Associate Director – Privacy & GRC

Join Tsaaro as an Associate Director – Privacy & GRC

Lead with Expertise. Drive Transformation. Shape Global Privacy & Governance.

Are you a seasoned privacy, security, and governance professional looking to elevate your leadership journey and take on high-impact responsibilities?

At Tsaaro, we don’t just deliver compliance — we redefine how organizations implement privacy, information security, and governance frameworks at scale.

We’re growing rapidly and are looking for an Associate Director – Privacy & GRC who thrives in dynamic environments, understands complex regulatory ecosystems, and has a proven track record of managing and executing large-scale privacy and governance programs for clients.

About Tsaaro

At Tsaaro, privacy and security are not side functions — they are our core. Our team includes dedicated privacy consultants, GRC specialists, and cybersecurity experts, all collaborating to empower organizations with tailored, effective, and scalable solutions.

We bring a practical, risk-based consulting approach, offering clients actionable insights and hands-on support to help them manage privacy risks, demonstrate compliance, and strengthen their governance and security posture.

Your Role: Associate Director – Privacy & GRC

As an Associate Director, you will support strategic advisory functions, lead key client engagements, and manage delivery across privacy governance, risk management, and compliance frameworks.

Key Responsibilities:

• 
  Lead and oversee privacy, GRC, and data protection programs tailored to client needs.

• 
  Assess clients’ privacy, governance, and security controls, identifying gaps and contributing to transformation roadmaps.

• 
  Manage advanced privacy assessments including gap assessments, DPIAs, PIAs, RoPA, internal audits, and risk assessments.

• 
  Provide advisory on GDPR, CCPA, DPDP Act, PDPL, and other global regulations.

• 
  Develop and review privacy policies, governance frameworks, and compliance documentation.

• 
  Contribute to the implementation of ISO 27001, ISO 27701, NIST, SOC 2, and related frameworks.

• 
  Support incident response planning, breach readiness, and Data Subject Rights programs.

• 
  Conduct and review third-party risk assessments and audit readiness initiatives.

• 
  Work with senior client stakeholders (CISO, DPO, CTO, Legal, Compliance) to deliver effective privacy and GRC solutions.

• 
  Lead cybersecurity-aligned GRC activities including policy creation, internal audit programs, and governance structure

• 7+ years of hands-on experience in privacy, data protection, cybersecurity, or GRC consulting.
  
• Strong understanding of international privacy laws including GDPR, CCPA/CPRA, DPDP Act, PDPL, and global frameworks.
  
• Solid grasp of ISO 27001, ISO 27701, NIST CSF, SOC 2, and other governance/control frameworks.
  
• Experience managing enterprise-level privacy programs, GRC initiatives, ISMS/PIMS implementations, and audits.
  
• Familiarity with privacy and GRC tools (e.g., Securiti.ai, OneTrust, BigID).
  
• Certifications such as CIPP/E, CIPM, CIPT, ISO 27001 LA/LI (preferred).
  
• Excellent communication skills, leadership capability, and strong stakeholder management.
  
A mindset that is strategic, solution-oriented, collaborative, and impact-driven.

•