275 Data Protection jobs in Mumbai

Key Roles & Responsibilities

• Design and implement data privacy frameworks, data governance, data risk and control framework, policies, and procedures across business units.
• Lead privacy-by-design and security-by-design initiatives in collaboration with engineering and IT teams. Conduct system audits, penetration testing, and vulnerability assessments.
• Oversee handling of data subject rights requests, and privacy grievance redressal mechanisms. Co-ordinate privacy incident management and response across the organization, including public communication, reporting to affected data subjects, Data Protection and Cyber Security regulators and other authorities.
• Ensure compliance with DPDP Act, GDPR, ISO 27001, and other applicable standards.
• Serve as the point of contact for grievance redressal and regulatory authorities in relation to data privacy.
• Develop and roll out privacy and security training programs across the organization. Promote a culture of data protection and compliance.
• Track data-related issues, ownership, reporting requirements and resolution timelines. Provide strategic updates to senior management and maintain metrics for deliverables, adoption and compliance.
• Collaborate with various cross functional teams including legal, compliance, technology, information security, customer service to ensure alignment and accountability.
• Manage and implement security protocols to ensure data integrity and protection. Advising the senior management on evolving regulations, security threats and adapting strategies accordingly.
• Mentor the data protection team, fostering collaboration with cross-functional teams and guide various businesses to ensure compliance with data protection/data privacy requirements.
• Oversee vendor contracts and ensure third-party compliance with data protection obligations.
• Lead annual Data Protection Impact Assessments (DPIA) and audits as mandated for Significant Data Fiduciaries.

Preferred Certification:

Certified Information Systems Security Professional (CISSP)

Certified Information Privacy Professional (CIPP/E, CIPP/US)

Key Roles & Responsibilities

• Design and implement data privacy frameworks, data governance, data risk and control framework, policies, and procedures across business units.
• Lead privacy-by-design and security-by-design initiatives in collaboration with engineering and IT teams. Conduct system audits, penetration testing, and vulnerability assessments.
• Oversee handling of data subject rights requests, and privacy grievance redressal mechanisms. Co-ordinate privacy incident management and response across the organization, including public communication, reporting to affected data subjects, Data Protection and Cyber Security regulators and other authorities.
• Ensure compliance with DPDP Act, GDPR, ISO 27001, and other applicable standards.
• Serve as the point of contact for grievance redressal and regulatory authorities in relation to data privacy.
• Develop and roll out privacy and security training programs across the organization. Promote a culture of data protection and compliance.
• Track data-related issues, ownership, reporting requirements and resolution timelines. Provide strategic updates to senior management and maintain metrics for deliverables, adoption and compliance.
• Collaborate with various cross functional teams including legal, compliance, technology, information security, customer service to ensure alignment and accountability.
• Manage and implement security protocols to ensure data integrity and protection. Advising the senior management on evolving regulations, security threats and adapting strategies accordingly.
• Mentor the data protection team, fostering collaboration with cross-functional teams and guide various businesses to ensure compliance with data protection/data privacy requirements.
• Oversee vendor contracts and ensure third-party compliance with data protection obligations.
• Lead annual Data Protection Impact Assessments (DPIA) and audits as mandated for Significant Data Fiduciaries.

Preferred Certification:

Certified Information Systems Security Professional (CISSP)

Certified Information Privacy Professional (CIPP/E, CIPP/US)

Job Purpose
TM Data Protection is responsible to assist VH Data Protection in driving the:

• Privacy compliance for HIL along with the HIL Legal and central team in accordance with business requirements, legal and regulatory requirements
• Complete data loss prevention program for HIL
• Report and investigate data leakages

Key Result Areas/Accountabilities
Key Result Areas/Accountabilities
Supporting Actions
Data Protection Compliance Framework

• Drive the adoption of the framework across HIL.
• Maintain an updated repository of applicable laws, regulations, standards, compliances in partnership with the legal team

Data Protection Risk, Compliance and Audits

• Maintain the data protection risk register for HIL.
• Work with various business teams to conduct Data Protection Impact Assessment (DPIA)
• Deploy and track KPIs and measures to track the effectiveness of the data protection program across HIL

Data Protection Awareness Campaigns

• Conduct data protection awareness for various stakeholders (leadership to implementation teams) regarding the laws, regulations and standards applicable to HIL with the central team.
• Issue regular advisories (emailers, newsletters, bulletins) on data protection.
• Identify and deploy various channels of awareness such as classroom sessions, e-learning programs, learning nuggets etc.

Data Loss Prevention Campaigns

• Deploy the Data Loss Prevention (DLP) technology for HIL users.
• Deploy the DLP framework for HIL including critical data sets, rules and incident management protocols.
• Track DLP incidents

User and Entity Behavior Analytics (UEBA) Framework

• Continuously monitor UEBA outcomes

Role & responsibilities

Implement and maintain ISMS in alignment with ISO/IEC 27001 standards.

Assist in conducting internal audits, risk assessments, and gap analyses.

Support external certification and surveillance audits.

Develop and update policies, procedures, and documentation required for ISMS and PCI DSS compliance.

Identify risks and propose effective mitigation strategies.

Train internal teams on ISMS and PCI DSS compliance requirements.

Familiarity with ITGC, cybersecurity, and data security principles (encryption, access controls, VAPT).

Analytical skills for interpreting regulatory text into actionable business requirements.

Strong stakeholder management and communication abilities.

Ability to draft policies, procedures, and compliance reports.

Strong knowledge of DPDP Act, 2023 and awareness of global privacy frameworks (GDPR, ISO 27001/27701, NIST Privacy).

Interpret and implement requirements of the DPDP Act and related rules.

Draft, review, and update privacy policies, notices, and consent mechanisms.

Conduct Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).

Preferred candidate profile

Strong knowledge of ISO/IEC 27001 standards.

Proven understanding of PCI DSS requirements and implementation.

Experience in preparing for and supporting external audits and assessments.

Excellent documentation, communication, and analytical skills.

PCI DSS QSA or experience supporting PCI DSS compliance programs.

Knowledge of other regulatory frameworks (e.g., GDPR, HIPAA) is a plus.

Experience in regulatory audits (SEBI, RBI, GDPR, DPDP).

Prior exposure to vendor assessments and contract negotiations.

Knowledge of data lifecycle management, DLP, and privacy tech tools.

Ability to work independently and advise senior leadership.

ENGAGEMENT OF SPECIALIST CADRE OFFICERS ON CONTRACTUAL BASIS

(ADVERTISEMENT NO: CRPD/SCO/ /07)

ONLINE REGISTRATION OF APPLICATION & PAYMENT OF FEES: FROM TO

State Bank of India invites Online application from eligible Indian citizen for appointment to the following Specialist Cadre Officers posts on contractual basis. Candidates are requested to apply Online through the link given on Banks website

Vacancies

UR 1

Total -1

PwBD

LD -1

Age as on 01/08/2025 (Years)

Min- 35

Max- 45

REMUNERATION & CONTRACT PERIOD:

CTC Upper Range

Max. Rs.45.00 Lakhs CTC per annum

Variable Pay /Performance Linked Pay (PLP)

Eligible for Performance Linked Pay and Annual Increment based on the performance rating measured as per Banks Policy.

Contract Period

3 Years with an option to renew one year each twice.

Bifurcation Ratio of Annual CTC (Maximum Limit)

Fixed Pay - 70 % of CTC

Performance Linked Variable Pay - 30% of CTC

Annual Increment Band -An increment of 10% p. a. on previous year total CTC from 2nd year, subject to fulfillment of condition of Bank.

C. DETAILS OF THE REQUIREMENTS OF EDUCATIONAL QUALIFICATIONS/POST-QUALIFICATION EXPERIENCES/SPECIFIC SKILLS /JOB PROFILE/KEY RESPONSIBILITY AREA ETC:

Educational Qualification

(As on

Education Qualification: Graduation or Equivalent.

Compulsory Professional Qualification: Certification in any one or more Privacy Professional certifications like CIPP-E / CIPP-A/ CIPM / DCPP/ DCPLA/ DCDPO valid as on cutoff date.

Preferred Qualifications: Certifications in FIP / CIPT / CISM / CISA / ISO 27001 valid as on cutoff date.

As on : Expert Knowledge of data privacy laws and practices. Exposure to Data Privacy Laws & Regulations such as General Data Protection Regulation ("GDPR"), UK Data Protection Act 2018, DPDP Act 2023 etc.

Post-Qualification Experience

(As on

Mandatory:

Min 10 years of work experience at executive/managerial role in corporate sector with minimum 1 year experience in Data Privacy Laws & Regulation and other Data Security areas (within overall experience of 10 years).

As on

Preference will be given to the candidates having higher experience in Data Privacy Laws & Regulation and other Data security areas.

Specific Skills required (if any) (As on

i. Specific knowledge in the Data Privacy Regulations underpinned by theory and experience.

ii. Evidence of continuing professional and/or personal self-development

iii. Expert knowledge of data privacy laws and practices. Exposure to Data Privacy laws & regulations such as General Data Protection (GDPR), UK Data Protection Act 2018, Indias DPDP Act 2023 etc.

iv. Knowledge of information lifecycle, risk management & data security areas.

v. Extensive knowledge of Information Governance disciplines

vi. Skill of interpretation of national guidance and legislation and subsequent local implementation.

vii. Training delivery

viii. Capacities to work with cross functional teams, attention to details, organizational skills and multitasking.

ix. Ability to drive large change management program within organizations.

x. Ability to maintain confidentiality and deal with situations in a sensitive manner.

xi. Able to communicate across all organizational boundaries in an appropriate manner.

xii. Strong management, motivational and leadership skills

Job profile

The Official will assist Data Protection Officer (DPO) in the following areas:

i. Be responsible for ensuring that the bank complies with the requirements of data protection and privacy legislation of India and such applicable laws of other countries.

ii. Develop and manage the Bank's data protection strategy in India, including the development and implementation of bank's data protection policy and procedures.

iii. Undertake periodic data protection audits or reviews, in order to ascertain Bank's compliance with data protection legislation. The ADPO shall undertake any work necessary to remediate any deficiencies identified by the audit result.

iv. Provide advice where DPIA has to be carried out and periodic review of the same.

v. Submission of reports on data privacy laws to the top management/ Board.

vi. Review records of processing operations (Personally identified information (PII) & Data Inflow Diagram (DFD)).

vii. Collaboration with supporting functions (Legal, IT & InfoSec etc.) to stay up to date with new processes and policies.

viii. Provide education, training and awareness to all members of staff on the requirements of data protection legislation and the care and handling of personal data in order to ensure that relevant business functions are made aware of their legal responsibilities and how to comply with them.

ix. Provide advice in the development of new IT systems and procedures, the drafting of data protection notices, the obtaining of consent from data subjects and in the operation of the HR function.

x. Put processes and procedures in place to deal with data subject access requests and shall assist with, and provide advice in relation to, such requests.

xi. Provide advice on, and assist with, management of any data breaches which arise, including liaising with the Supervisory Authority on behalf of the Bank.

Key Responsibility Areas

The Official will assist Data Protection Officer (DPO) in the following areas.

i. SBI's Compliance to privacy regulations of India and other such applicable regulation of other countries.

ii. Relevant and timely updated on Data Protection matter to senior management.

iii. Policies and procedures in place and communicated.

iv. Relevant communications and training deployed.

v. Discussed with Operational Risk to ensure risks documented; controls in place; and monitoring/testing carried out.

vi. Review of Data flows and data inventories in place and up to date.

vii. Periodic review of Data Privacy Impact Assessment as required.

viii. Timely, robust responses to authority, data principal etc.

D. LEAVE: The official shall be entitled to leave of 30 days per financial year. The official may be permitted leave on pro-rata basis in a given financial year with the approval of the Bank/ authority to whom he / she reports. For the purpose of computation of leave, intervening Sundays/ Holidays, shall not be included. The Bank shall have absolute right in its discretion to either grant or reject the application for leave taking into consideration the administrative exigencies. The leaves not availed during a financial year will normally lapse and will not be carried over to the next financial year.

E. NOTICE PERIOD: The contract can be terminated from either side by giving one month's notice or by paying an amount equal to one month's compensation without assigning any reasons whatsoever.

F. CALL LETTER FOR INTERVIEW: Intimation/ call letter for interview will be sent by email and will be uploaded on Bank's website. NO HARD COPY WILL BE SENT

G.SELECTION PROCESS: The selection will be based on shortlisting, Interview and followed by CTC negotiations.

Shortlisting: The Shortlisting Committee constituted by the Bank will decide the shortlisting parameters and thereafter, adequate number of candidates, as decided by the Bank will be shortlisted (subject to availability) and called for interview. Mere fulfilling minimum qualification and experience will not vest any right in candidate being called for interview. The decision of the Bank to call the candidates for the interview shall be final. No correspondence will be entertained in this regard.

Interview: Interview will carry 100 marks. The qualifying marks in interview will be decided by the Bank. No correspondence will be entertained in this regard.

Merit List: Merit list for selection will be prepared in descending order on the basis of scores obtained in interview only. In case more than one candidate score the cut-off marks (common marks at cut-off point), such candidates will be ranked according to their age in descending order, in the merit.

CTC Negotiation: For the post of ADPO, CTC Negotiation will be done with the candidates at the time of interview only.

H.Other Terms and Conditions (contractual)

i. The appointment of Officer will be subject to satisfactory completion of Medical Examination as prescribed by the Bank and verification of testimonials.

ii. The Officer will not take up any assignment with any other organization during the period of contract with the Bank.

iii. The engagement shall not be construed as an employment in the Bank and the Official is not eligible to claim Provident Fund/ Bonus/ Gratuity/ Pension during the period of contract or thereafter.

iv. They will not be eligible for membership of SBI Pension Fund/ Defined Contribution Pension Scheme (New Pension Scheme) and SBI Employees Provident Fund.

v. Assistant Data Protection Officer will not exercise administrative and financial power during their engagement in bank.

I.CIBIL: Candidates who have defaulted in repayment under any lending arrangement with Banks/NBFCs/Financial Institutions including credit card dues and have not regularized /repaid their outstanding thereunder till the date of issuance of letter of offer of appointment by the Bank, shall not be eligible for appointment to the post. However, candidates who have regularized /repaid such outstanding on or before the date of issuance of offer of appointment, but whose CIBIL status has not been updated on or before the date of joining, shall have to either get the CIBIL status updated or produce the NOCs from lender to the effect that there is no outstanding with respect to the accounts adversely reflected in the CIBIL, failing which the letter of offer shall be withdrawn/cancelled. Thus, the candidates with record of default in repayment of loans/credit card dues and / or against whose name adverse report of CIBIL or other external agencies are available are not eligible for the appointment.

J.HOW TO APPLY: Candidates should have valid email ID which should be kept active till the declaration of result. It will help him/her in getting call letter/Interview advice etc. by email.

GUIDELINES FOR FILLING ONLINE APPLICATION

i. Candidates will be required to register themselves online through the link available on SBI website and pay the application fee using Internet Banking/ Debit Card/ Credit Card etc.

ii. Candidates should first scan their latest photograph and signature. Online application will not be registered unless candidate uploads his/ her photo and signature as specified on the online registration page (under 'How to Upload Document").

iii. Candidates should fill the application carefully. Once application is filled-in completely, candidate should submit the same. In the event of candidate not being able to fill the application in one go, he can save the information already entered. When the information/ application is saved, a provisional registration number and password is generated by the system and displayed on the screen. Candidate should note down the registration number and password. They can re-open the saved application using registration number and password and edit the particulars, if needed. This facility of editing the saved information will be available for three times only. Once the application is filled completely, candidate should submit the same and proceed for online payment of fee.

iv. After registering online, the candidates are advised to take a printout of the system generated online application forms.

GUIDELINES FOR PAYMENT OF FEES

i. Application fees and Intimation Charges (Non-refundable) is 750/- (Seven Hundred Fifty only) for General/EWS/OBC candidates and no fees/intimation charges for SC/ ST/ PwBD candidates.

ii. After ensuring correctness of the particulars in the application form, candidates are required to pay the fees through payment gateway integrated with the application. No change/ edit in the application will be allowed thereafter.

iii. Fee payment will have to be made online through payment gateway available thereat. The payment can be made by using Debit Card/ Credit Card/ Internet Banking etc. by providing information as asked on the screen. Transaction charges for online payment, if any, will be borne by the candidates.

iv. On successful completion of the transaction, e-receipt and application form, bearing the date of submission by the candidate, will be generated which should be printed and retained by the candidate.

v. If the online payment of fee is not successfully completed in first instance, please make fresh attempts to make online payment.

vi. A provision is there to reprint the e-Receipt and Application form containing fee details, at later stage.

vii. Application Fee once paid will NOT be refunded on any account NOR can it be adjusted for any other examination or selection in future.