Global Data Privacy Manager
Job Summary:
We are seeking an experienced and highly motivated Global Data Privacy Manager to lead and support our global data protection and privacy program. This role will be responsible for managing and evolving our data privacy program to ensure compliance with global privacy regulations, including GDPR, CCPA/CPRA, PDPA, PIPEDA and other data protection regulations where Virtusa operates. The successful candidate will work cross-functionally with legal, IT, HR, marketing, and security teams to support privacy-by-design initiatives, assess privacy risks, and ensure alignment with company strategy.
Key Responsibilities:
- Lead, manage and continual improvement of the global data privacy compliance program across all geographies and business units.
- Analyse and interpret complex international privacy laws and regulations including:
- GDPR, UK GDPR, CPRA, PIPEDA, PDPA (Singapore, Malaysia), DPDP, PIPL, and other regional frameworks.
- Requirements around EU/UK cross-border data transfers, including Standard Contractual Clauses (SCCs), UK IDTA, and Transfer Impact Assessments (TIAs).
- Act as the subject matter expert on data privacy for global clients during due diligence, onboarding, audits, and compliance reviews.
- Develop and maintain privacy policies, standards, and procedures aligned with regulatory requirements.
- Conduct and maintain privacy impact assessments (PIAs), legitimate interest assessments (LIAs), data protection impact assessments (DPIAs), vendor risk assessments, and Records of Processing Activities (RoPA) for data operations across departments/ functions, applications, and client data processing.
- Collaborate with solutioning, technology, and delivery teams to implement privacy-by-design in new offerings and enhancements.
- Partner with information security teams to align on data protection controls, encryption, incident response, and breach notification protocols.
- Support incident response teams in managing privacy breaches, including root cause analysis and reporting.
- Respond to Data Subject Access Requests (DSARs), client audits, and regulatory inquiries across jurisdictions.
- Review, negotiate, and advise on privacy-related contractual documents including:
- Data Protection Addendums (DPAs), SCCs, Master Services Agreements (MSAs), and client-specific privacy terms.
- Monitor legal and regulatory updates across operating geographies and provide guidance on proactive compliance.
- Drive awareness and training programs across delivery centres to promote a culture of compliance and accountability.
- Ensure compliance with data retention, minimization, and privacy obligations throughout the information lifecycle.
Key Attributes:
- Demonstrated ability to interpret and implement multi-jurisdictional privacy laws in real-world operational and client delivery contexts.
- High level of integrity and trustworthiness; able to handle sensitive information with discretion and professionalism.
- Excellent organizational, facilitation, and project management skills—capable of driving complex, cross-functional privacy initiatives.
- Strong written, verbal, and presentation skills with the ability to communicate effectively across technical and non-technical audiences, including senior leadership and clients.
- Collaborative and proactive mindset with a problem-solving orientation and ability to navigate ambiguity in a dynamic, global environment.
Qualifications:
- 6 – 9 years of hands-on experience in data privacy, working in a global organization
- Master's degree or equivalent in Information Security, Law, or related field.
- Certifications such as CIPP/E, CIPM, CIPT, or ISO/IEC 27701.
- Experience supporting client-facing teams with privacy documentation, RFPs, and service-level negotiations.
- Familiarity with tools such as OneTrust, Trust Arc, or internal GRC platforms.
What We Offer:
· A strategic role at the intersection of privacy, technology, and global service delivery
· Exposure to a broad range of international regulations and high-impact client engagements
· A collaborative, inclusive culture committed to ethical data stewardship.
· Competitive compensation, remote/flexible work options, and continuous learning support
Job Summary:
We are seeking an experienced and highly motivated Global Data Privacy Manager to lead and support our global data protection and privacy program. This role will be responsible for managing and evolving our data privacy program to ensure compliance with global privacy regulations, including GDPR, CCPA/CPRA, PDPA, PIPEDA and other data protection regulations where Virtusa operates. The successful candidate will work cross-functionally with legal, IT, HR, marketing, and security teams to support privacy-by-design initiatives, assess privacy risks, and ensure alignment with company strategy.
Key Responsibilities:
- Lead, manage and continual improvement of the global data privacy compliance program across all geographies and business units.
- Analyse and interpret complex international privacy laws and regulations including:
- GDPR, UK GDPR, CPRA, PIPEDA, PDPA (Singapore, Malaysia), DPDP, PIPL, and other regional frameworks.
- Requirements around EU/UK cross-border data transfers, including Standard Contractual Clauses (SCCs), UK IDTA, and Transfer Impact Assessments (TIAs).
- Act as the subject matter expert on data privacy for global clients during due diligence, onboarding, audits, and compliance reviews.
- Develop and maintain privacy policies, standards, and procedures aligned with regulatory requirements.
- Conduct and maintain privacy impact assessments (PIAs), legitimate interest assessments (LIAs), data protection impact assessments (DPIAs), vendor risk assessments, and Records of Processing Activities (RoPA) for data operations across departments/ functions, applications, and client data processing.
- Collaborate with solutioning, technology, and delivery teams to implement privacy-by-design in new offerings and enhancements.
- Partner with information security teams to align on data protection controls, encryption, incident response, and breach notification protocols.
- Support incident response teams in managing privacy breaches, including root cause analysis and reporting.
- Respond to Data Subject Access Requests (DSARs), client audits, and regulatory inquiries across jurisdictions.
- Review, negotiate, and advise on privacy-related contractual documents including:
- Data Protection Addendums (DPAs), SCCs, Master Services Agreements (MSAs), and client-specific privacy terms.
- Monitor legal and regulatory updates across operating geographies and provide guidance on proactive compliance.
- Drive awareness and training programs across delivery centres to promote a culture of compliance and accountability.
- Ensure compliance with data retention, minimization, and privacy obligations throughout the information lifecycle.
Key Attributes:
- Demonstrated ability to interpret and implement multi-jurisdictional privacy laws in real-world operational and client delivery contexts.
- High level of integrity and trustworthiness; able to handle sensitive information with discretion and professionalism.
- Excellent organizational, facilitation, and project management skills—capable of driving complex, cross-functional privacy initiatives.
- Strong written, verbal, and presentation skills with the ability to communicate effectively across technical and non-technical audiences, including senior leadership and clients.
- Collaborative and proactive mindset with a problem-solving orientation and ability to navigate ambiguity in a dynamic, global environment.
Qualifications:
- 6 – 9 years of hands-on experience in data privacy, working in a global organization
- Master's degree or equivalent in Information Security, Law, or related field.
- Certifications such as CIPP/E, CIPM, CIPT, or ISO/IEC 27701.
- Experience supporting client-facing teams with privacy documentation, RFPs, and service-level negotiations.
- Familiarity with tools such as OneTrust, Trust Arc, or internal GRC platforms.
What We Offer:
· A strategic role at the intersection of privacy, technology, and global service delivery
· Exposure to a broad range of international regulations and high-impact client engagements
· A collaborative, inclusive culture committed to ethical data stewardship.
· Competitive compensation, remote/flexible work options, and continuous learning support.