Manager - Information Security

About Birlasoft:

Birlasoft is a global technology company enabling next-generation digital transformation through expertise in Cloud, AI, Data, and enterprise solutions. Combining industry proficiency with advanced digital capabilities, it helps businesses accelerate change with speed, scale, and purpose, delivering future-ready solutions that enhance agility, resilience, and customer experience. Part of the CKA Birla Group and led by Chairman Mrs. Amita Birla, Birlasoft's nearly 12,000 professionals drive innovation while building a diverse, inclusive, and learning-oriented culture. With a strong focus on sustainability and long-term value creation, Birlasoft transforms enterprises and communities, earning its reputation as a trusted partner and one of the best places to work.

About the Job :

The Manager Information Security, Privacy & Audit is responsible for leading information security and privacy assurance activities across the organization and client engagements. The role includes managing ISO 27001:2022 and ISO/IEC 27701:2019 audits, internal and external assessments, client governance, contract (MSA/SOW) security reviews, and active participation in RFP responses. The position serves as a trusted advisor to internal stakeholders and clients, ensuring strong compliance posture, risk mitigation, and valuedriven security governance.

Role: Manager Information Security

Location: Noida / Pune

Educational Qualification: Bachelor's degree in science, Law, or related field

Experience : 9-12 Years

Role & responsibilities:

Information Security & Privacy Governance

• Manage and continuously improve the Information Security Management System (ISMS) and Privacy Information Management System (PIMS)
• Ensure compliance with ISO 27001:2022, ISO/IEC 27701:2019, and applicable privacy regulations (GDPR, local privacy laws, clientspecific requirements)
• Drive security and privacy governance across corporate functions and client delivery projects
• Oversee risk assessments, privacy impact assessments (PIAs/DPIAs), and control effectiveness reviews

Audit & Assurance Management

• Plan and manage internal audits, surveillance audits, and certification audits for ISO 27001 and ISO 27701
• Act as audit lead and primary point of contact for external auditors and client auditors
• Review audit evidence, validate findings, and ensure timely closure of nonconformities
• Track audit actions, corrective actions, and continuous improvement initiatives.

Client Audit & Compliance Support

• Support clientled audits, security assessments, and duediligence activities
• Handle client security questionnaires, compliance attestations, and assurance requests
• Representing Security and Privacy in client governance forums and reviews
• Build strong client relationships through proactive communication and risk transparency

Client Information Security Incident Management

• Act as the primary point of contact for clientrelated information security and privacy incidents
• Coordinate incident identification, assessment, containment, investigation, and remediation in line with the organizational Incident Response Plan
• Lead client communication during security incidents, including notifications, updates, and postincident reporting
• Ensure timely escalation, root cause analysis (RCA), and corrective / preventive actions (CAPA) for client incidents
• Support regulatory and contractual breach notification obligations in collaboration with Legal, Privacy, and Compliance teams
• Participate in incident reviews, lessonslearned exercises, and continuous improvement initiatives
• Maintain incident records, metrics, and evidence to support audits, client reviews, and compliance requirements

MSA / SOW Security & Privacy Review

• Review Master Service Agreements (MSAs), Statements of Work (SOWs), and contractual documents from an Information Security and Privacy perspective
• Identify security, privacy, and compliance risks and propose mitigations aligned with organizational standards
• Ensure contractual commitments are aligned with internal policies, certifications, and delivery capabilities

RFP & Business Support

• Contribute to RFP/RFI responses by providing Information Security, Privacy, and Compliance inputs
• Articulate security posture, certifications, controls, and differentiators to prospective clients
• Collaborate with sales, legal, and delivery teams to support business growth initiatives

People & Stakeholder Management

• Mentor and guide team members on audit execution, compliance, and client interactions
• Work closely with Legal, HR, Procurement, IT, Delivery, and Sales teams
• Act as a bridge between business objectives and security / privacy requirements

Continuous Improvement & Awareness

• Identify opportunities to strengthen security and privacy controls, processes, and tooling
• Support security awareness and privacy training initiatives
• Stay current with evolving regulatory, contractual, and industry best practices

Skills Required :

• Bachelor's degree in science, Law, or related field
• 912 years of experience in Information Security, Privacy, Audit, or GRC roles
• Strong handson experience with ISO 27001 & ISO/IEC 27701 audits
• Professional certifications preferred: CISA, CISM, CISSP, ISO 27001/27701 Lead Auditor/Implementer
• Experience working in clientfacing roles within IT services / consulting environments