GRC & GDPR Lead

GRC & GDPR Lead (8–10 Years) — JD

Experienced compliance and privacy leader responsible for managing the full GRC program and ensuring GDPR compliance across the organization. Leads risk assessments, policy governance, privacy operations, audits, and regulatory readiness while advising leadership on data protection risks and cross-border processing.

Core Responsibilities

• Lead end-to-end GRC framework: enterprise risks, control design, governance, compliance reporting.
• Drive GDPR implementation: ROPA, DSAR, DPIA, consent, vendor DPAs, breach response.
• Build and maintain compliance alignment with ISO 27001, ISO 27701, SOC2, DPDP Act.
• Conduct internal audits, control testing, gap assessments, and remediation tracking.
• Embed privacy-by-design and security-by-design into projects and IT systems.
• Manage training and awareness on GRC, GDPR, and data protection practices.
• Partner with legal, IT, security, and ...