Description :

Qualifications :

- BTech/MCA, Bachelors/Masters in computers / IT

Experience :

- 8-12+ years of overall experience including - Data protection and privacy compliance - ISO 27701, GDPR, Information security roles

Proven Experience In :

- Implementing and managing privacy programs

- Conducting Data Protection Impact Assessments (DPIAs)

- Handling Data Principal / Data Subject rights

- Managing privacy incidents and breach response

- Experience in regulated industries such as : BFSI / PAPG / Fintech - Payments, banking, or financial services

Exposure To Regulatory And Audit Environments, Including :

- DPDP Act, IT Act, GDPR, RBI guidelines, ISO 27701 / ISO 27001 audits

- Experience working with cross-functional teams (IT, Security, Legal, Compliance, HR, Product)

Certifications (Desirable) :

- ISO/IEC 27701 Lead Implementer or Lead Auditor

- ISO/IEC 27001 Lead Implementer or Lead Auditor

- CISA/CISM

Job Description :

- Act as the designated Data Protection Officer in accordance with the ISO 27701, DPDP Act, 2023 and other applicable regulations.

- Ensure organisation-wide compliance with applicable data protection laws and regulations.

- Establish, implement, and maintain an effective Privacy Information Management System (PIMS - ISO 27701).

- Advise senior management on data protection obligations, risks, and compliance posture.

- Embed Privacy by Design and Privacy by Default principles across business processes and systems.

- Conduct and review Data Protection Impact Assessments (DPIAs) for high-risk processing activities.

- Maintain and periodically update the Record of Processing Activities (ROPA).

- Oversee lawful collection, use, retention, and deletion of personal data.

- Manage and monitor the handling of Data Principal rights and grievance redressal requests.

- Serve as the primary point of contact for data protection authorities and regulators.

- Support identification, assessment, and response to personal data breaches.

- Coordinate breach notification activities with Legal, Compliance, and Information Security teams.

- Review and approve data protection and privacy clauses in vendor, merchant, and partner agreements.

- Assess and monitor privacy risks arising from third-party engagements and data sharing arrangements.

- Conduct periodic privacy audits and compliance assessments.

- Design and deliver privacy awareness and training programs for employees.

- Monitor adherence to internal privacy policies, standards, and procedures.

- Report data protection risks, incidents, and compliance status to senior management and the Board.

About Company :

SabPaisa (SRS Live Technologies) is an RBI Authorised Payment Aggregator.

Founded in 2016 with headquarters in New Delhi, a corporate office in Kolkata, and regional offices across the country, it is a rapidly advancing fintech company. SabPaisa is dedicated to providing simplified payment solutions, offering customizable options tailored to the clients unique needs.

How Are We Different :

SabPaisas dynamic, PCI-DSS and SSL-certified payment gateway offers secure online checkout with diverse optionsCards, Net-Banking, UPI, Wallets, and offline choices like e-Cash, e-NEFT & Bharat QR, available at nearly 10 Lac Cash Counters nationwide.

Our white-labelled payments and collection suite partners with banks like BOI, BOB, IDFC First, Canara, UBI & Indian Bank, processing over INR 94.9 billion.