Data Protection Officer

About AstraZeneca

AstraZeneca is a global, science-led, patient-focused biopharmaceutical company that focuses on the discovery, development and commercialization of prescription medicines for some of the world’s most serious diseases. But we’re more than one of the world’s leading pharmaceutical companies.

Data Protection Officer

The Data Protection Officer in India should meet global privacy expectations while addressing India’s specific regulatory

landscape, notably the Digital Personal Data Protection Act, 2023 (DPDP Act) and DPDP Rules, sectoral regulations, and

cross-border operations, including working knowledge of GDPR. The Data Protection Officer combines legal, technical, and

governance expertise to design, implement, and oversee privacy programs.

The role reports to the Area Compliance Director Asia Area.

Typical Accountabilities

• Function as the company’s Data Protection Officer

• Practical understanding of the DPDP Act, 2023 and applicable DPDP Rules

•  Ability to interpret and apply obligations of Data Fiduciaries and Significant Data Fiduciaries

• Hands-on experience with DPDP-aligned operational artefacts (DFDs, processing inventories, consent records, purpose

• mapping)

• Strong understanding of the personal data lifecycle under DPDP (collection, use, storage, sharing, retention, erasure)

• Experience handling cross-border transfer of personal data in line with DPDP requirements

• Ability to translate DPDP compliance requirements into clear, business-focused guidance

•  Working understanding of “reasonable security safeguards” and organisational controls under DPDP

•  Experience managing data processors and vendors in line with DPDP obligations

•  Capability to assess, document, and manage personal data breaches and notifications under DPDP

• Independent judgment to advise management and identify DPDP compliance risks

•  Ability to design, implement, and scale DPDP governance frameworks across the organisation

•  Work closely with the Compliance Manager and ensure that robust governance, processes and systems are in place

• Maintain professional & effective collaboration with Assurance Partners to ensure a high level of assurance

• Share privacy activities with management and assure adequate improvement and follow up on identified gaps, corrective and disciplinary actions

• Work with Compliance Manager to ensure robust Local Compliance Committee (LCC) functioning

• Ensure MC Privacy policies, procedures and standards are up to date, aligned with global standards, accessible and fully implemented, with appropriate and trained policy, process and/or SOP owners

• Ensure local privacy risks are effectively assessed, managed, and coordinated with defined local risk owners

•  Provide advice to and consulting on effective implementation and maintenance of 1st line monitoring activities

• Cascade, adopt and deliver regular privacy training and awareness campaigns through periodic communications and ensure the company tracks completeness of training (incl third parties and new starters).

Education, Qualifications, Skills and Experience

Essential

• Degree: Bachelor’s in law, information systems, computer science, Engineering, data science, cybersecurity

• Certifications: IAPP CIPP (Asia), CIPM, CIPT; security/governance certs like ISO/IEC DCPP (Data Protection Practitioner) would be advantageous

• Regulatory familiarity (India-specific): Deep knowledge of the DPDP Act 2023 and subordinate rules/notifications, CERT-In incident reporting directions, IT Act & SPDI Rules (legacy) where relevant during transition, and sectoral norms (e.g., RBI, IRDAI, SEBI, TRAI, MeitY guidelines).

• Experience: 3 to 5 years of experience focusing on data privacy, legal, or IT risk management.

• Technical Familiarity: Understanding of encryption, data masking, and anonymization techniques.

Desirable

• Experience from working in compliance

• Good persuasion skills and the ability to persuade stakeholders to adopt  privacy-first approaches

• Demonstrable management skills and experience

• Good communication skills to enforce data minimisation strategies and other core privacy requirements

• Experience in different business cultures due to cross country interactions in the role

Key Relationships to reach solutions (Internal to AZ Teams)

· Global Privacy Specialist functions

· Global Compliance teams

· Area Leadership Team

· IT, Legal, Market Access

· Finance

· Medical

· HR

· Risk and Audit

External to AZ

  . Third party vendors

 · Pharma associations – Privacy Committees

· Regulatory bodies and the Privacy Board

· External Privacy networks in similarly regulated sectors

· Privacy counterparts at Strategic Alliance partners or during BD projects

 · Data Protection/Privacy officers

Why AstraZeneca?

At AstraZeneca we’re dedicated to being a Great Place to Work. Where you are empowered to push the boundaries of science and unleash your entrepreneurial spirit. There’s no better place to make a difference to medicine, patients and society. An inclusive culture that champions diversity and collaboration, and always committed to lifelong learning, growth and development. We’re on an exciting journey to pioneer the future of healthcare.

Date Posted

24-Feb-2026

Closing Date

20-Mar-2026

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.