Manager-Infosec

Area(s) of responsibility

Information Security & Privacy Governance

• Manage and continuously improve the Information Security Management System (ISMS) and Privacy Information Management System (PIMS)
• Ensure compliance with ISO 27001:2022, ISO/IEC 27701:2019, and applicable privacy regulations (GDPR, local privacy laws, client‑specific requirements)
• Drive security and privacy governance across corporate functions and client delivery projects

Audit & Assurance Management

• Plan and manage internal audits, surveillance audits, and certification audits for ISO 27001 and ISO 27701
• Act as audit lead and primary point of contact for external auditors and client auditors
• Review audit evidence, validate findings, and ensure timely closure of non‑conformities

Client Audit & Compliance Support

• Support client‑led audits, security assessments, and due‑diligence activities
• Handle client security questionnaires, compliance attestations, and assurance requests
• Representing Security and Privacy in client governance forums and reviews

Client Information Security Incident Management

• Act as the primary point of contact for client‑related information security and privacy incidents
• Coordinate incident identification, assessment, containment, investigation, and remediation in line with the organizational Incident Response Plan
• Lead client communication during security incidents, including notifications, updates, and post‑incident reporting
• Ensure timely escalation, root cause analysis (RCA), and corrective / preventive actions (CAPA) for client incidents

MSA / SOW Security & Privacy Review

• Review Master Service Agreements (MSAs), Statements of Work (SOWs), and contractual documents from an Information Security and Privacy perspective
• Identify security, privacy, and compliance risks and propose mitigations aligned with organizational standards

RFP & Business Support

• Contribute to RFP/RFI responses by providing Information Security, Privacy, and Compliance inputs
• Articulate security posture, certifications, controls, and differentiators to prospective clients
• Collaborate with sales, legal, and delivery teams to support business growth initiatives

People & Stakeholder Management

• Mentor and guide team members on audit execution, compliance, and client interactions
• Work closely with Legal, HR, Procurement, IT, Delivery, and Sales teams
• Act as a bridge between business objectives and security / privacy requirements

Continuous Improvement & Awareness

• Identify opportunities to strengthen security and privacy controls, processes, and tooling
• Support security awareness and privacy training initiatives
• Stay current with evolving regulatory, contractual, and industry best practices

 

Skills Required :

• 9–12 years of experience in Information Security, Privacy, Audit, or GRC roles
• Strong hands‑on experience with ISO 27001 & ISO/IEC 27701 audits
• Professional certifications preferred: CISA, CISM, CISSP, ISO 27001/27701 Lead Auditor/Implementer
• Experience working in client‑facing roles within IT services / consulting environments