Search by job, company or skills

godrej industries group

Manager – Information Security & Data Privacy

godrej industries group
Mumbai, India
8-10 Years
Save
new job description bg glownew job description bg glownew job description bg svg
  • Posted a day ago
  • Be among the first 10 applicants
Early Applicant

Job Description

Key Responsibilities :

1. ISMS Governance & Framework Management

  • Own the sustenance and continual improvement of the ISMS aligned to ISO 27001 and NIST CSF.
  • Lead policy, standard, and procedure lifecycle management (drafting, review, approvals, periodic updates).
  • Drive ISMS lifecycle activities including risk assessments, SoA reviews, corrective action management, and management reviews.
  • Define, monitor, and report ISMS KPIs, KRIs, and control effectiveness metrics.

2. Information Security Risk Management

  • Own identification, assessment, tracking, and reporting of information security risks.
  • Guide business and IT teams in executing risk treatment and mitigation plans.
  • Lead periodic enterprise risk assessments, threat reviews, and control validation exercises.

3. Third Party Information Security Risk

  • Own vendor information security risk governance and assessments.
  • Review vendor risk ratings, gap remediation, and closure status.
  • Coordinate with IT, Legal, Procurement, and Business Units to enforce security requirements.

4. Audit, Compliance & Regulatory Management (ISMS)

  • Lead internal and external ISO 27001 /Stat Audits/ ITGC Audits end‑to‑end.
  • Drive timely closure of audit observations and non‑conformances with clear ownership.
  • Maintain ISMS documentation, audit trails, evidence, and audit readiness across business units.

5. Data Privacy Governance & DPDP Compliance

  • Own organization‑wide Data Privacy governance framework aligned to DPDP Act & ISO 27701
  • Ensure implementation and sustenance of privacy policies, notices, and internal guidelines.
  • Act as primary liaison with Legal and Business teams on privacy compliance matters.

6. Privacy Risk, Assessments & Third‑Party Privacy

  • Lead privacy risk assessments, DPIAs, and data flow reviews across business units.
  • Oversee privacy due diligence of vendors handling personal data.
  • Track remediation of privacy risks and contractual privacy obligations.

7. Information Security & Data Privacy Awareness and Culture

  • Own the organization‑wide Information Security and Data Privacy awareness strategy, with a strong focus on building a sustainable security‑ and privacy‑first culture.
  • Design and drive integrated awareness programs covering information security, privacy (DPDP), acceptable use, data handling, and cyber hygiene, aligned to business risk priorities.
  • Move beyond compliance training to behavioral change, embedding security and privacy considerations into everyday decision‑making and business processes.
  • Lead enterprise initiatives such as phishing simulations, targeted campaigns, leadership messaging, policy awareness, and risk‑based communications.
  • Act as a custodian of security and privacy culture, influencing leadership and employees to treat information protection as a shared responsibility.

8. Reporting, Automation & Leadership Engagement

  • Own ISMS and Privacy dashboards for leadership and governance forums.
  • Track VA/PT findings and closure status.
  • Identify and drive automation opportunities across GRC, access reviews, evidence collection, vendor assessments, and reporting.
  • Lead governance review meetings, track action items, and drive accountability.

Must‑Have / Strongly Preferred :

  • ISO 27001

ISO 27001 Lead Implementer or

ISO 27001 Lead Auditor

(At least one is strongly preferred)

  • Information Security / GRC Certification

CISA (Certified Information Systems Auditor) or

CRISC (Risk-focused roles) or

Equivalent governance / audit‑centric certification

  • Privacy certifications such as:

CIPP/E, CIPP/Asia, or equivalent

DPO / Privacy Practitioner programs (India‑focused preferred)

Formal training on DPDP Act or structured privacy implementation programs

Qualification:

Bachelor's degree in:

  • Information Security
  • Computer Science / IT
  • Engineering

Or equivalent relevant discipline

  • Post‑graduate qualification in Risk / Compliance / Information Security is a plus.

Experience :

8–10 years total experience, with:

  • At least 4-6 years in Information Security, ISMS, GRC, Risk, or Compliance roles
  • Hands‑on experience in:
  • ISO 27001 ISMS implementation/sustenance
  • Audit handling (internal & external)
  • Risk assessments and remediation tracking
  • Stakeholder coordination across functions

More Info

Job Type:
Permanent Job
Industry:
Other
Function:
Information Security
Employment Type:
Full time

Job ID: 147311841

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 12-05-2026 08:11:22 PM
Homejobs in MumbaiManager – Information Security & Data Privacy

Similar Jobs

Manager - Information Security & Data Privacy

godrej industries group
Mumbai, India

Skills:

Iso 27001CISA Certified Information Systems AuditorCIPP AsiaCIPP EInformation Security GRC CertificationDPDP ActCRISC