Title:Data Privacy: Data Protection Officer (DPO)

Location: Mumbai

Time Zone: Eastern Standard Time /Pacific Standard Time

1            Job Description

1.1                         Overview

DNEG’s expanding Information Security (InfoSec), Governance, Risk and Compliance (GRC) and Data Privacy programs have the requirement to add an experienced Data Privacy Officer (DPO) to the expanding global team. The role will be responsible for successfully managing and steering the Data Privacy function within DNEG. The DPO will monitor compliance and data practices internally to ensure the business and its functions comply with the applicable requirements under global data privacy legislations such as GDPR, PIPEDA and CCPA etc. The DPO will be responsible for staff training, data protection impact assessments (DPIAs), and internal data privacy audits. This role will also serve as the primary contact for supervisory authorities and individuals whose data is processed by the organization.

1.2                        Mandatory Requirements and Expectations

An experienced individual that works in a methodical and concise manner is required to successfully manage the Data Privacy program at DNEG.

●       Demonstrable experience of delivering, maintaining, managing, and maturing a global data privacy program to meet the requirements of a highly complex environment.

●       Have excellent interpersonal, analytical, assessment and documentation skills which can be effectively utilized to develop and deliver against highly critical Data Privacy assurance requirements. 

●       Working closely with the CISO to successfully prioritize, steer and deliver the Data Privacy program.

●       Experience of working within a multi-faceted audit environment.

●       Excellent track record of working with both internal and external driven auditable environments and ensure that control areas are effectively managed according to a risk-based methodology.

2           Duties and Operational Responsibilities

●       Manage, maintain, and mature the global data privacy function within DNEG.

●       Work proactively with the CISO to ensure that all data privacy requirements and audit deliverables are suitably actioned, communicated and documented.

●       Be able to work effectively in an independent capacity and as part of the InfoSec team.

●       Utilize effective task management, communication, and leadership skills.

●       Work in close partnership and collaborate with peers and internal business teams.

3           Job Requirements

3.1                        Mandatory Job Requirements

A successful candidate will meet the majority of the requirements listed below and will be able demonstrate suitable experience in competencies in each of the following:

●       12+ years of experience in data protection, ideally with 5+ years in a senior management position with legal and/or compliance experience.

●       Have demonstrable experience with all the following key areas:

o        Implementing measures and a privacy governance framework to manage data use in compliance with the GDPR, including developing templates for data collection, assisting with data mapping, and vendor management reviews.

o        Working with key internal stakeholders in the review of projects and related data to ensure compliance with local data privacy laws, and where necessary, complete and advise on privacy impact assessments.

o        Serving as the primary point of contact and liaison for the Lead Supervisory Authority and other EEA Data Protection Authorities on all data protection related matters under the GDPR and other global data privacy legislations.

o        Serving as the primary point of contact for data privacy queries and issues etc.

o        Reviewing vendor contracts, including Model Clauses, and consents needed to implement projects in partnership with the firm’s Procurement and Information Security functions and ensuring filing requirements with local regulators are achieved where applicable.

o        Assist in creating and ultimately chair a Data Privacy / Information Governance Committee.

o        Managing and conducting ongoing reviews of DNEG’s privacy governance framework including Binding Corporate Rules (BCR).

o        Monitoring changes to local privacy laws and making recommendations to both the Legal Team and CISO.

o        Setting standards and reviewing policies and procedures globally that meet the requirements under the GDPR and any localization requirements in countries of operation.

o        Developing and working with the internal Training Team to deliver privacy training to the various business functions.

o        Coordinating and conducting internal data privacy audits

o        Collaborating with the Information Security GRC team to raise employee awareness of data privacy and security issues and providing training on the subject matter.

o        Collaborating with the Information Security function GRC team to maintain records of all data assets and exports and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and responding to data subject access requests (DSARs).

3.2                       Desired Job Requirements

A successful candidate will have experience with the desired requirements listed below and will be able demonstrate suitable experience in competencies in each of the following:

●       Experience of working with and customizing automated data privacy / risk management platforms and services.

●       Prior experience working within either the film or media industry sector.

●       Experience and demonstrable, high-level knowledge, of the following:

o        Working within either a hybrid or cloud native environment and their associated risks that are applicable within this type of environment.

o        Managing data incidents and breaches.

3.3                       Education

●       A Law degree is desirable.

●       Hold at least one Data Protection and/or Privacy certification such as, CIPP, CIPT, CIPM, ISEB, or CISSP.