JD for Privacy Compliance Manager · Implementing and maintaining a privacy compliance program aligned with regulatory requirements and organizational policies. · Conducting periodic privacy assessments and audits to evaluate compliance with internal policies and external regulations. · Coordinating with internal stakeholders, such as legal, IT, Security, Hospital Unit Heads and HR departments, to ensure that privacy practices are aligned across the organization. · Helping to draft privacy notices, consent forms, and data processing agreements. · Responding to privacy-related inquiries from customers, employees, and regulatory authorities. · Ensure ongoing compliance with DPDPA, IT Act 2000, CERT-In, NABH, JCI, EHR Standards, and other applicable regulations/statutory requirements. · Track regulatory changes and advise the organization on their impact. · Manage internal and external compliance audits and drive responses to audit findings and mitigation. · Maintain compliance dashboards, trackers, and evidence repositories. · Support in preparation for Data Protection Board audits and inquiries. · Assist the DPO in implementing and maintaining the Data Protection Management Program as per Digital Personal Data Protection Act (DPDPA) 2023. · Conduct Data Protection Impact Assessments (DPIAs) for new projects, processes, and vendor engagements. · Support breach incident management – investigation, containment, notification, and documentation. · Draft, review, and maintain privacy policies, notices, consent frameworks, and data processing agreements. · Perform vendor due diligence & privacy assessments of third-party vendors and ensure appropriate data processing agreements (DPAs) are in place. · Handle data subject rights requests (access, erasure, correction, etc.). · Drive privacy awareness and training programs for employees and relevant stakeholders. · Plan and execute IT Audits, including risk-based audits of IT systems, applications, networks, and medical devices. · Assess effectiveness of IT General Controls (ITGC), inline with the regulatory, statutory requirements. · Perform vendor security & compliance audits. · Identify control gaps and work with IT, Information Security, and business teams for remediation. · Track and close audit observations with proper evidence and timelines. · Support the creation and maintenance of architecture diagrams, data flow maps, and risk registers. · Participate in DLP (Data Loss Prevention), incident response, and business continuity and DR initiatives. · Prepare periodic reports for Senior Management and the Board on compliance posture and data protection risks. · Collaborate with Legal, IT, Clinical, and Operations teams to embed compliance and privacy in day-to-day operations. Required Qualifications & Experience · Bachelor’s degree in Law, Computer Science, Information Systems, or related field. · Professional certifications – Any of the following will be a strong advantage: o Certified Information Security Manager (CISM) o Privacy certifications (IAPP CIPP, CIPM, etc.) o ISO 27001 Lead Auditor / Implementer o Certified Information Systems Security Professional (CISSP - added advantage) ·
12–18 years of relevant experience in Data Privacy, Compliance, and IT Audit,. · Hands-on experience in DPDPA implementation or GDPR compliance is highly desirable.
Key Skills & Competencies · Strong knowledge of DPDPA 2023, IT Act, and healthcare data protection standards. ·
Excellent understanding of IT systems, networks, Data Centre, cloud environments, and security controls. ·
Ability to translate complex regulatory requirements into practical business solutions. · Strong analytical, documentation, and report-writing skills. ·
High integrity, attention to detail, and a methodical approach. ·
Good interpersonal skills to influence stakeholders across levels.
· Ability to handle multiple priorities in a fast-paced environment.
Pay: From ₹477,931.91 per year
Benefits:
- Health insurance
- Provident Fund
Experience:
- Data Privacy, Compliance, and IT Audit,: 10 years (Preferred)
- DPDPA implementation: 10 years (Preferred)
- GDPR compliance: 10 years (Preferred)
- ITGC: 10 years (Preferred)
Work Location: In person
