Assistant Vice President - DPDPA (IT Governance)

About Us

SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in rewarding benefits. At SBI Card, the motto 'Make Life Simple' inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone.

SBI Card is proud to be an equal opportunity & inclusive employer and welcome employees without any discrimination on the grounds of race, color, gender, religion, creed, disability, sexual orientation, gender identity, marital status, caste etc. SBI Card is committed to fostering an inclusive and diverse workplace where all employees are treated equally with dignity and respect which makes it a promising place to work.

Join us to shape the future of digital payment in India and unlock your full potential.

What’s in it for YOU

1. SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees
2. Admirable work deserves to be rewarded! We have a well curated bouquet of rewards and recognition program for the employees
3. Dynamic, Inclusive and Diverse team culture 
4. Gender Neutral Policy
5. Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits
6. Commitment to overall development of an employee through comprehensive learning & development framework

 

Role Purpose 

The Role leads enterprise‑wide data privacy governanceand ensures compliance with the Digital Personal Data Protection (DPDP) Act across infrastructure and applications. Responsibilities include enforcing and implementing privacy policies, facilitating risk and impact assessments, overseeing consent and data lifecycle management, and embedding security controls for data collection, storage, and processing. The role drives regulatory readiness, coordinates with Infosec,Legal, Compliance, and Business teams, and fosters a privacy‑first culture to safeguard customer trust and organizational resilience.

 

Role Accountability 

1. DPDP Act Risk & Governance
   • Interpret and implement requirements of the Digital Personal Data Protection (DPDP) Act across infrastructure and applications.
   • Enforce data privacy policies, standards, and procedures aligned with regulatory expectations.
   • Establish governance frameworks for data collection, processing, storage, sharing, and deletion.
   • Ensure consent management mechanisms are embedded into applications and customer journeys.
2. Policy Development & Implementation
   • Ensure data residency encryption, anonymization, and pseudonymization controls for sensitive data.
   • Embed“privacy by design” principles into new projects, systems, and processes.
   • Validate secure configurations for APIs, databases, and applications handling personal data.
   • Oversee data retention and deletion policies, key management controls ensuring compliance with DPDP timelines.
3. Data Lifecycle & Risk Management
   • Facilitate and assist Privacy Impact Assessments (PIAs)for new applications, infrastructure changes, and digital initiatives.
   • Oversee data lifecycle management across infra and apps, ensuring lawful and secure handling of personal data.
   • Oversee requests for access, correction, deletion, or portability of personal data.
   • Define and monitor Key Risk Indicators (KRIs) for privacy and data protection.
4. Audit & Monitoring
   • Establish continuous monitoring of privacy controls across infra and apps.
   • Maintain artefacts and evidence for regulatory submissions and compliance reporting.
   • Coordinate internal audits, external assessments, and regulatory inspections related to data privacy.
   • Track compliance metrics and report findings to senior management.
5. Project & Stakeholder Governance
   • Act as technical SPOC for business, risk, legal, security, and compliance teams
   • Present DPDPA project status, risks, and metrics to senior leadership and steering committees
   • Ensure Model governance and risk assessment reports and Executive dashboards on AI performance, risk, and value realization
   • Drive risk registers, issue tracking, and decision logs
   • Support regulatory, internal audit, and client assessments
6. Team Leadership & Capability Building
   • Mentor AI engineers, data scientists, and platform teams
   • Define coding standards, architecture patterns, and best practices
   • Build AI capability roadmaps and upskill teams on emerging technologies
   • Promote responsible AI culture across delivery teams

Measures of Success 

1. Personal Data & Lifecycle Control: Review the data inventory and data flow mapping, Data rentention and deletion, Reduction in unnecessary personal data collection and storage.
2. Governance and Policy Effectiveness: Completion rate of AI risk assessments, Low Audit Observations related to AI reduced YoY.
3. Regulatory and Compliance Readiness: Timely adoption of DPDPA rules, notifications and amendments.
4. Security and Data Protection: Effective consent management mechanisms implemented enterprise-wide, Implementation of privacy notices.
5. Risk Management & Impact Assessments: DPIAs, Data Protection risk maintenance, Data Breach Response Framework, DP drills, Third-Party & Ecosystem data Governance, Integration with Digital, Cloud & AI Initiatives, Awareness Training & Cultural Adoption.

 

Technical Skills / Experience / Certifications

1. In-depth understanding of DPDPA 2023, including consent management, notice requirements, data fiduciary obligations, significant data fiduciary criteria, DPIA, breach reporting, Storing working knowledge of global privacy frameworks: GDPR, CCPA/CPRA, HIPAA, PCI DSS< ISO 27701, ISO 27001. 
2. Designing and implementing enterprise-wide priacy governance structures, RACI and oeprating models. Privacy Risk Management and governance. Practical experience embedding privacy into: SLDC, Privacy by Design.

 

Competencies critical to the role

1. DP Governance & Risk Leadership
2. Regulatory, Legal & Ethical judgement
3. Executive Decision-Making & Accountability
4. Cross-Functional Influence & Colloration
5. Communication & Board-Level Articulation
6. Program & Operating Model Execution
7. Incident Crisis Management

 

Qualification 

1. B. Tech/ B.E. in one of the following: Computer Science / Information Technology, AI, Data Science
2. Certifications: CIPP, CIPM, CDPSE, ISO27001, CIPT
3. Master's Degree (Preferred):MBA ( Technology / Risk / Strategy / Information Systems )
4. MS / M Tech in AI, Data Science, Computer Science, or Cyber Security.

 

Preferred Industry

IT, BFSI, Financial Institutions, Computer Science, Electronics