539 Data Privacy Analyst jobs in India

To manage a high-quality readiness to data protection & information governance, Subject Access Requests, third party risk management, and Data Protection enquiries from the council upholding our statutory obligations.

The data protection analyst will assist the compliance activities of the Data Protection Officer, supporting data privacy regulations and apply them in a practical manner.  

This role reports to the Data Protection Officer and will support aspects of corporate Data Privacy Compliance programs including managing redlined addendum, contracts, and other activities required by the Data Protection Officer.

Key Responsibilities    

• Support the DPO/Manager, Data Privacy Programs as required in the delivery of the Data Protection Program


• Identify, analyze, and document risks to individuals’ privacy arising from data processing activities


• Handle and assist the data subject access right requests, ensuring compliance data subject access right.


• Support to conduct Data Protection Impact Assessments (DPIAs) for projects, systems, and third-party vendors.


• Lead or assist in investigating, documenting, and reporting data breaches to authorities and affected parties as required.


• Assist to generate reports for management on the organization’s compliance status and areas for improvement.


• Monitor third-party compliance with data protection requirements.


• Review and evaluate data privacy agreements with vendors, partners, and service providers.


• Review and support the customer infosec questionnaire in the data protection topics.


• Support the creation as well as the implementation of the records regarding the processing activities


• Support documentation and evaluation of data processing activities


• Work closely with Sales, Product, and other teams to improve data privacy protections and ensure end-to-end data privacy compliance.


• Maintain records to support the data protection and audits where necessary


• Participate in the implementation and embedding the data governance organizational model


• Manage the compliance tools and systems for data security and compliance


• Support the educating team-members and other employees about data protection regulation

• 1-3 years prior Project Management experience


•   Knowledge of EU the General Data Protection Regulation (GDPR),


• Ability to handle multiple tasks and interact with various stakeholders


• Experience performing third party compliance assurance assessments


• Excellent client relationship and customer service skills


• Understanding of common internet related technologies, ideally including SaaS (cloud, enterprise systems,) and on-premises business application


• Affinity for IT topics especially in legal technology


• Proactive, self-starter who requires minimal support


• Exceptional interpersonal, written, and oral communication skills in English and French(preferred)

• See Qualifications section


• Experience with privacy and risk management tools (Skills in OneTrust beneficial)


• Over 1 year of practical experience related to GDPR

Tungsten Automation is an Equal Opportunity Employer M/F/Disability/Vets

While the job description describes what is anticipated as the requirements of the position, the job requirements are subject to change based upon any changing needs and requirements of the business.

• 1-3 years prior Project Management experience


•   Knowledge of EU the General Data Protection Regulation (GDPR),


• Ability to handle multiple tasks and interact with various stakeholders


• Experience performing third party compliance assurance assessments


• Excellent client relationship and customer service skills


• Understanding of common internet related technologies, ideally including SaaS (cloud, enterprise systems,) and on-premises business application


• Affinity for IT topics especially in legal technology


• Proactive, self-starter who requires minimal support


• Exceptional interpersonal, written, and oral communication skills in English and French(preferred)

Description

Legal

Group Data Privacy (GDP)

What we’ll offer you

As part of our flexible scheme, here are just some of the benefits that you’ll enjoy,

Your key responsibilities

Your skills and experience

Competencies:

How we’ll support you

About McDonald’s:

One of the world’s largest employers with locations in more than 100 countries, McDonald’s Corporation has corporate opportunities in Hyderabad. Our global offices serve as dynamic innovation and operations hubs, designed to expand McDonald's global talent base and in-house expertise. Our new office in Hyderabad will bring together knowledge across business, technology, analytics, and AI, accelerating our ability to deliver impactful solutions for the business and our customers across the globe.

Position Summary:

Privacy, Security, & Risk Specialist: (Supervisor, Data Governance_G3_EDAA0104)

As a Data Risk & Compliance Analyst within the Enterprise Data Governance (EDG) team, you will play a key role in supporting data risk management, privacy, and compliance efforts across the organization. You will operationalize and enhance processes that support secure data practices, regulatory alignment, and the protection of sensitive data assets. Working cross-functionally with business, legal, privacy, and cybersecurity teams, you will help ensure that data governance capabilities are implemented with integrity and transparency.

This role combines technical acumen, risk assessment, and compliance management to support data discovery, access controls, data classification, and privacy risk assessments.

Who we’re looking for:

Primary Responsibilities:

• Risk & Privacy Controls Execution : Maintain and support risk and privacy controls across key processes such as data retention, access monitoring, and records destruction.
• Data Discovery & Classification Enablement : Help drive the implementation of data discovery, tagging, and classification activities by identifying structured data with privacy and regulatory implications.
• Governance Platform Integration : Collaborate in testing and integrating data governance capabilities with risk and compliance systems (e.G., GRC tools, OneTrust, ServiceNow IRM).

Key Responsibilities:

• Partner with the privacy, legal, and security teams to operationalize privacy-by-design, records management, and access governance.
• Support the creation, enhancement, and enforcement of data handling policies, including ROPA, data classification, and regulatory reporting.
• Maintain and analyze Records of Processing Activities (ROPA) and ensure accuracy and traceability of critical data elements.
• Assist with privacy and compliance risk assessments, tracking mitigation plans, and supporting enterprise audit requests.
• Align with Identity and Access Management teams to manage privileged access appropriately, supporting the governance of access control and provisioning.
• Assist in developing data quality metrics, health indices, and access provisioning dashboards.
• Provide expert guidance to EDG councils and data stewards regarding privacy, data protection, and compliance requirements.
• Support the organization in addressing questions about security classification, data-sharing agreements, and retention schedules.

Skill:

• Bachelor’s degree in information technology, Computer Science, or a related field.
• 5+ years of experience in data governance, privacy, information risk, and compliance.
• Familiarity with NIST CSF, NIST Privacy Framework, and ISO 27001.
• Hands-on experience with GRC and privacy tools like OneTrust, RSA Archer, Collibra, or ServiceNow IRM.
• Strong understanding of data discovery and classification technologies;
  ability to define policies and regex rules.
• Knowledge of information governance, access control, and secure records lifecycle management.
• Excellent analytical and communication skills with the ability to work across technical and business teams.
• Cybersecurity certifications preferred (e.G., CISSP, CISA).

Work location: Hyderabad, India

Work pattern: Full time role.

Work mode: Hybrid.

Working with Us
Challenging. Meaningful. Life-changing. Those aren’t words that are usually associated with a job. But working at Bristol Myers Squibb is anything but usual. Here, uniquely interesting work happens every day, in every department. From optimizing a production line to the latest breakthroughs in cell therapy, this is work that transforms the lives of patients, and the careers of those who do it. You’ll get the chance to grow and thrive through opportunities uncommon in scale and scope, alongside high-achieving teams. Take your career farther than you thought possible.

Position Summary

The Operations Lead – Data Risk Office (DRO) is responsible for the effective delivery of all privacy operations within the organization. This role provides oversight and has accountability for the DRO operations team, ensuring that privacy compliance processes are executed consistently and in alignment with global data protection regulations like GDPR, CCPA and others. The Operations Lead coordinates closely with cross-functional partners – including Privacy Legal, Cybersecurity, and business unit leaders – to manage privacy incidents, data subject requests, and regulatory inquiries. By monitoring operational metrics and driving continuous improvements, this role ensures the Data Risk Office meets its obligations and maintains a strong compliance posture. Ultimately, the Operations Lead serves as the central point of contact for privacy operations, accountable for the team’s performance and the consistent, timely delivery of all DRO workstreams.

Key Responsibilities

Operational Oversight & Delivery:

Lead and coordinate the DRO operations team , taking accountability for on-time and high-quality execution across all privacy operations workstreams (DSRs, DIN/DBN, DPQ, etc.). Ensure that standard operating procedures are followed and that the team meets regulatory deadlines and internal service level agreements for each request or incident. Provide guidance and mentorship to team members, and monitor daily workflows to quickly address any roadblocks or delays.

Data Incident & Breach Management (DIN/DBN):

Manage the end-to-end process for data incidents and breaches , from initial triage through regulatory notification. Work closely with the Cybersecurity incident response team to investigate privacy incidents and determine breach severity. If a breach is deemed reportable under laws like GDPR (within 72 hours) or CCPA, coordinate with Privacy Legal to draft notifications and ensure timely submission to Data Protection Authorities and communications to affected individuals. Maintain detailed incident records (what happened, actions taken) to demonstrate compliance. After resolution, lead post-incident reviews to implement preventive measures.

Data Subject Rights (DSR) Request Oversight: Oversee the intake and fulfillment of Data Subject Rights requests (access, deletion, correction, etc.) across all relevant jurisdictions. Make sure requests are logged in the appropriate system (e.g., Privacy Hub or SharePoint) and assigned to the correct data owners. Track each DSR to closure, verifying that responses to data subjects meet legal requirements (for example, completed within 30 days for GDPR .or 45 days under CCPA ). Provide guidance on handling complex cases (like identity verification or legal holds) and ensure our standard templates and processes are used for consistency and compliance.

Regulatory Inquiries & Notifications: Act as the primary liaison with Data Protection Authorities (DPAs) for any regulatory inquiries, audits, or breach notifications. This includes coordinating responses to official requests or investigations and preparing formal notification letters when required by law (e.g., drafting notification content for authorities in collaboration with Legal). Ensure all regulatory communications are handled professionally and within required timeframes. Maintain a log of all DPA interactions and outcomes, and escalate critical issues to senior leadership as needed.

Operational Metrics & Reporting: Develop and deliver privacy operations metrics and reports to DRO leadership and other stakeholders. Aggregate data across all workstreams (e.g. number of DSRs received and closed, breach notification timelines, outstanding DPQs) and create weekly/monthly dashboards. Highlight key trends or risks – for instance, if DSR volumes spike or an incident took longer than expected to close. Use these insights to recommend process improvements or resource adjustments. The Operations Lead is expected to present these metrics in governance meetings, demonstrating where the DRO is on track and where attention is needed.

Cross-Functional Coordination & Compliance: Facilitate strong collaboration between the Data Risk Office and other teams . Work with Privacy Legal (Chief Privacy Officer’s team) to interpret new regulatory requirements and update operations accordingly. Partner with the Cyber Risk/Security team during incident investigations to ensure swift containment and remediation of data breaches.

Qualifications & Experience

Educational Background:

Bachelor’s degree in a relevant field such as Information Security, Law, Business Administration, or Computer Science. A master’s degree or professional certification in data privacy/risk management (e.g., CIPP/E, CIPM) is highly valued but not required, demonstrating formal knowledge of privacy principles.

Experience: Minimum 5–7 years of experience in data privacy, compliance, or related risk management operations. The candidate should have hands-on experience managing privacy processes – for example, overseeing responses to data breaches and data subject requests in a multinational environment. Experience working with global privacy regulations (GDPR, CCPA, etc.) is essential.

Regulatory Knowledge: Strong working knowledge of major data protection laws and regulatory requirements, including GDPR (Europe), CCPA/CPRA (California), and familiarity with other laws like LGPD (Brazil), PDPA (various countries). The candidate should understand obligations such as breach reporting timelines (e.g. 72-hour rule for GDPR), individual rights processes, and how these regulations apply operationally. They should also stay updated on emerging privacy laws and be able to quickly adapt processes to new legal requirements.

Operational Leadership & Communication: Demonstrated ability to lead an operations team and coordinate complex processes. This includes excellent organizational skills to juggle multiple concurrent tasks (e.g., several DSRs and an incident investigation simultaneously) and ensure nothing falls through the cracks. Strong communication skills are required – the Operations Lead must communicate clearly with stakeholders at all levels, from analysts up to executives.

Uniquely Interesting Work, Life-changing Careers
With a single vision as inspiring as “Transforming patients’ lives through science™ ”, every BMS employee plays an integral role in work that goes far beyond ordinary. Each of us is empowered to apply our individual talents and unique perspectives in a supportive culture, promoting global participation in clinical trials, while our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues.

On-site Protocol

BMS has an occupancy structure that determines where an employee is required to conduct their work. This structure includes site-essential, site-by-design, field-based and remote-by-design jobs. The occupancy type that you are assigned is determined by the nature and responsibilities of your role:

Site-essential roles require 100% of shifts onsite at your assigned facility. Site-by-design roles may be eligible for a hybrid work model with at least 50% onsite at your assigned facility. For these roles, onsite presence is considered an essential job function and is critical to collaboration, innovation, productivity, and a positive Company culture. For field-based and remote-by-design roles the ability to physically travel to visit customers, patients or business partners and to attend meetings on behalf of BMS as directed is an essential job function.

BMS is dedicated to ensuring that people with disabilities can excel through a transparent recruitment process, reasonable workplace accommodations/adjustments and ongoing support in their roles. Applicants can request a reasonable workplace accommodation/adjustment prior to accepting a job offer. If you require reasonable accommodations/adjustments in completing this application, or in any part of the recruitment process, direct your inquiries to . Visit to access our complete Equal Employment Opportunity statement.

BMS cares about your well-being and the well-being of our staff, customers, patients, and communities. As a result, the Company strongly recommends that all employees be fully vaccinated for Covid-19 and keep up to date with Covid-19 boosters.

BMS will consider for employment qualified applicants with arrest and conviction records, pursuant to applicable laws in your area.

Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.