Data Privacy Compliance Technical Consultant

This role is for one of Weekday's clients

Min Experience: 6+ years
Location: Bangalore, Delhi
JobType: full-time

Requirements

The main responsibilities in the role are:

• Compliance: Ensure compliance with relevant external regulations and internal standards, such as GDPR, ISO 27001, and others.
• Govern and oversee GDPR / AAS / DORA / SCHREMS compliance for Application Security and Third-Party Risk Management
• Monitor ITRM KRIs and deliver remediation plans
• Ensure availability and maintenance of NIST control evidence.
• Develop, implement, and manage comprehensive security compliance programs.
• Policy Development: Create and enforce security policies, procedures, and guidelines to maintain compliance.
• IAM topics: Oversee the IAM NIST Controls, Recertification campaigns and ad hoc KRI mitigation actions.
• Audit and Assessment: Collaborate to conduct regular audits and assessments to identify compliance gaps and ensure adherence to security standards.
• Risk Management: Identify, assess, and mitigate compliance risks to the organisation.
• Deliver Risk analysis on business requests (new apps, new projects, new vendors...)
• Ensure Risk Acceptances are registered, and follow-up actions are tracked to closure.
• Lead Security exception Validation.
• Conduct awareness sessions to LOD1 Infosec team on Risk Management
• RFP Support
• Respond to customer security questionnaires and review security clauses.
• Incident Response: Lead the response to security incidents, ensuring proper documentation and resolution in line with compliance requirements.
• Training and Awareness: Develop and deliver training programs to increase awareness of security compliance across the organisation.
• Design, launch and reporting of phishing campaigns and conduct awareness sessions.
• Monitoring and Reporting: Monitor IT systems for potential risks and vulnerabilities and provide regular reports to senior management.
• Responsible for internal/external audit monitoring and reporting - global CISO ownership.
• Ensure the follow-up of audit recommendations (Inspection, external auditors, regulators, etc.).
• Monitor and coordinate the timely closure of audit recommendations.
• Work closely with IT, legal, and business teams to integrate compliance requirements into business processes.

Technical Skills:

• Knowledge of Microsoft Defender Phishing Module or a similar platform.
• Proficiency in MS Office, particularly MS Excel and PowerPoint.

Behavioural Skills on the job:

• Strong understanding of security awareness, incident management, and crisis management principles.
• Proactive communication, presentation, and stakeholdermanagement skills.
• Proven leadership and projectmanagement abilities.
• Ability to work independently and make effective decisions under pressure.
• Strong organisational, analytical, presentation, and reporting skills.
• Capacity to challenge local stakeholders' arguments and action plans.
• Excellent organizational and crossfunctional coordination skills.
• Strong adaptability, openness to feedback, and willingness to continuously learn.
• Resultsdriven mindset with strong planning and execution discipline.

Qualifications:

• Bachelor's or master's degree preferred.
• Relevant certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Lead Auditor, CompTIA Security+, etc.
• At least 7 years of work experience in Cybersecurity operations (Risk management, Data security, Network security, IAM).

Must-have skills

GDPR, cissp

Good-to-have skills

Cyber Security, RFP