Data Privacy Officer – Russia and CIS

Вакансия № 29747032 от компании Dr. Reddy’s на Электронной Службе Занятости Населения Москвы.

☑ Основной блок:

Опыт работы: более 6 лет.

Тип занятости: полная занятость.

График работы: полный день.

Зарплата: по результату собеседования.

Примерное место работы: Россия, Москва.

Это объявление № 29747032 добавлено в базу данных: Понедельник, 20 января 2025 года.

Дата его обновления на этом интернет-ресурсе: Вторник, 18 марта 2025 года.

Прочитано соискателями - 53 раз(а);
Отправлено откликов - 0 раз(а);

1. Business Partnering

Partner closely with business and functional teams in the region and provide necessary support to ensure compliance with both DRL's internal Data Privacy processes/ requirements as well as applicable Data Protection laws.

2. Privacy Impact Assessment and Risk Management

Drive a culture of Privacy by design and default by ensuring completion of Privacy Impact Assessment of all new Projects and business processes in the early stages and re-assessment of all high-risk projects and business processes based on a pre-determined frequency.
Identify and register Data Privacy risks and issues associated with various business processes/ projects and initiatives and enable its management by identifying the right owners and tracking them to closure against mutually agreed due dates.

3. Personal Data Incident and Breach Management

Train business and functional teams on how to identify and report Data Security Incidents.
Manage reported personal data incidents for the countries in the region to closure by identifying root causes, proposing corresponding corrective and preventive actions, and tracking actions to closure. Adhere to any Breach Management and Notification requirements under applicable DP laws.

4. Data Subject Requests

Manage Data Subject Requests received for the countries in compliance with any requirements laid down under respective laws.

5. Local SOPs, DPAs, ICAs, Notices / Consent

Assess the need, develop local Data Privacy procedures and provide necessary training to help business comply with specific requirements under local laws.
Where required, adapt global notices or consents to meet local requirements ensuring notices on DRL Corporate as well as product specific websites are current and accurate.
Provide inputs to help create Data Processing Agreements, Internal Transfer Agreements/ BCR to enable cross-border transfer of data to third parties as well as within DRL entities etc.

6. Training and Awareness

Develop content for ad hoc and function specific Data Privacy trainings and deliver them to business teams on a periodic basis. Ensure that the effectiveness of trainings is also assessed.
Facilitate Data privacy awareness campaigns and initiatives for the countries within the region to raise overall awareness levels around Data Privacy.

7. Monitoring, testing and reporting

Perform periodic monitoring/ testing of controls to identify level of compliance to the requirements under applicable law.
Do periodic reporting for the region as required for Steercos and other Review meetings. Present the outcomes to top leadership.

8. State Inspections/Internal / External Audits and Review

Facilitate all state inspections and internal / external DP audits and reviews for the countries in scope.
Work closely with business and functional teams to track all findings identified during such inspections and audits and reviews, to closure.

9. External Interface

Be the face of Dr.Reddy’s to the Data Protection Regulatory Authorities in the countries (where applicable) including register/nominate self as a DPO, and ensure compliance with any other notification or registration requirements under the DP laws e.g. registration of Processing systems, notification related to data transfers, data breach etc.
Post alignment with Functional leadership, identify and work with external law or consulting firms to fulfil obligations under the law, if any.

10. Global Data Privacy Governance and Projects (Corporate level)

Ensure participation in relevant meetings and forums such as DP Governance calls, All-hands meet, regional forums and meetings etc.
Participate in any global Data Privacy projects initiative to develop or improve DRLs Data Privacy Program.

Law or Management graduate and a certified Privacy Professional with an ability to interpret Data Protection laws and experience in interacting with Regulatory bodies.
Experience of 6-8 years in dedicated Data Privacy compliance role(s) in the region, preferably as part of a multinational organization.
Good Understanding of Risk Management and Information Security Management System (ISO 27001, Cloud Security etc) concepts.
Experience and understanding of use of data and technology and how it impacts data privacy.
Experience in handling privacy enabling tools and solutions (One Trust, Securiti.ai etc).
Robust stakeholder management and interaction across all levels (including CXOs).
Ability to understand business demands and how privacy requirements should be applied in a changing environment including both at a process as well as in technology related setups.
Understanding and prior experience in Pharmaceutical and Generics business will be an added advantage.
Legal knowledge as it relates to Data Protection laws including technology, contracting, drafting Data Processing Agreements/ EU Model Clauses, Binding Corporate Rules.
In-depth understanding and hands-on experience in Russian DP Law and emerging trends and trends and challenges in the region.
Experience in conducting Data Privacy monitoring, testing, and reviews.
Data Privacy Training and Awareness building skills and experience.
English and Russian – advanced or professional level.