Job Description

:
This role is for one of the Weekday's clients
Min Experience: 12 years
Location: mumbai, Bengaluru
JobType: full-time
We are seeking a highly experienced and knowledgeable Director - Data Privacy and Law to lead our organization's global privacy and compliance strategy. This senior leadership role is pivotal in shaping, implementing, and overseeing the company's data privacy policies and ensuring full compliance with international and local regulations including GDPR, PIPL, and applicable data protection acts. The ideal candidate will have a deep understanding of privacy frameworks, regulatory expectations, and a passion for building trustworthy data governance practices.
Requirements:
Key Responsibilities:

• Strategic Privacy Leadership:

• Lead the design, development, and implementation of the company's global data privacy and compliance strategy.
• Advise executive leadership on evolving data privacy laws and potential impacts to business operations across jurisdictions.
• Policy Development & Governance:

• Draft, review, and maintain internal privacy policies and procedures ensuring alignment with global standards such as GDPR, PIPL, and other data protection acts.
• Develop comprehensive privacy notices and manage updates based on regulatory changes or business expansion.
• Compliance & Risk Management:

• Conduct Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new and existing projects.
• Lead privacy audits and gap assessments in accordance with NIST, ISO/IEC 27701, and other relevant frameworks.
• Develop controls to mitigate privacy risks and monitor their effectiveness regularly.
• Regulatory Engagement & Training:

• Liaise with Data Protection Authorities and other regulators on matters related to privacy incidents, compliance inquiries, and reporting obligations.
• Oversee privacy training and awareness programs across all levels of the organization to foster a culture of compliance.
• Incident Response & Data Breach Management:

• Lead the organization's response to data breaches or security incidents involving personal data, ensuring timely containment, assessment, and notification as required by law.
• Maintain and test data breach protocols and readiness on a regular basis.

• 12-20 years of experience in legal, compliance, or privacy roles with strong exposure to data privacy and protection laws.
• In-depth knowledge of global privacy laws and regulations including GDPR (EU), PIPL (China), CCPA, and other regional data protection acts.
• Demonstrated experience in leading privacy assessments, drafting privacy policies, and managing privacy programs.
• Strong understanding of industry-standard privacy frameworks such as NIST Privacy Framework, ISO/IEC 27001/27701.
• Certification from the International Association of Privacy Professionals (IAPP) such as CIPP/E, CIPP/US, or CIPM is highly preferred.
• Proven ability to partner with cross-functional teams including Legal, IT, Security, HR, and Product.
• Excellent communication, stakeholder management, and leadership skills.
• Bachelor's degree in Law, Compliance, Cybersecurity, or related fields. Advanced degree (JD/LLM) is a plus.