SVP - Data Privacy & Protection

Job Description :

Designation: SVP - Data Privacy

Location: Mumbai

Reporting to Head - Risk Policy & Data Privacy

Department Head: CRO

Key Product experience :

- Retail Lending Products

Role Summary :

- To ensure compliance with the Data Privacy and Data Protection guidelines in accordance to the Aadhaar Act 2016, forthcoming DPDP Act as well as other applicable regulatory guidance

- To be SMICC's SPOC for the regulator (UIDAI) post eKYC implementation for coordination and implementation of privacy practices as per their guidelines / circulars from time to time

- To handle required internal risk assessments of the process and controls thereof

- To ensure inter-departmental coordination in resolving customer queries and/or grievances

Job Area Responsibilities :

Compliance to Regulator's Data Privacy Guidelines :

1. To develop, implement, maintain and monitor the comprehensive, organization-wide governance of data protection and security in accordance to the regulatory guidelines

2. To advise the Data Privacy Committee and SMICC's Top Management on the privacy obligations : advise on high-risk processing and requirement of data privacy impact assessments

Assessment of Data Privacy Risks & Management of Incidents:

1. To assess privacy risks of processing identity information / personal data and mitigate the risks

2. To manage / monitor privacy incidents and help address / respond to the same

3. To handle and/or help resolve customer grievances related to their identity information

Training & Awareness:

1. To manage / oversee the process of building awareness and conducting training to staff involved in processing of identity information about legal and organization's reputation consequences of data breach.

2. To conduct / oversee periodic trainings to front-line teams interacting with Aadhaar Number holders to communicate methodology / mandated process of disclosures before taking customer consents

3. To conduct / ensure trainings to associated developers, system admins and other users / intermediaries about the data protection and data privacy obligations as applicable

Periodic and Mandated Audit:

1. To ensure timely conduct of the annual CERT-IN audit and placement of the report with UIDAI

2. To partner and ensure with internal audit team the conduct of quarterly internal audits towards compliance with the Aadhaar Act 2016