Data Privacy Analyst at Weekday AI

Hyderabad, Telangana, India -

Full Time

Start Date

Immediate

Expiry Date

10 Aug, 26

Salary

0.0

Posted On

12 May, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

ISO 27001, GRC, GDPR, PDPA, SOC 2, Singapore MAS, Risk Assessment, Third-Party Risk Management, Privacy Impact Assessments, Data Mapping, DSAR, Internal Auditing, AWS, Sprinto, CISA, CISM

Industry

technology;Information and Internet

Description

This role is for one of the Weekday's clients Min Experience: 4 years Location: Telangana JobType: full-time We are looking for a detail-focused GRC & Data Privacy Analyst to become a member of our security team. In this position, you will oversee the upkeep of our integrated risk management framework and play a key role in executing and auditing our data privacy program. You will ensure that our operations comply with international regulations (such as GDPR, PDPA, etc.) while identifying and addressing risks throughout the organization. Key ResponsibilitiesGovernance & Risk Management Framework Alignment: Oversee and enhance the organization’s security framework, including standards such as ISO 27001, SOC 2, and Singapore MAS. Risk Assessments: Perform annual and project-specific risk assessments; maintain the Corporate Risk Register and monitor remediation activities. Policy Management: Create, review, and update internal security policies and standards to ensure they accurately represent current business practices. Third-Party Risk Management (TPRM): Assess the security posture of vendors and partners through thorough assessments and due diligence processes. Data Privacy Implementation Privacy Impact Assessments (PIAs/DPIAs): Lead evaluations of new products or processes to ensure "Privacy by Design" is embedded within the development lifecycle. Data Mapping: Maintain detailed records of processing activities (ROPA) and create data flow diagrams. Privacy Operations: Oversee the Data Subject Access Request (DSAR) process and manage responses to privacy-related inquiries. Compliance Monitoring: Keep track of global privacy law changes and translate these into actionable technical or procedural requirements for IT and Product teams. Compliance & Auditing Internal Audits: Conduct regular control testing to confirm ongoing adherence to internal policies and external regulations. External Audit Liaison: Act as the main contact for external auditors throughout certification cycles. Awareness Training: Design and deliver training programs on security best practices and data handling protocols for all employees. Required Qualifications Experience: 4 to 6 years in GRC, Information Security, or IT Audit, with a minimum of 1 to 2 years focused specifically on Data Privacy. Certifications (Preferred): CISA, CRISC, or CISM. Technical Skills: Proficiency with GRC tools like Sprinto and a strong understanding of cloud security platforms such as AWS. Regulatory Knowledge: Comprehensive knowledge of GDPR, PDPA, and standards including ISO 27001, SOC 2, and Singapore MAS. Soft Skills for Success The "Translator" Ability: Skilled at interpreting complex legal requirements for developers and conveying technical risks to executives. Analytical Rigor: Detail-oriented with a passion for documentation and a "trust but verify" approach. Adaptability: Comfortable operating within the uncertainties of evolving privacy legislation. Must-have skills ISO 27001 GRC Good-to-have skills Information Security General Data Protection Regulation - GDPR

Responsibilities

Oversee the integrated risk management framework and execute the organization's data privacy program. Ensure compliance with international regulations like GDPR and PDPA while managing risk assessments and third-party security postures.