Associate Director Privacy & GRC

Join Tsaaro as an Associate Director – Privacy & GRC

Lead with Expertise. Drive Transformation. Shape Global Privacy & Governance.

Are you a seasoned privacy, security, and governance professional looking to elevate your leadership journey and take on high -impact responsibilities?

At Tsaaro, we don’t just deliver compliance — we redefine how organizations implement privacy, information security, and governance frameworks at scale.

We’re growing rapidly and are looking for an Associate Director – Privacy & GRC who thrives in dynamic environments, understands complex regulatory ecosystems, and has a proven track record of managing and executing large -scale privacy and governance programs for clients.

About Tsaaro

At Tsaaro, privacy and security are not side functions — they are our core. Our team includes dedicated privacy consultants, GRC specialists, and cybersecurity experts, all collaborating to empower organizations with tailored, effective, and scalable solutions.

We bring a practical, risk -based consulting approach, offering clients actionable insights and hands -on support to help them manage privacy risks, demonstrate compliance, and strengthen their governance and security posture.

Your Role: Associate Director – Privacy & GRC

As an Associate Director, you will support strategic advisory functions, lead key client engagements, and manage delivery across privacy governance, risk management, and compliance frameworks.

Key Responsibilities:

• Lead and oversee privacy, GRC, and data protection programs tailored to client needs.
  

• Assess clients’ privacy, governance, and security controls, identifying gaps and contributing to transformation roadmaps.
  

• Manage advanced privacy assessments including gap assessments, DPIAs, PIAs, RoPA, internal audits, and risk assessments.
  

• Provide advisory on GDPR, CCPA, DPDP Act, PDPL, and other global regulations.
  

• Develop and review privacy policies, governance frameworks, and compliance documentation.
  

• Contribute to the implementation of ISO 27001, ISO 27701, NIST, SOC 2, and related frameworks.
  

• Support incident response planning, breach readiness, and Data Subject Rights programs.
  

• Conduct and review third -party risk assessments and audit readiness initiatives.
  

• Work with senior client stakeholders (CISO, DPO, CTO, Legal, Compliance) to deliver effective privacy and GRC solutions.
  

• Lead cybersecurity -aligned GRC activities including policy creation, internal audit programs, and governance structure
  

•  7+ years of hands -on experience in privacy, data protection, cybersecurity, or GRC consulting.^​
  
• Strong understanding of international privacy laws including GDPR, CCPA/CPRA, DPDP Act, PDPL, and global frameworks.^​
  
• Solid grasp of ISO 27001, ISO 27701, NIST CSF, SOC 2, and other governance/control frameworks.^​
  
• Experience managing enterprise -level privacy programs, GRC initiatives, ISMS/PIMS implementations, and audits.^​
  
• Familiarity with privacy and GRC tools (e.g., Securiti.ai, OneTrust, BigID).^​
  
• Certifications such as CIPP/E, CIPM, CIPT, ISO 27001 LA/LI (preferred).^​
  
• Excellent communication skills, leadership capability, and strong stakeholder management^​.
  
• A mindset that is strategic, solution -oriented, collaborative, and impact -driven.^​​