Associate Consultant-Information Security

Associate Consultant-Information Security
Ernst & Young LLP - Bangalore, India
Full Time
Banking, Financial Services and Insurance
CIPM Information Security Security

JD – Privacy – Associate Consultant / Consultant


Academic qualification: Bachelor’s degree or demonstration of relevant industry experience
1 – 6 years of experience in Information Security / Risk Management
Certifications should have: One or more of CIPM, DCPP, CIPT, CIPP

Within this role you will be responsible for supporting and implementing all aspects of the global data protection compliance strategy as well as the India’s Personal Data Protection Bill (PDPB). You will be performing Privacy Impact Assessments and gap assessments for leading banks and other financial institutions. You will also be responsible to help our clients develop privacy policies and procedures to meet with various regulatory obligations for GDPR and PDPB.


Inform and advise the client on the Global Data Protection Regulation (GDPR) and India’s Personal Data Protection Bill (PDPB) and its requirements, liaising with local support as required. Serving as a subject matter expert and developing and implementing a robust compliance plan.
Perform detailed review of data privacy policies and procedures to identify gaps and enhancements. Develop new privacy policies and procedures
Partner with all key business areas of the client, in particular the IT Security team, to ensure data privacy issues are considered at the outset of new projects, products and initiatives
Monitor the industry landscape to keep visibility on evolutions, trends, and best practices related to Data Privacy
·         Perform information privacy risk assessments, mitigation and remediation.

Perform Privacy Impact Assessments in accordance with GDPR and PDPB regulations
Perform gap-focused compliance assessments to identify gaps against PDPB and GDPR regulations.
Review the privacy by design implementation for processes and applications
Prepare data classification policies, procedures and frameworks
Provide recommendations for mitigation of identified gaps and risks
Escalate any issues in a timely manner to your Team Lead or Subject Matter expert
Work collaboratively and communicate persuasively, emphasizing teamwork, diversity, and knowledge-sharing
Maintain transparent communication channels with all relevant stakeholders and promptly respond to requests from stakeholders in relation to risk management actions, tasks and quality of outputs



Prior audit and implementation experience, ideally within the context of Privacy regulations like GDPR and PDPB
Demonstrate deep knowledge of data privacy, data handling and data classification.
Demonstrate experience of managing data privacy issues in a global organisation preferably a financial institution
Expertise in global and European data protection laws and practices and an in-depth understanding of the GDPR as well as India’s Personal Data Protection Bill (PDPB)
Capable of conducting data privacy compliance reviews and audits.
Prior experience in conducting Privacy Impact Assessments
A good understanding and experience of the line of businesses within a Bank.
Prior experience in reviewing and drafting of Privacy Policies and Procedures for a financial institution or at a regulatory agency or major consulting firm would be desirable
Demonstrable examples of teamwork and collaboration with internal and external customers
Attention to detail and proactive awareness of internal and external policies
Have excellent communication, coaching and influencing skills with peers, subordinates and clients
A good understanding of the regulatory environment within the region and knowledge of regulatory compliance requirements with experience in regulatory and compliance audits
Excellent written and oral communication skills e.g. presentation to client’s top management and report writing
Proficiency with Microsoft Office tools