Director-data Risk Advisor

Job Summary The Data Risk Advisor DRA is responsible for monitoring compliance with the Digital Personal Data Protection DPDP Act 2023 and other applicable data protection laws The DRA will serve as the primary point of contact for the Data Protection Board of India DPBI and data principals individuals whose data is being processed regarding all data privacy matters This role requires a strategic leader who can implement and oversee an effective data privacy governance framework while balancing compliance with business objectives Key Responsibilities Strategy Support Head CFCR Governance to Proactively develop regulatory relationships with regulators in Country through a structured engagement programme with consistent adherence to regulatory expectations Ensure that Standard Chartered Bank s operations in the country are in line with regulatory expectations and Group requirements to set and implement the vision strategy direction and leadership consistent with the vision and strategy for CFCR and in support of the Group s strategic direction and growth aspirations Promote the culture and practice of compliance with compliance standards including conducting business within regulatory requirements and to high ethical standards within the Bank and embed a Here for good culture and the Group Code of Conduct Business Support relevant stakeholders to make decisions based on current and possible future policies practices and trends In conjunction with the relevant stakeholders analyse the impact of regulatory compliance matters on the bank and its operations Use general knowledge of business products undertaken in the jurisdiction to work with business compliance specialists to respond to regulatory questions and keeps the in-Country regulators updated on developments in the Bank Processes Data Principal rights and grievance redressal Handle requests Act as the nodal officer for addressing grievances and requests from Data Principals Manage rights Ensure the organization has procedures in place to honor data principal rights such as the right to access correct and erase personal data Ensure timely responses Supervise processes for responding to Data Principal requests within the statutory timelines Transparent grievance redressal - Ensure effective and transparent grievance redressal mechanisms are in place and followed Data protection impact assessments DPIA Oversee DPIAs Supervise and advise on Data Protection Impact Assessments for any new processing activities that pose a high risk to data principals Mitigate risk Advise on appropriate risk mitigation strategies for new and existing projects Integrate privacy by design Ensure that data protection principles are integrated into the design and development of new products systems and services Regulatory liaison and reporting Interface with the Board Act as the single point of contact for the Data Protection Board of India Collaborate with authorities Collaborate with the Data Protection Board during any audits investigations or inquiries Report data breaches Oversee the development and implementation of an incident management and breach response protocol Ensure timely notification of breaches to the Data Protection Board and affected Data Principals Data Security Oversee the investigation and remediation of data security incidents Advisory and Training Educate employees Inform and advise the organization and its employees on data protection obligations under the DPDP Act Develop training programs Create and deliver targeted training and awareness programs to foster a company-wide culture of privacy and data protection Privacy by Design Integrate the principles of Privacy by Design into the development of new products services and systems Data Advisory Provide advisory to stakeholders in country and Group on the requirement and the obligations under the DPDP Act Policy Development and Management Policies and Procedures Develop implement and maintain internal data protection policies guidelines and procedures Third Party Contracts Ensure all vendor and third-party contracts include appropriate data protection Risk Management Data protection impact assessments DPIA Oversee DPIAs Supervise and advise on Data Protection Impact Assessments for any new processing activities that pose a high risk to data principals Mitigate risk Advise on appropriate risk mitigation strategies for new and existing projects Integrate privacy by design Ensure that data protection principles are integrated into the design and development of new products systems and services Governance Compliance oversight and governance Monitor compliance Regularly monitor and enforce compliance with the DPDP Act and other applicable data protection laws Establish frameworks Develop implement and maintain a robust data privacy governance framework and internal policies to ensure efficient data utilization Record processing activities Maintain a comprehensive and verifiable record of all data processing activities Audit data practices Work closely with the Compliance Testing and Internal Audit team for review of data privacy and risk assessments to identify and rectify compliance gaps Regulatory Business Conduct Display exemplary conduct and live by the Group s Values and Code of Conduct Take personal responsibility for embedding the highest standards of ethics including regulatory and business conduct across Standard Chartered Bank This includes understanding and ensuring compliance with in letter and spirit all applicable laws regulations guidelines and the Group Code of Conduct Effectively and collaboratively identify escalate mitigate and resolve risk conduct and compliance matters Key stakeholders Internal Region CFCR Group CFCR Business GIA GBS External RBI Auditors Data Protection Board Skills and Experience Data Protection Compliance Legal Cybersecurity Risk Management Qualifications Education A degree in law cybersecurity IT or a related field Professional certifications such as Certified Information Privacy Professional CIPP A or Certified Information Privacy Manager CIPM are highly desirable Experience Proven experience in a data protection compliance legal cybersecurity or risk management role with a strong track record of interpreting and implementing data protection laws Expert knowledge Deep understanding of India s DPDP Act GDPR and other relevant data privacy principles and regulations and the ability to apply DPDP principles to organisational practices Technical expertise Familiarity with data security tools and technologies including encryption anonymization and security controls Communication skills Excellent written and verbal communication skills to effectively advise management train staff and liaise with regulators Problem-solving Strong analytical and problem-solving skills to manage complex privacy issues Integrity Must be free from any conflict of interest that would compromise their ability to oversee the organisation s data protection activities About Standard Chartered We re an international bank nimble enough to act big enough for impact For more than 170 years we ve worked to make a positive difference for our clients communities and each other We question the status quo love a challenge and enjoy finding new opportunities to grow and do better than before If you re looking for a career with purpose and you want to work for a bank making a difference we want to hear from you You can count on us to celebrate your unique talents and we can t wait to see the talents you can bring us Our purpose to drive commerce and prosperity through our unique diversity together with our brand promise to be here for good are achieved by how we each live our valued behaviours When you work with us you ll see how we value difference and advocate inclusion Together we Do the right thing and are assertive challenge one another and live with integrity while putting the client at the heart of what we do Never settle continuously striving to improve and innovate keeping things simple and learning from doing well and not so well Are better together we can be ourselves be inclusive see more good in others and work collectively to build for the long term What we offer In line with our Fair Pay Charter we offer a competitive salary and benefits to support your mental physical financial and social wellbeing Core bank funding for retirement savings medical and life insurance with flexible and voluntary benefits available in some locations Time-off including annual leave parental maternity 20 weeks sabbatical 12 months maximum and volunteering leave 3 days along with minimum global standards for annual and public holiday which is combined to 30 days minimum Flexible working options based around home and office locations with flexible working patterns Proactive wellbeing support through Unmind a market-leading digital wellbeing platform development courses for resilience and other human skills global Employee Assistance Programme sick leave mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth with opportunities to reskill and upskill and access to physical virtual and digital learning Being part of an inclusive and values driven organisation one that embraces and celebrates our unique diversity across our teams business functions and geographies - everyone feels respected and can realise their full potential 43503