Data Privacy and Compliance specialist

Job Statement:

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360° platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client’s needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service.

We are looking for a skilled and diligent Data Privacy & Compliance Specialist to join our dedicated Advisory team.

Job Responsibilities:

• Implement and manage compliance programs for major data privacy regulations, specifically GDPR (General Data Protection Regulation) and DPDPA (Digital Personal Data Protection Act - India).
  
• Conduct Data Protection Impact Assessments (DPIAs) and Privacy Impact Assessments (PIAs) for new projects, systems, and data processing activities.
  
• Advise on data subject rights requests (e.g., access, rectification, erasure) and ensure timely and compliant responses.
  
• Lead or support HITRUST CSF (Health Information Trust Alliance Common Security Framework) assessments and certification efforts, including control assessment, evidence collection, and readiness reviews.
  
• Develop, review, and refine comprehensive data privacy and information security policies, standards, and procedures to ensure alignment with GDPR, DPDPA, HIPAA, HITRUST, and ISO 27001.
  
• Provide expert guidance and consultation to various business units on data privacy and security best practices.
  

Job Specifications:

1. Qualification:

• Bachelor’s degree in Engineering or closely related coursework in technology development disciplines
  
• Certifications – Security+, CIPP/E, CIPP/US, CIPM, CCSFP (good to have, but not mandatory)
  

2. Experience:

• Total Experience (1): 5-8 years
  
• Total Experience (2): 2-4 years
  

Knowledge and Experience:

• Dedicated experience in data privacy, information security compliance, GRC, or IT audit roles.
  
• Demonstrable practical experience with GDPR principles, implementation, and compliance.
  
• Strong understanding and practical application experience with HIPAA regulations (Privacy, Security, and Breach Notification Rules).
  
• Experience with HITRUST CSF assessments, implementation, or ongoing management.
  
• Proven experience with ISO 27001 implementation, maintenance, or audit support.
  
• Familiarity with or experience with the DPDPA (Digital Personal Data Protection Act - India) is highly desirable, especially for roles based in or dealing with India.
  
• Good understanding of information security principles and related compliance controls. Ability to articulate the relevance of the security controls
  
• Experience in delivery of Information Security risk and compliance advisory services
  
• Experience in management consulting and information security audits
  
• Comfortable working in a project based / client serving model
  

Personal Attributes

• Self-starter and quick learner requiring minimal ramp-up
  
• Excellent written, oral, and interpersonal communication skills
  
• Highly self-motivated, self-directed, and attentive to detail
  
• Ability to effectively prioritize and execute tasks in a high-pressure environment