Information Security & (DPO) - Manager
Job Description
Job Title: Information Security & Data Protection Officer (DPO) Manager
\nLocation: Gurugram
\nExperience: 67 years
\nEmployment Type: Contract
\nAbout the Role
\nWe are seeking a highly skilled and motivated InfoSec/DPO Manager to lead our organizations information security, data protection, and compliance initiatives. The ideal candidate will have 67 years of experience in information security and data privacy, with a strong grounding in IT systems, processes, and infrastructure. This role will be central to ensuring that the companys information assets are secure, compliant with regulatory requirements, and aligned with best industry practices.
\nKey Responsibilities
\nInformation Security Management
\nDevelop, implement, and maintain the organizations information security policies, standards, and procedures.
\nConduct regular risk assessments, vulnerability assessments, and penetration tests to identify and mitigate threats.
\nMonitor security systems, incident reports, and ensure timely resolution of issues.
\nData Protection & Compliance (DPO Role)
\nAct as the Data Protection Officer in compliance with GDPR, DPDP Act (India), and other applicable data protection regulations.
\nEnsure company-wide compliance with data privacy laws, security frameworks (ISO 27001, SOC 2, etc.), and industry best practices.
\nConduct regular audits to ensure adherence to security and privacy obligations.
\nManage data subject requests (DSARs), privacy impact assessments (PIAs), and liaison with regulatory authorities as needed.
\nIT & Security Integration
\nCollaborate with IT teams to implement secure infrastructure, network security, access controls, and endpoint protection.
\nProvide guidance on secure system design, cloud security, and data lifecycle management.
\nLead investigations of IT-related security incidents, breaches, and root cause analysis.
\nGovernance, Risk & Training
\nMaintain and track compliance with security and privacy KPIs.
\nDevelop awareness programs and training for employees on cybersecurity and data protection.
\nLead internal and external audits on InfoSec and data protection.
\nQualifications & Skills
\nBachelors degree in Computer Science, Information Technology, Cybersecurity, or related field. (Masters preferred)
\n67 years of relevant experience in information security, data protection, and IT security operations.
\nStrong knowledge of GDPR, DPDP Act, HIPAA, and other global privacy laws/regulations.
\nExperience with ISO 27001, SOC 2, NIST, CIS Controls, PCI DSS frameworks.
\nHands-on IT security expertise (firewalls, intrusion detection/prevention, cloud security, identity & access management).
\nCertifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor, CEH, or CIPM/CIPP are highly desirable.
\nStrong analytical, communication, and stakeholder management skills.
\nWhat We Offer
\nOpportunity to lead InfoSec and Data Protection strategy for a growing organization.
\nExposure to international compliance frameworks and cutting-edge security practices.
\nA collaborative, inclusive, and technology-driven work environment.