255 Cry jobs in India

Data Protection and Privacy Compliance:

Ensure compliance with applicable data protection laws and regulations (e.g., GDPR, CCPA, NDPR).

Develop, implement, and maintain data protection policies, procedures, and guidelines.

Conduct regular reviews of privacy policies, consent mechanisms, and data subject rights processes.

Act as the primary point of contact for data protection authorities and external stakeholders.

2. Internal Audit:

Collaborate with internal audit teams to evaluate data protection and privacy risks.

Perform audits on data processing activities, ensuring adherence to internal and external requirements.

Provide recommendations to enhance data protection controls and mitigate identified risks.

Document audit findings and follow up on corrective actions.

3. Training and Awareness:

Develop and deliver data protection training programs for employees at all levels.

Raise awareness about data privacy and the importance of compliance across the organization.

4. Incident Management:

Monitor and respond to data breaches, ensuring timely reporting to authorities as required.

Lead investigations into potential data protection incidents and prepare detailed reports.

5. Risk Assessment and Monitoring:

Conduct regular data protection impact assessments (DPIAs).

Monitor and review data processing activities to identify and mitigate risks.

Stay updated on developments in data protection laws, regulations, and best practices.

6. Vendor Management:

Assess third-party vendors for compliance with data protection requirements.

Establish data processing agreements (DPAs) with vendors handling personal data.

7. Reporting:

Prepare reports on data protection activities, risks, and compliance status for senior management.

Provide input for the annual compliance and audit plans.

Key Skills and Qualifications:

1. Education and Experience:

Bachelors degree in IT, or a related field (Masters preferred).

Professional certifications such as CIPP/E, CIPM, CIPT, or CDPO are highly desirable.

Minimum of 5 years of experience in data protection, compliance, or internal audit.

2. Technical Skills:

Strong knowledge of global data protection laws and frameworks (e.g., GDPR, CCPA, NDPR).

Familiarity with IT systems, data protection technologies, and cybersecurity principles.

Experience in conducting DPIAs and managing data breaches.

3. Soft Skills:

Excellent communication and presentation skills.

Strong analytical and problem-solving abilities.

Ability to work independently and with cross-functional teams.

Attention to detail and a proactive approach to compliance challenges.

Key Performance Indicators (KPIs):

Compliance with data protection laws and regulations.

Completion rate of data protection training programs.

Timeliness and accuracy of data breach reporting and resolution.

Number of identified and mitigated data protection risks.

Audit findings and successful implementation of corrective actions.

Role & responsibilities

As a data protection privacy analyst - country support, you are in supporting designated Randstad Global Data Protection markets in achieving and/or maintaining their local compliance and data protection maturity through activities like:

• supporting stakeholders with (assessing and maintaining) data mapping as well as privacy and vendor assessments, including reviews
• supporting the business/stakeholders in risk management concerning privacy, with treatment plans, including reviews
• supporting stakeholders with incident management and potential regulatory reporting
• implement and maintain data protection policies and data protection framework and/or ISO27701 controls as well as supporting ISO27001 controls by collaborating with Information Security counterpart
• compliance reviews on data protection maturity with regard to policies & data protection framework
• managing and assessing data subject requests regarding the processing of their personal data and the exercise of their rights; such as deletion and access to information
• providing first line support to Randstad market stakeholders on data protection queries
• reviewing and updating data protection policies and procedures as needed, as well as the privacy notice
• participating in project consulting on various data protection-related matters
• monitoring national case law and providing updates on business developments
• guide and assist clients with their questions, primarily concerning Data Processing Agreements (DPAs)
• assisting in management of knowledge platform (eg., page updates, structure, content management)

Preferred candidate profile

• Has 2-4 years of relevant working knowledge and experience in data protection
• Interest in data privacy and information technology trends
• Degree (or equivalent) in Law, additional qualification in IT or data protection is preferred
• Knowledge of EU and other data protection legislation / data protection principles
• Experience in providing operational and tactical advice and guidance from a data protection regulatory perspective to stakeholders

Job Purpose
TM Data Protection is responsible to assist VH Data Protection in driving the:

• Privacy compliance for HIL along with the HIL Legal and central team in accordance with business requirements, legal and regulatory requirements
• Complete data loss prevention program for HIL
• Report and investigate data leakages

Key Result Areas/Accountabilities
Key Result Areas/Accountabilities
Supporting Actions
Data Protection Compliance Framework

• Drive the adoption of the framework across HIL.
• Maintain an updated repository of applicable laws, regulations, standards, compliances in partnership with the legal team

Data Protection Risk, Compliance and Audits

• Maintain the data protection risk register for HIL.
• Work with various business teams to conduct Data Protection Impact Assessment (DPIA)
• Deploy and track KPIs and measures to track the effectiveness of the data protection program across HIL

Data Protection Awareness Campaigns

• Conduct data protection awareness for various stakeholders (leadership to implementation teams) regarding the laws, regulations and standards applicable to HIL with the central team.
• Issue regular advisories (emailers, newsletters, bulletins) on data protection.
• Identify and deploy various channels of awareness such as classroom sessions, e-learning programs, learning nuggets etc.

Data Loss Prevention Campaigns

• Deploy the Data Loss Prevention (DLP) technology for HIL users.
• Deploy the DLP framework for HIL including critical data sets, rules and incident management protocols.
• Track DLP incidents

User and Entity Behavior Analytics (UEBA) Framework

• Continuously monitor UEBA outcomes

Our Mission

Provide security teams with breakthrough visibility and control over all high-value enterprise data, transforming how organizations protect their data from IP theft and insider threats.

About the Role

This is an ideal opportunity for a highly motivated individual to get in on the ground floor as we build out our Professional Services and Managed Services functions at Cyberhaven. The Data Protection Analyst holds a key position in providing continuous value for our customers and is responsible for advancing the mission of identifying potential insider threats and investigating endpoint forensic incidents. You will be responsible for performing technical analysis of data security incidents, finding and exposing risk in a customers environment as well as handling documentation and project management aspects of incident response. You will also perform analysis of events and incidents.

What you'll do:

• Provide insight into DLP analytics and related issues.
• Analyze Cyberhaven's Data Detection and Response (DDR) platform event data to improve policies and incidents/alerts and bring focus to areas where data loss risk may exist.
• Refine datasets and policies and manage them as customers' data risk strategy matures and business needs evolve.
• Prepare and present summaries and reports to internal team members.
• Eliminate noise and false-positive information from analytic results to enhance detection accuracy.
• Conduct forensic analysis on people, groups, and non sanctioned egress destinations as requested.

Who you are:

• 2-5 years experience in working with a data protection product, or adjacent security tool experience (EDR, SIEM, SOAR).
• Knowledge of endpoint protection best practices and security incident mitigation workflows.
• 2+ years' experience with Insider Threat Programs and Information Security.
• Excellent problem-solving and analytical abilities with creative and logical thinking.
• Highly motivated, customer centric person, strong customer empathy and focus.
• Ability to work as part of a global team,
• Excellent written and verbal communication skills.

What you should have:

• Familiarity with technologies that are adjacent to Cyberhaven in which we integrate, (SIEM/SOAR) are desired.
• Knowledge of security controls for the handling of sensitive data types.
• Understanding of macOS, Linux and Windows environments.
• Experience with DLP, Insider Threat and CASB solutions
• Familiarity with cloud apps and services (GCP, AWS, Azure)
• Knowledge of SQL for writing queries and performing data analysis.
• Experience designing, developing and maintaining interactive dashboards and data visualizations.
• Knowledge in modifying and developing XML-based content rules to refine DLP datasets
• Knowledge with general scripting for automation and utilizing APIs.
• Excellent communication and interpersonal skills required, with a passion for cloud security and emerging technologies.

Cyberhaven is the AI-powered data security company revolutionizing how companies detect and stop the most critical insider threats to their most important data. We've raised over $250M from leading Silicon Valley investors like Khosla and Redpoint. Cyberhaven is also backed by founders, executives, and security leaders who have built transformational technologies at Crowdstrike, Nutanix, Palo Alto Networks, Meta, Google, Slack, and others.

Our company values are:

• Think Deeply and Use Sound Reasoning
• Step Up and Take Ownership
• Continuously Learn and Grow
• Obsess About Customers
• Enjoy the Journey
• Reach for Ambitious Goals

Cyberhaven is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

Role & responsibilities:

1. Develops and maintains the Cyber Security data protection and privacy technical architecture to safeguard data, personnel, products and solutions that meet business requirements. Recommends guiding principles and technical standards that foster technological development.

a. Collaborates with IT and business units to understand the requirements for security of data (stability, availability, integrity, privacy, etc.).

b. Maintains architecture diagrams for both current and future states.

c. Builds security controls that transition from current to future states.

d. Stays abreast of technology innovations relating to data protection to ensure decisions align with industry best practices.

2. The Data Protection Analyst will manage our Microsoft Purview Configurations and any other tools that contribute to data security. In addition, will assist in monitoring and assessing security to maintain governance, risk and compliance requirements through technical audits, risk assessments and issue management to maintain a compliant, audit ready posture. This role may also support the Enterprise Architecture team and Project Management Office to deliver technical security advisory services.

a. Configure data classification controls and standards for the environment.

b. Define data loss prevention controls and standards to protect our most sensitive data.

c. Collaborate with Insider Risk team to identify and remediate risks.

d. Identifies security and compliance requirements that align with standards, policies, technical controls, and architecture principles. Reviews risk assessments completed as part of the project lifecycle.

3. Performs security impact assessments to determine the enterprise's specific security, AI and privacy related risks.

a. Performs risk assessment to ensure appropriate security during the introduction of modern technologies. Review and approve the findings and recommendations of risk assessments.

b. Conducts audits and monitors issues to provide assurance reporting of how complying with policies, industry and regulatory standards, and requirements to ensure the internal control framework is compliant and audit ready.

c. Conducts security due diligence of third parties (vendor, suppliers and partners) based on risk model including security contract language, and logical, physical, and administrative controls.

Key Roles & Responsibilities

• Design and implement data privacy frameworks, data governance, data risk and control framework, policies, and procedures across business units.
• Lead privacy-by-design and security-by-design initiatives in collaboration with engineering and IT teams. Conduct system audits, penetration testing, and vulnerability assessments.
• Oversee handling of data subject rights requests, and privacy grievance redressal mechanisms. Co-ordinate privacy incident management and response across the organization, including public communication, reporting to affected data subjects, Data Protection and Cyber Security regulators and other authorities.
• Ensure compliance with DPDP Act, GDPR, ISO 27001, and other applicable standards.
• Serve as the point of contact for grievance redressal and regulatory authorities in relation to data privacy.
• Develop and roll out privacy and security training programs across the organization. Promote a culture of data protection and compliance.
• Track data-related issues, ownership, reporting requirements and resolution timelines. Provide strategic updates to senior management and maintain metrics for deliverables, adoption and compliance.
• Collaborate with various cross functional teams including legal, compliance, technology, information security, customer service to ensure alignment and accountability.
• Manage and implement security protocols to ensure data integrity and protection. Advising the senior management on evolving regulations, security threats and adapting strategies accordingly.
• Mentor the data protection team, fostering collaboration with cross-functional teams and guide various businesses to ensure compliance with data protection/data privacy requirements.
• Oversee vendor contracts and ensure third-party compliance with data protection obligations.
• Lead annual Data Protection Impact Assessments (DPIA) and audits as mandated for Significant Data Fiduciaries.

Preferred Certification:

Certified Information Systems Security Professional (CISSP)

Certified Information Privacy Professional (CIPP/E, CIPP/US)