Riskcovry logo

Lead-Information Security & Data Protection

Riskcovry
1 hour ago
Full-time
On-site
Bengaluru, Karnataka, India
Manager

Regulatory Compliance & Governance

  • Act as the designated DPO under India's DPDP Act 2023 and other applicable privacy laws.

  • Maintain a data processing inventory with a documented lawful basis for all activities under the DPDPA Act 2023.

  • Support the development and maintenance of privacy policies, data retention schedules, and consent management frameworks.

  • Monitor the Privacy by Design and Privacy by Default into the SDLC and data engineering practices.

  • Review DPAs, data sharing agreements, and privacy clauses in vendor contracts.

Data Subject Rights & Incident Management

  • Manage data subject requests β€” access, correction, erasure, portability, and grievance redressal β€” within regulatory timelines.

  • Lead the data breach response: detection, containment, regulatory notification, and post-incident review.

Cyber Security Strategy & Governance

  • Establish cybersecurity policies, standards, and guidelines based on industry best practices and regulatory frameworks (ISO 27001).

  • Collaborate with HR and the compliance team to build a cybersecurity-aware culture through regular training and education programmes.

  • Lead risk assessments to identify potential security threats and vulnerabilities, and propose effective mitigation measures.

  • Develop and maintain an incident response programme, managing cybersecurity incidents and data breaches from detection to remediation.



Requirements

  • 3+ years of experience in information security, data privacy, or a combined role, preferably in fintech, insurtech, BFSI, or a regulated industry.

  • Knowledge of India's DPDP Act 2023 and hands-on experience implementing data protection programmes.

  • Strong working knowledge of ISO 27001.

  • Proven experience managing security incidents, data breaches, and regulatory notifications.

  • Excellent communication skills β€” able to translate complex security and legal concepts for non-technical stakeholders.

  • Technical degree (B.Tech/M.Tech in CS/IT orΒ  MBA in Information Security, or related field).