Area(s) of responsibility
Information Security & Privacy Governance
- Manage and continuously improve the Information Security Management System (ISMS) and Privacy Information Management System (PIMS)
- Ensure compliance with ISO 27001:2022, ISO/IEC 27701:2019, and applicable privacy regulations (GDPR, local privacy laws, clientspecific requirements)
- Drive security and privacy governance across corporate functions and client delivery projects
Audit & Assurance Management
- Plan and manage internal audits, surveillance audits, and certification audits for ISO 27001 and ISO 27701
- Act as audit lead and primary point of contact for external auditors and client auditors
- Review audit evidence, validate findings, and ensure timely closure of nonconformities
Client Audit & Compliance Support
- Support clientled audits, security assessments, and duediligence activities
- Handle client security questionnaires, compliance attestations, and assurance requests
- Representing Security and Privacy in client governance forums and reviews
Client Information Security Incident Management
- Act as the primary point of contact for clientrelated information security and privacy incidents
- Coordinate incident identification, assessment, containment, investigation, and remediation in line with the organizational Incident Response Plan
- Lead client communication during security incidents, including notifications, updates, and postincident reporting
- Ensure timely escalation, root cause analysis (RCA), and corrective / preventive actions (CAPA) for client incidents
MSA / SOW Security & Privacy Review
- Review Master Service Agreements (MSAs), Statements of Work (SOWs), and contractual documents from an Information Security and Privacy perspective
- Identify security, privacy, and compliance risks and propose mitigations aligned with organizational standards
RFP & Business Support
- Contribute to RFP/RFI responses by providing Information Security, Privacy, and Compliance inputs
- Articulate security posture, certifications, controls, and differentiators to prospective clients
- Collaborate with sales, legal, and delivery teams to support business growth initiatives
People & Stakeholder Management
- Mentor and guide team members on audit execution, compliance, and client interactions
- Work closely with Legal, HR, Procurement, IT, Delivery, and Sales teams
- Act as a bridge between business objectives and security / privacy requirements
Continuous Improvement & Awareness
- Identify opportunities to strengthen security and privacy controls, processes, and tooling
- Support security awareness and privacy training initiatives
- Stay current with evolving regulatory, contractual, and industry best practices
Skills Required
- 9–12 years of experience in Information Security, Privacy, Audit, or GRC roles
- Strong handson experience with ISO 27001 & ISO/IEC 27701 audits
- Professional certifications preferred: CISA, CISM, CISSP, ISO 27001/27701 Lead Auditor/Implementer
- Experience working in clientfacing roles within IT services / consulting environments
