Detailed Position Description:

  1. Liaise with HCL’s internal stakeholders, business lines and corporate functions to implement controls, policies and procedures through the appropriate technical and technological solutions with a cross functional risk approach.
  2. Provide expert and practical advice on India applicable laws and other APAC laws and regulations concerning privacy, data protection and data security.
  3. Monitor privacy and data protection compliance across India & APAC, particularly in the IT and information security functions.
  4. Maintain an effective framework for the identification and mitigation of privacy and data protection risks in India & APAC.
  5. Liaise with relevant data protection authorities on matters related to registrations and notifications, complaints from data subjects (employees and costumers’ clients) and management of data protection breaches.
  6. Assist with investigations into complaints about breaches of Indian and APAC Laws and undertake reporting/remedial action as required.
  7. Support privacy and data protection training/awareness initiatives in the APAC.

Key Skills:

  1. Must-Have:
    1. A minimum of 5-years’ extensive experience on building and/or management of privacy framework / program within any multinational organization(s).
    2. A minimum of 4-years’ experience of people-management and leading team.
  2. Desirable (any or all of the following):
    1. Implementation experience of international privacy and data protection standards like ISO 29100:2011,
    2. Operational risk management experience including, but not limited to, implementation of models and standards like ISO 31000 etc.,
    3. Implementation and management of information security framework(s), ISO27001 etc.
    4. Managing legal & regulatory compliance program.
    5. Implementation of technology enabled globally established information security standards like PCI-DSS, TRUSTe, et al.


Qualified Lawyer.

  • Professional Qualifications
    • A professional cadre privacy certification, from a globally accredited organization, e.g., Certified Information Privacy Professional from IAPP (highly desirable),
  • Knowledge and key skills
    • Extensive and demonstrable experience on India & APAC data security, privacy and data protection issues, preferably in a consultancy role.
    • Knowledge on the regulatory landscape of India & APAC and its dynamics. 
    • Proven project management skills with a focus on delivery and results.
    • Commercial and solutions-led approach to data protection compliance.
    • Strong attention to planning, detail and an organised work style.
    • Ability to prioritise, deliver to deadlines and to self-motivate.
    • Demonstrated ability to think and lead on a strategic level in a complex organization.
    • The clear ability to act as an expert on data protection issues.
    • Experience in the implementation of privacy requirements in IT companies and, in particular, technology related corporate functions.
    • Proven expertise and demonstrable knowledge on executing privacy and data protection Impact Assessments.
    • Demonstrable knowledge on ‘privacy by design’ theory.
    • A proactive and flexible approach, with a willingness to travel, as required.
    • Demonstrable ability to liaise and influence at the highest level within internal stakeholders, creating and maintaining effective relationships.
    • Ability to influence key stakeholders and to communicate a compliance view persuasively by telephone, in writing and in person.
    • The ability to regularly update technical expertise to maintain "expert" status.
    • Specialized knowledge of managing operational risk of a complex organization with many different lines of business.
    • Demonstrated knowledge on compliance with the General Data Protection Regulation (GDPR)

Application Submission Information:
Please send your detailed CV to