Data Protection and Information Security Officer

Role and responsibilities

1. Recognize the principles, intent, ways, rationales, approaches, ideas and solutions proposed, deliberated and adopted in creating / enacting data protection regimes
2. Comprehend privacy legislative ideas, intent, articles, sections and expectations set by them and their relevance to the organization
3. Assess and estimate impact
4. Set up:
5. Privacy Program
6. Data inventory/registry
7. Recording data processing activities
8. Governance mechanism
9. Privacy organization
10. Grievance handling
11. Privacy reporting
12. Monitoring and incident reporting
13. Drive organizational response, contribution, commitments to privacy requirements and obligations (e.g. Training, Awareness campaigns, Board and executive Management Commitment, issuing guidelines, Directives, Policies, Procedures, Seeking conformance and reporting, Assessing preparedness)
14. Operationalizing the Privacy Program including governance
15. Operationalizing the privacy Technology and Architecture
16. Assessing emerging Technology, Digitization impacting Privacy
17. Monitoring and Incident Response

Qualifications

• Fulltime LLB mandatory.
• Experience in people management & global stakeholder management

Key asks of the role:

• Expertise in data privacy laws
• Comprehensive understanding of technologies (solid background in IT, data analysis, data management, data security, data protection tools and techniques). Ability to assess and implement new technologies that enhance the organization's data protection strategies and compliance efforts.
• Good leadership and communication skills. Coordination ability (varied internal stakeholders across hierarchy and externals like data principals, data protection supervisory authority etc)
• Should be able to explain complex data protection concepts in clear and simple terms and foster a culture of data protection within the organization.
• Sound understanding of business domain and operations.
• Audit and legal skills. Ability to conduct and oversee data protection audits, assessments and identify and mitigate risks or gaps in the organization's data protection practices.
• Basic knowledge of legal aspects of data protection (e.g. contracts, agreements, disputes) and be able to liaise with legal advisors or representatives when necessary.
• Complex problem-solving – ability to identify, analyze, solve non-routine problems that require high cognitive effort and creativity. Complex problems often involve multiple factors – uncertainties, interdependencies, dynamic changes and they may not have clear or optimal solutions.
• Critical thinking skills essential as they enable assessment of potential risk and vulnerabilities in the organization's data protection strategies and develop effective solutions for mitigating them and ensuring compliance with applicable data protection laws.
• Emotional intelligence – to help the DPO communicate effectively with different stakeholders (e.g. Data subjects, data processors, joint controllers, data protection board, supervisory authorities and to understand their needs, expectations and perspectives); Handle complex and sensitive data protection issues such as data breaches, complaints, disputes or investigations and to make sound and ethical decisions based on the available information, data and criteria; manage stress, emotions and conflicts that may arise in the course of their work and to maintain a positive and professional attitude and demeanor.

Additional Information

• 15-18 years of post qualification experience as per the above description.