Privacy Technology & Tools

• Administer and optimize privacy management platforms, with hands-on experience in OneTrust or equivalent privacy tools.
• Leverage tooling to automate consent management, data mapping, incident workflows, and vendor assessment processes.
• Partner with IT and cybersecurity teams to implement technical and organisational measures supporting privacy compliance.

Data Incident & Breach Management

• Assist in the data breach response process: triage, contain, notify regulators and affected individuals in accordance with statutory timelines.
• Maintain the data incident register and produce post-incident reports with remediation actions.

Third-Party & Vendor Privacy

• Conduct due diligence on vendors and partners who process personal data; negotiate and review Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs).
• Manage the privacy risk assessment lifecycle for third-party relationships end-to-end.

Training & Culture

• Develop and deliver targeted privacy training and awareness campaigns across business units.
• Champion privacy-by-design principles in product development and business change initiatives.

Reporting & Stakeholder Engagement

• Prepare regular reports and dashboards on privacy program metrics for senior leadership, the DPO, and board-level committees.
• Engage with regulators, external counsel, and industry bodies as required.

Qualifications & Experience:

Essential

• 6–9 years of progressive, hands-on experience in data privacy, data protection, or information governance roles.
• Demonstrable experience managing end-to-end privacy programmes within complex, multi-jurisdictional organizations.
• Strong knowledge of GDPR, UK GDPR, CCPA/CPRA and other major privacy frameworks; familiarity with sector-specific regulations (e.g. HIPAA, PSD2) is a plus.
• Proven expertise with OneTrust or comparable privacy management platforms.
• Experience conducting DPIAs, PIAs, RoPA maintenance, and DSAR management.
• Track record of advising C-suite, legal, and technology stakeholders on privacy risk.
• Excellent written and verbal communication skills; ability to translate complex regulatory requirements into actionable business guidance.
• One or more recognised privacy certifications: CIPP/E, CIPP/US, CIPM, CIPT (IAPP) or equivalent.

Desirable

• LLB or equivalent law degree, providing a strong foundation in legal interpretation and regulatory engagement.
• Experience with Binding Corporate Rules (BCRs), cross-border data transfer mechanisms, or international privacy programmes.
• Exposure to privacy engineering, data minimisation architecture, or AI/ML governance.
• Experience in a regulated industry (financial services, healthcare, or technology)