Assistant Vice President - Sales Compliance and Data Security

Assistant Vice President - Sales Compliance DPDP Data Security

About Us

SBI Card is a leading pure-play credit card issuer in India, offering a wide range of credit cards to cater to diverse customer needs. We are constantly innovating to meet the evolving financial needs of our customers, empowering them with digital currency for seamless payment experience and indulge in rewarding benefits. At SBI Card, the motto 'Make Life Simple' inspires every initiative, ensuring that customer convenience is at the forefront of all that we do. We are committed to building an environment where people can thrive and create a better future for everyone.

SBI Card is proud to be an equal opportunity & inclusive employer and welcome employees without any discrimination on the grounds of race, color, gender, religion, creed, disability, sexual orientation, gender identity, marital status, caste etc. SBI Card is committed to fostering an inclusive and diverse workplace where all employees are treated equally with dignity and respect which makes it a promising place to work.

Join us to shape the future of digital payment in India and unlock your full potential.

What’s in it for YOU

1. SBI Card truly lives by the work-life balance philosophy. We offer a robust wellness and wellbeing program to support mental and physical health of our employees
2. Admirable work deserves to be rewarded! We have a well curated bouquet of rewards and recognition program for the employees
3. Dynamic, Inclusive and Diverse team culture 
4. Gender Neutral Policy
5. Inclusive Health Benefits for all - Medical Insurance, Personal Accidental, Group Term Life Insurance and Annual Health Checkup, Dental and OPD benefits
6. Commitment to overall development of an employee through comprehensive learning & development framework

Role Purpose 

The purpose of a Sales Compliance and Data Security role is to strategically align sales growth with a robust security posture, ensuring strict adherence to the stringent regulatory frameworks set by the Reserve Bank of India (RBI) and the Digital Personal Data Protection Act (DPDPA), 2023. This role serves as a crucial intermediary, building customer trust and mitigating significant financial and reputational risks associated with data breaches and non-compliance.

Role Accountability 

1. Regulatory Adherence: Ensure all sales processes involving customer data comply with Indian laws and guidelines, including the DPDPA, RBI's Master Directions on IT Governance, and data localization norms.
2. Risk Management: Identify, assess, and mitigate information security risks in sales technology systems (like CRM platforms) to protect sensitive personal and financial data from unauthorized access or misuse.
3. Business Enablement: Support the sales team by clearly articulating the bank's security controls to prospective clients, managing Security Questionnaires (ISQs), and reviewing security-related clauses in vendor and client contracts.
4. Trust Building: Foster customer confidence and maintain the bank's reputation by demonstrating a commitment to secure and ethical data handling practices, a critical competitive advantage in the financial sector
5. Scale for Future Growth: With roadmap including API-first architecture, new Partner integrations, Automation/AI in Sales. A strategic leader is essential to future-proof the platform.
6. Leadership Bandwidth & Succession: Adding this role Builds leadership bench at AVP level, Improves decision velocity, Provides succession coverage for critical platforms.
7. Policy Translation: Interpret complex global regulations (e.g., DPDPA 2023 in India, SOC 2) and translate them into user-friendly technical specifications for engineering teams.

Measures of Success 

1. Responsible for All Data security related aspect for Sales platform
2. Responsible for end to end delivery of projects.
3. Manage vendor for quality program delivery.
4. Project Cost Management 
5. Post Go live Production defects

Technical Skills / Experience / Certifications

1. Strong business analysis skills and experience, including development of business vision and strategies, functional decomposition, requirements capture, process modelling.
2. Experience of software development methodologies and structured approaches to system development. 
3. Awareness of systems management and operational support tools, Security and infrastructure experience.
4. Prior Applicatio development enviorment experince. Preferably in Java Ecosystem (Java, Spring, Angular JS, Microservices etc).
5. Work experience in Relational Database concempt. Preferably Oracle DB with mediuam to high SQL skills.
6. Good understanding of web/App server setup (Apache, Weblogic etc)
7. Exposure on Performance management tools will be an added advantage
8. Vendor Management

Competencies critical to the role

1. Digital Personal Data Protection (DPDP) Act Compliance: High proficiency in operationalizing the DPDP Act (2023) and Rules (2025). This includes:
2. Data Breach Accountability: Managing mandatory 72-hour reporting to the Data Protection Board (DPB).
3. Data Principal Rights: Designing systems that facilitate user requests for data access, correction, and erasure within the mandated 90-day window.
4. Privacy-by-Design: Embedding data minimization and purpose limitation into the Software Development Lifecycle (SDLC).
5. Regulatory Liaison: Interpreting and implementing sector-specific guidelines from RBI (for banking/fintech) and SEBI, alongside CERT-In reporting requirements. 
6. AI-Driven Threat Detection & Defense: Proficiency in building "AI defenders"—autonomous systems that hunt, analyze, and remediate threats in real-time. This includes auditing AI supply chains for "Shadow AI" and mitigating risks like model poisoning or backdoors.
7. Zero Trust Architecture (ZTA): Moving beyond traditional perimeters to implement "assume breach" models using micro-segmentation, continuous identity verification, and least-privilege access.
8. Advanced Threat Hunting: Proactive use of SIEM/SOAR/XDR tools (e.g., Microsoft Sentinel, Splunk, CrowdStrike Falcon) to detect sophisticated, multi-stage attacks before they cause damage.
9. Identity Threat Engineering: Detecting synthetic identities and AI-generated personas used by attackers to escalate privileges and bypass dynamic verification.

Qualification 

Graduate/Post Graduate in Computer Science/Electronics

Preferred Industry

BFSI

Experience Level

Executive Level