Job Description

Job Description: Data Privacy Program Manager

Location : Bengaluru

Position Overview

This role will be responsible for developing, implementing, and maintaining a robust data privacy and protection framework for an FCA-regulated entity in the United Kingdom. The individual will oversee and coordinate data privacy compliance activities in line with UK GDPR, Data Protection Act 2018, FCA requirements, and other applicable regulations. The role requires expertise in Records of Processing Activities (RoPA), Data Protection Impact Assessments (DPIA), breach management, vendor and client management, regulatory compliance, and staff training and awareness.

Key Responsibilities͏:

• Own the design, execution, and continuous improvement of the organisation’s data privacy program, ensuring all operations comply with relevant laws and regulations.
• Maintain, update, and audit the company’s RoPA to ensure completeness and ongoing compliance.
• Oversee the DPIA process for new projects, systems, and processes involving personal data, including risk assessment, mitigation strategies, and documentation.
• Manage the incident response process for data breaches, including detection, assessment, mitigation, reporting, and remediation in line with FCA and ICO requirements.
• Assess and monitor third-party data processors for compliance with privacy and security requirements. Negotiate and review Data Processing Agreements (DPAs) and ensure appropriate due diligence is conducted.
• Serve as the point of contact for client privacy queries, contract reviews, data subject requests, and privacy negotiations. Ensure client requirements are embedded into privacy policies and procedures.
• Monitor changes in privacy regulations (e.g., UK GDPR, Data Protection Act, FCA rules, ICO guidance), interpret impact, and implement necessary changes to policies and processes.
• Manage regulatory registrations and notifications, including timely submissions to supervisory authorities such as the ICO and the FCA, and coordinate responses to regulatory inquiries.
• Design and deliver data privacy training and awareness programs for all employees. Conduct regular refresher sessions and track completion and effectiveness.
• Draft, review, and update privacy policies, procedures, and guidelines. Ensure documentation is easily accessible and up-to-date.
• Liaise with internal departments (Legal, Compliance, IT, Risk, Operations), senior management, and external advisors to align privacy initiatives with business objectives.
• Facilitate internal and external audits, prepare regular reports for management and the board, and ensure action plans are implemented for any identified gaps.

͏Qualifications & Experience

• Bachelor’s degree in Law, Computer Science, Information Security, Risk Management, or a related field (Master’s degree or legal qualification preferred).
• Professional certifications such as CIPP/E, CIPM, CIPT, or equivalent strongly desired.
• Extensive experience in data protection or privacy program management, preferably within a FCA-regulated or financial services environment.
• In-depth knowledge of UK GDPR, DPA 2018, FCA Handbook, and familiarity with ICO guidance.
• Demonstrable experience with RoPA, DPIAs, breach management, third-party risk assessments, and regulatory engagement.
• Excellent stakeholder management, project management, and communication skills.
• Strong analytical abilities and attention to detail.

Key Competencies

• Ability to lead cross-functional teams and influence senior stakeholders.
• Proactive in identifying privacy risks and implementing pragmatic solutions.
• Remains agile in response to evolving regulatory and business landscapes.
• Maintains the highest standards of confidentiality and ethical behaviour.

͏

͏