'%3e%3cpath d='M15.3069 13.1535H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 8.15347H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 3.30693H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath id='clip0_126_10407'%3e%3crect width='16' height='16' fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Vice President - Data Protection Officer - Investment Bank
MumbaiOpening for Vice President - Data Protection Officer - Global Investment Bank
Position Purpose
Management and governance of data protection risk for the India legal entity and ensure regulatory and policy adherence as 2nd line of defence. To fully inform and implement controls and activities for the India DPO in order to supervise the compliance with data protection regulations and Group policies and guidelines, ensure second level controls. Provide necessary advisory to support the 1st Line of Defence to fulfill the data protection requirements of the entity. Implementation, management and innovation of 2nd line of defence risk management within ISPL.
Direct Responsibilities DPO
1. Communication with external stakeholders, DPO and data subjects
- Act as the key point of contact and cooperate with relevant members of the DPO community on issues relating to personal data processing; o Act as a point of contact for data subjects with regards to significant issues
2. Matters related to organisation and framework related to personal data protection within his / her scope:
A. As directed by the DPO, Implement general policies and guidelines on personal data protection and ensure their consistency with the relevant Group policies and guidelines.
B. Contribute to the monitoring of the regulatory landscape on data protection regulations and the relevant communication performed by LEGAL.
C. Contribute to, and establish as necessary data protection committees at different levels (e.g. ICC, Personal Data Protection and Privacy Committee, etc.)
D. As instructed by DPO, implement the overall personal data protection framework on the following topics:
- Review and advise on implementation of policies and guidelines on Personal Data Protection and monitor consistency in their implementation (Consent collection process, cross border transfers, management of retention or personal data obsolescence, etc.)
- Review and advise on implementation of Privacy by design principles from the design stage and during the life-cycle into all projects, products, services, activities, processes and systems
- Provide advice on Privacy Impact Assessment (PIA) (e.g. whether or not to carry out a PIA, what methodology to follow, what safeguards to apply to mitigate any risks to the rights and interests of individuals) and monitor that PIAs are performed correctly
- Review and advise on implementation of Personal Data Security principles and management of personal data breaches
- Monitor the implementation of Group security strategy in line with Personal Data Protection regulatory requirements
- Contribute to risk evaluation in case a personal data breach occurs to ensure in a timely manner:
- Appropriate safeguards (technical and organizational) are set-up to mitigate any risks to the rights and interests of the data subjects
- Adequate communication and reporting channels are in place to notify the appropriate stakeholders (e.g. management, Data Protection Authorities, data subjects)
Oversee the Reporting of personal data breaches to the DPA as per DPO - Contribute to maintenance of the Records of processing activities (Register)
- Review and advise on rules regarding record of processing activities
- Monitor that the record of processing activities (Register) is kept up to date, filed under the responsibility of the controller / processor, in line with defined rules and make it available upon Data Protection Authorities request
- Build and implement an awareness program
- Contribute to the promotion of a data protection culture
- Ensure that training provided to the employees involved in processing activities are sufficient and refreshed on a periodic basis to maintain data protection awareness
E. Under DPO guidance, operate the second level controls and independent testing on personal data protection framework in order to monitor compliance with personal data protection legislation and internal policies and guidelines:
- Define and perform risk-based second level of controls on processes related to personal data protection. Assess effectiveness of the 1st Line of Defence (business and IT) controls on Personal Data Protection based on Generic Control Plans defined by the Group This will involve 2LoD controls testing against Local and Group Data Protection requirements for: personal data processed across the organisation; high risk activities, new products and activities which involve personal data and testing of IT systems in addition to testing of business operations. Provide independent reporting and alert on critical points to senior management
F. As the DPO , the following key direct responsibilities are also included: Coordinate overall communication with leadership from DPO
Provide independent reporting and alert on critical points to the APAC DPO and CRO
Contributing Responsibilities Governance & Oversight
Contribute to the establishment of ISPL governance within the three lines of defence model in alignment with the Group Risk Management Framework Assist with establishing appropriate risk management governance committees, arrange agendas and chair meetings as appropriate Assist with establishing and oversight of the Operational Risk Management infrastructure and ensure practices are consistent with regulatory expectations and industry sound practices
Risk management environment
Business Resiliency & Continuity: Oversee and drive the business resiliency and continuity plans to ensure the ability of the Bank and at ISPL to operate on an ongoing basis and limit the losses in the event of severe business disruption. Coordinate with the first and third lines of defence to test these plans to ensure coverage and adequacy. Technical & Behavioral Competencies
Professional qualifications relevant to Data Protection (CIPP, CIPM etc.) Strong risk mindset with understanding of applicable regulatory requirements in financial services sector around Information Security Risks (Technology Risk, Business Continuity Risk, etc.) Experience in managing Enterprise Risk and necessary Controls. Experience in conducting Privacy Risk assessment process. Knowledge of Regulatory requirements including Data Privacy Regulations like GDPR, India Data
Privacy Law, SEBI and RBI privacy requirements etc. with cross border implications.
Must be able to interface and coordinate work efficiently and effectively with business and technology partners. Good team player with strong stakeholder management, relationship building, influencing, facilitating. Good listening and analytical skills including, Being able to come to a thoughtful and business focused conclusion quickly. o Ability to co-operate and work well with others adopting an approachable style.
Didn’t find the job appropriate? Report this Job
'%3e %3cpath d='M24 48C37.2548 48 48 37.2548 48 24C48 10.7452 37.2548 0 24 0C10.7452 0 0 10.7452 0 24C0 37.2548 10.7452 48 24 48Z' fill='%23333333' fill-opacity='0.8'/%3e %3cpath fill-rule='evenodd' clip-rule='evenodd' d='M22.5299 19.0115V19.5849V29.0154V31.5316C22.5299 32.3403 23.1967 33 24.004 33C24.8114 33 25.4784 32.3358 25.4784 31.5316V29.0154V19.5849V19.013L29.4885 23.0077C30.0627 23.5795 31.0044 23.5743 31.5733 23.0077C32.1421 22.441 32.1423 21.4975 31.5735 20.9308L30.1054 19.4684C30.0891 19.4504 30.0724 19.4329 30.0551 19.4156L25.0837 14.4634L25.0479 14.4264C24.9234 14.3024 24.7807 14.2055 24.6281 14.1358L24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946C24.0039 13.8983 23.3839 14.0068 22.9622 14.4268L22.9533 14.436L21.4743 15.9093C21.4615 15.9211 21.449 15.933 21.4367 15.9452L16.4286 20.934C15.8598 21.5008 15.8545 22.4389 16.4286 23.0108C17.0027 23.5826 17.9394 23.5827 18.5135 23.0109L20.0019 21.5283C20.0147 21.5164 20.0274 21.5043 20.0399 21.492L22.5299 19.0115ZM24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946L24.5952 14.1212Z' fill='white'/%3e %3c/g%3e %3cdefs%3e %3cclipPath id='clip0_99_1825'%3e %3crect width='48' height='48' fill='white'/%3e %3c/clipPath%3e %3c/defs%3e%3c/svg%3e "Scroll Up"){kind=small}