Contributes to the development of policies, standards and guidelines related to personal data regulations and information security.
Ensures controls are implemented inline with the approved security policies.
Maintain an inventory of all information assets affecting personal data.
Identifies security and privacy risks and vulnerabilities, assesses their impact and probability, develops mitigation strategies and reports to the business.
Coordinates and works with the IT teams to communicate and mitigate security risks.
Adopts the governance framework to manage process, technical risks, and compliance of implemented security controls.
Ensures key security controls are verified for compliance and deviations communicated and coordinated to closure.
Conducts regular technical compliance assessments to verify the effectiveness of implemented security controls.
Should manage governance and compliance related projects.
Should coordinate with the relevant IT teams and the audit team to manage regular local audits.
Requirements
Have worked at least 5 years' experience in the information security domain.
Should have knowledge of Information security standards (ISO 27001, NIST) and personal data regulations and standards (GDPR, ISO 27018 etc.)
Have experience on drafting policies and procedures.
Should have worked on implementing personal data regulations and managing the same.
Ability to create and analyse metrics to identify trends, gaps and issues.
Have experience on managing end to end security audits.
Have an experience on the information security risk management cycle.
Understanding of project management and part of a project implementations
Should have skills of managing implementation projects on governance and personal data regulations.
Good communication skills, problem-solving skills and team player.
Preferred Certifications
ISO 27001 Lead Auditor/ CISA
Certification on Management of Personal data (ISO 27018/GDPR certification/CDPSE/ Product related certification)