Location: Gurgaon HOBand: 4A / 4BReporting To: Richa AlaghTeam Size: Individual Contributor
Job Summary
The Data Privacy Steward is responsible for developing, implementing, and overseeing comprehensive data privacy initiatives to safeguard sensitive information and foster a culture of privacy across the organization.
This role requires close collaboration with cross-functional stakeholders, including Data Privacy, Operations, Underwriting, Claims, Digital, Legal, Compliance, Information Security, and other data-processing owners, to ensure effective implementation of privacy programs.
The position also acts as an independent second line of assurance for privacy controls, ensuring protection of organizational data assets and adherence to applicable data privacy laws and regulatory guidelines.
Key Responsibilities
1. Data Classification Risk Assessment
- Identify, classify, and categorize sensitive and personal data across the organization.
- Conduct regular monitoring of data handling practices to ensure compliance.
- Support enterprise initiatives such as data anonymization, masking, and other privacy-enhancing techniques.
2. Compliance Monitoring
- Support adherence to applicable data privacy laws, regulations, and internal policies.
- Plan, prepare, and coordinate periodic data privacy reviews with stakeholders.
- Track, govern, and ensure timely closure of remediation actions arising from assessments.
- Conduct annual reviews of Data Flow Diagrams (DFDs) and Records of Processing Activities (RoPA).
- Create DFDs and RoPA documentation for new processes.
- Assist in conducting Data Protection Impact Assessments (DPIAs) for new and existing processing activities.
- Manage annual compliance activities and privacy-related compliance management system (COMS) tasks.
3. Data Subject Rights Management
- Monitor and support handling of data principal requests including access, correction, deletion, and nomination.
- Ensure timely and compliant resolution of all such requests.
4. Vendor Third-Party Risk Management
- Conduct third-party risk assessments to ensure vendor compliance with privacy standards.
- Review and evaluate third-party privacy practices to safeguard externally shared data.
- Ensure alignment with organizational standards and regulatory expectations.
5. Training Awareness
- Design and deliver privacy training programs for employees at all levels.
- Enhance awareness and understanding of data protection responsibilities.
- Train individuals involved in data processing to foster a strong privacy culture.
6. Data Breach Response
- Identify, assess, and report incidents that qualify as data breaches.
- Support incident response processes in line with applicable regulatory requirements.
Measures of Success
- High level of accuracy, visibility, and traceability of data flows across the organization.
- Strong adoption of privacy risk culture across functions.
- Effective and timely closure of identified gaps and remediation actions.
Key Relationships
- Enterprise Risk Management (ERM)
- Internal Control Functions
- Third-Party Vendors and Partners
- Cross-functional Business Teams
Desired Qualifications Experience
- Strong understanding of data privacy laws, regulations, and frameworks.
- 4–5+ years of experience in Data Privacy and/or Operations.
- Detailed knowledge of operational processes within the Life Insurance industry.
- Experience with privacy tools and data protection practices is an added advantage.
- Proven experience in a data privacy or compliance role within a complex organizational environment.
Skills Competencies
- Strong leadership and interpersonal communication skills.
- Ability to balance business objectives with privacy and regulatory requirements.
- Excellent collaboration skills across diverse teams and functions.
- High attention to detail with the ability to handle sensitive information with discretion.
