Data Privacy and Compliance specialist

Job
Statement:

NopalCyber
makes cybersecurity manageable, affordable, reliable, and powerful for
companies that need to be resilient and compliant. Managed extended detection
and response (MXDR), attack surface management (ASM), breach and attack
simulation (BAS), and advisory services fortify your cybersecurity across both
offense and defense. AI -driven intelligence in our Nopal360° platform, our
NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets
anyone quantify, track, and visualize their cybersecurity posture in real -time.
Our service packages, which are each tailored to a client’s needs and budget,
and external threat analysis, which provides critical intelligence at no -cost,
help to democratize cybersecurity by making enterprise -grade defenses and
security operations available to organizations of all sizes. NopalCyber lowers
the barrier to entry while raising the bar for security and service.

We
are looking for a skilled and diligent Data Privacy & Compliance Specialist
to join our dedicated Advisory team.

Job
Responsibilities:

• Implement and manage compliance
  programs for major data privacy regulations, specifically GDPR (General
  Data Protection Regulation) and DPDPA (Digital Personal Data Protection
  Act - India).
  
• Conduct Data Protection Impact
  Assessments (DPIAs) and Privacy Impact Assessments (PIAs) for new
  projects, systems, and data processing activities.
  
• Advise on data subject rights
  requests (e.g., access, rectification, erasure) and ensure timely and
  compliant responses.
  
• Lead or support HITRUST CSF (Health
  Information Trust Alliance Common Security Framework) assessments and
  certification efforts, including control assessment, evidence collection,
  and readiness reviews.
  
• Develop, review, and refine
  comprehensive data privacy and information security policies, standards,
  and procedures to ensure alignment with GDPR, DPDPA, HIPAA, HITRUST, and
  ISO 27001.
  
• Provide expert guidance and
  consultation to various business units on data privacy and security best
  practices.
  

Job
Specifications:

1.
Qualification:

• Bachelor’s degree in Engineering or
  closely related coursework in technology development disciplines
  
• Certifications – Security+, CIPP/E,
  CIPP/US, CIPM, CCSFP (good to have, but not mandatory)
  

2.
Experience:

• Total Experience (1): 5 -8 years
  
• Total Experience (2): 2 -4 years
  

Knowledge
and Experience:

• Dedicated experience in data
  privacy, information security compliance, GRC, or IT audit roles.
  
• Demonstrable practical experience
  with GDPR principles, implementation, and compliance.
  
• Strong understanding and practical
  application experience with HIPAA regulations (Privacy, Security, and
  Breach Notification Rules).
  
• Experience with HITRUST CSF
  assessments, implementation, or ongoing management.
  
• Proven experience with ISO 27001
  implementation, maintenance, or audit support.
  
• Familiarity with or experience with
  the DPDPA (Digital Personal Data Protection Act - India) is highly
  desirable, especially for roles based in or dealing with India.
  
• Good understanding of information
  security principles and related compliance controls. Ability to articulate
  the relevance of the security controls
  
• Experience in delivery of Information
  Security risk and compliance advisory services
  
• Experience in management consulting
  and information security audits
  
• Comfortable working in a project
  based / client serving model
  

Personal
Attributes

• Self -starter and quick learner
  requiring minimal ramp -up
  
• Excellent written, oral, and
  interpersonal communication skills
  
• Highly self -motivated,
  self -directed, and attentive to detail
  
• Ability to effectively prioritize
  and execute tasks in a high -pressure environment