Data Privacy - Security Lead 482

About the team:
The Information Security team at Paytm Payments Services limited plays a critical role in shaping the company’s information security strategy, infrastructure, and capabilities. PPSL is planning to add dedicated resources for information security Tool/Technologies including Data Privacy & Compliance.The purpose of the position is to manage and enhance data privacy strategy, manage internal and external cybersecurity audits, and ensure compliance with regulatory standards and industry best practices for PPSL.
Roles and Responsibilities:Data Protection Officer & Compliance lead reports directly into CISO.1.Data Privacy Strategy and Compliance:•Develop, implement, and maintain comprehensive data privacy policies, procedures, and guidelines.•Ensure alignment of data handling practices with Indian data protection regulations (DPDP act 2023).•Conduct privacy impact assessments (PIAs) and implement risk mitigation strategies.•Monitor changes in data privacy laws and regulations to ensure ongoing compliance.•Serve as the primary contact for data privacy inquiries from regulatory authorities, data subjects, and internal stakeholders.
2.Cybersecurity Audits and Compliance Oversight:•Plan, coordinate, and manage both internal and external audits of cybersecurity measures.•Collaborate closely with IT and security teams to facilitate audit processes, provide necessary documentation, and address audit findings.•Implement recommendations from audits to enhance cybersecurity measures and mitigate risks.•Stay abreast of emerging cybersecurity threats and industry standards to strengthen organizational defences.
3.Regulatory Compliance:•Monitor compliance with data protection laws, regulations, and other applicable standards (e.g., ISO 27001, NIST, CERT -In, IT act etc.).•Conduct regular assessments to identify compliance gaps and implement corrective actions.•Work closely with legal and compliance teams to interpret regulatory requirements and ensure adherence.4.Policy Development and Documentation:•Draft, review, and maintain PPSL cyber policies, procedures, and documentation.•Ensure policies are communicated effectively across the organization and updated in response to regulatory changes.5.Training and Awareness:•Develop and deliver data privacy and cybersecurity training programs for employees to promote awareness and compliance.•Provide guidance and support to various departments on data protection and cybersecurity best practices.
Relevant Experience•Proven 8+ years’ experience into Audit, Compliance, Data Privacy Officer, Cybersecurity Compliance Manager, or similar role.•In-depth knowledge of data protection laws (DPDP) and cybersecurity standards (e.g., ISO 27001, NIST).•Minimum of 5+ years in security requirements, cyber security, IT security audits, certifications, etc., in at least 2 IS/IT projects•Certifications: ISO 27001 & CISSP (Certified Information Systems Security Professional) is mandatory and Certification as a Data Protection Officer (CIPP/E, CIPM, CIPT, DSCI Data Privacy certifications) or relevant cybersecurity certifications (e.g., CISSP, CISM) is a plus.
Interpersonal Skills:•Excellent communication and interpersonal skills with the ability to collaborate effectively across departments.•Ability to work independently, prioritize tasks, and handle confidential information with discretion.•Ability to handle high-pressure situations with key stakeholders •Good Analytical skills, Problem-solving and Interpersonal skills •Creation of reports, dashboards, and metrics for information security/compliance operations and presentation to Sr. Mgmt.