Head – Information Security, GRC & Data Privacy
Reporting To: Chief Technology Officer (CTO)
Role Purpose
The Head – Information Security, GRC & Data Privacy will serve as the organization's custodian for cyber security governance, data privacy compliance, and technology risk management. The role is responsible for establishing and operating the security governance framework, driving compliance with the Digital Personal Data Protection Act (DPDPA), managing internal and external audits, ensuring regulatory compliance, and partnering with business and technology teams to embed security and privacy controls across all digital initiatives.
Key Responsibilities
1. Data Privacy & DPDPA Compliance
Lead the organization's DPDPA compliance program from a technology and process perspective.
Define and implement privacy-by-design principles across applications, customer journeys, and operational processes.
Establish consent management, data retention, data minimization, p...