GRC & GDPR Lead

GRC & GDPR Lead (8–10 Years) — JDExperienced compliance and privacy leader responsible for managing the full GRC program and ensuring GDPR compliance across the organization. Leads risk assessments, policy governance, privacy operations, audits, and regulatory readiness while advising leadership on data protection risks and cross-border processing.Core Responsibilities- Lead end-to-end GRC framework: enterprise risks, control design, governance, compliance reporting. - Drive GDPR implementation: ROPA, DSAR, DPIA, consent, vendor DPAs, breach response. - Build and maintain compliance alignment with ISO 27001, ISO 27701, SOC2, DPDP Act. - Conduct internal audits, control testing, gap assessments, and remediation tracking. - Embed privacy-by-design and security-by-design into projects and IT systems. - Manage training and awareness on GRC, GDPR, and data protection practices. - Partner with legal, IT, security, and global teams to ensure end-to-end compliance.Skills & Certifications- Strong expertise in GDPR, GRC frameworks, risk management, SOC2, and ISO standards. - Experience with GRC/Privacy tools (ServiceNow, Archer, OneTrust, Riskonnect). - Excellent documentation, regulatory interpretation, and stakeholder management. - Preferred: CIPP/E, CIPM, ISO 27001 LA, ISO 27701 LI, CRISC.

Apply Now