Global Data Protection Manager

Job Description

Location: Hybrid (PAN India as per operating location)

Department: Enterprise Risk Management (ERM)

Reports to: Global Data Protection Officer (DPO)

General Summary

Virtusa is seeking a highly motivated and experienced Global Data Privacy Manager to lead and support our global data protection and privacy program. This role involves managing and evolving the program to ensure adherence to all global privacy regulations including GDPR CCPA/CPRA PDPA PIPEDA and other data protection laws in Virtusas operating regions. The successful candidate will collaborate cross-functionally with legal IT HR marketing and security teams to support privacy-by-design initiatives evaluate privacy risks and ensure alignment with company strategy.

Essential Duties and Responsibilities

In this role you will work closely with the Legal HR IT Marketing Information Security CISO and other functions to develop and monitor policies and standards applicable to the business and in compliance with the applicable data protection laws. Duties will include:

Strategic Compliance Leadership

• Review and continuously enhance the global data privacy compliance program across all business units and geographies.

• Serve as the internal Subject Matter Expert (SME) on data privacy for global clients during due diligence onboarding audits and compliance reviews.

• Monitor legal and regulatory landscapes across operating regions providing proactive guidance on compliance updates.

Regulatory Expertise & Implementation

• Analyze and interpret complex international privacy laws and regulations including but not limited to: GDPR UK GDPR CPRA PIPEDA PDPA (Singapore Malaysia) DPDP and PIPL.

• Manage requirements for EU/UK cross-border data transfers specifically Standard Contractual Clauses (SCCs) UK IDTA and Transfer Impact Assessments (TIAs).

• Develop and maintain robust privacy policies standards and procedures aligned with all regulatory mandates.

• Ensure adherence to data retention minimization and privacy obligations throughout the entire information lifecycle.

Operational Risk & Assessment Management

• Conduct and maintain various privacy assessments including Privacy Impact Assessments (PIAs) Legitimate Interest Assessments (LIAs) Data Protection Impact Assessments (DPIAs) vendor risk assessments and Records of Processing Activities (RoPA) across departments functions applications and client data operations.

• Collaborate with solutioning technology and delivery teams to embed privacy-by-design principles into new offerings and enhancements.

Breach Management & Security Alignment

• Partner with Information Security teams to ensure alignment on data protection controls encryption standards incident response protocols and breach notification procedures.

• Support incident response teams in the management of privacy breaches including root cause analysis and official reporting.

Stakeholder and Contractual Management

• Respond to Data Subject Access Requests (DSARs) regulatory inquiries and client audits across multiple jurisdictions.

• Review negotiate and provide counsel on privacy-related contractual documents such as Data Protection Addendums (DPAs) SCCs Master Services Agreements (MSAs) and client-specific privacy terms.

• Drive global awareness and training programs across delivery centres to foster a culture of data privacy compliance and accountability.

Key Competencies and Attributes:

• Global Privacy Expertise: Proven capability to interpret and successfully implement multi-jurisdictional privacy laws within practical operational settings and client service delivery frameworks.

• Integrity and Discretion: Possessing a high degree of integrity trustworthiness and professionalism particularly when handling sensitive and confidential information.

• Organizational and Project Leadership: Excellent organizational facilitation and project management abilities essential for driving complex cross-functional privacy initiatives globally.

• Communication Proficiency: Strong written verbal and presentation skills enabling effective communication with diverse audiences including senior leadership clients and both technical and non-technical stakeholders.

• Proactive and Collaborative Mindset: A collaborative and proactive approach characterized by a problem-solving orientation and the resilience to operate effectively amidst ambiguity in a dynamic global environment.

Position Specification

Education:

• Bachelors degree in Law Information Security Cyber or equivalent degree from an accredited institute.

• Advanced degree (MMS MBA LLM) preferred.

• A Data Protection and/or Privacy certification CIPP CIPM CIPT ISO27701 LI is preferred.

Experience:

• 6 years of experience in data protection privacy law compliance and information security

• Proven experience in operationalizing enterprise wide data protection program

• Experience working with multinational large organizations across multiple jurisdictions.

• Familiarity with Privacy Enabling Tools OneTrust TrustArc or any leading GRC platforms.

What we offer:

• Exposure to a broad range of international regulations and high-impact client engagements

• A collaborative inclusive culture committed to ethical data stewardship.

• Competitive compensation remote/flexible work options and continuous learning support