DPO and Senior Manager, Data Risk

Some careers open more doors than others.

If you’re looking for a career that will unlock new opportunities, join HSBC and experience the possibilities. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.  

HSBC India is looking to recruit an experienced Data Protection Officer (DPO) to meet its obligations under the India’s Digital Personal Data Protection Act (“DPDP”).Reporting to the Head of ERM, the statutory DPO will monitor compliance and data practices internally to ensure the business and its functions comply with the applicable requirements under the DPDP and relevant national legislation. The DPO will be responsible for advising on, and where required carrying out, staff training, data protection impact assessments and internal audits. The DPO will also serve as the primary contact for supervisory authorities and individuals whose data is processed by the organisation.

Essential Duties and Responsibilities: In this ‘Second line of defence’ role, you will work closely with the Legal, Compliance, Cyber Security, HR, Marketing and Customer Services and

 functions to develop and monitor policies and standards applicable to the business and in compliance with the DPDP and relevant national legislation. Duties will include:

• Be the Data Privacy Risk Steward and discharge duties of a risk steward, as the SLOD role, within HSBC’s Risk Management Framework. This includes, guiding the teams, challenging, reviewing, providing oversight, and assisting with RCA and trigger events, and other activities as enumerated in the respective service catalogue.
• Implementing measures and a privacy governance framework to manage data use in compliance with the DPDP and relevant national legislation, including developing templates for data collection, advising on and assisting with data mapping and records of data processing, and vendor management reviews.
• Working with key internal stakeholders in the review of operations and projects and related data processing to ensure compliance with data privacy laws, and where necessary, advising on and monitoring data protection privacy impact assessments.
• Serving as the primary point of contact and liaison for the India Data Protection Board (“DPB”) and the Global DPO in Europe on all data protection related matters under the DPDP and relevant national legislation.
• Ensuring that the Company's IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including in relation to the retention and destruction of data).
• Ensuring filing and fee requirements with DPB are achieved.
• Conduct and Participating in the DPDP Committee.
• Managing and conducting ongoing reviews of Company's privacy governance framework and regular and ad hoc reporting on data privacy compliance within the organisation
• Monitoring changes to local privacy laws and making recommendations to the DPDP Committeewhen appropriate.
• Assist in setting standards and reviewing policies and procedures globally that meet the requirements under the DPDP and any localization requirements in countries of operation.
• Developing and delivering privacy training to various business functions and collaborating with the Global DPO and Information Security functions to raise employee awareness of data privacy and security issues.
• Developing strategies and initiatives to ensure engagement with key internal and external stakeholders.
• Coordinating, conducting and monitoring data privacy audits.
• Collaborating with the Global DPO and Information Security functions to maintain records of all data assets and exports and maintaining a personal data security incident management plan to ensure timely remediation of incidents impacting personal data including impact assessments, breach response, complaints, claims or notifications.
• Responding to and advising on data subject rights requests, where escalated including data subject access requests (DSARs) and other requests from individuals.
• Working with designated privacy lawyers, subject matter experts or champions across the Company's offices and, where necessary, outside legal advisers to help advise on local data privacy law issues.

• Promoting effective work practices, working as a team member, and showing respect for co-workers.