Manager with skills ISMS, GDPR, ISMS for location Noida, India
ROLES & RESPONSIBILITIES
Key Responsibilities
1) ISO 27001 / ISMS Management
Lead the implementation, maintenance, and continual improvement of the ISO 27001 Information Security Management System (ISMS)
Manage ISMS documentation including policies, procedures, risk treatment plans, and Statement of Applicability (SoA)
Plan and execute internal audits, coordinate external audits, and drive closure of non-conformities
Conduct management reviews and ensure ongoing compliance with ISO 27001 controls
2) Risk Management
Own and manage the enterprise information security risk register
Conduct periodic risk assessments for:
IT infrastructure, endpoints, networks, cloud (Azure/AWS), applications, and data
Third-party vendors and outsourced services
Drive risk treatment planning, mitigation tracking, and risk acceptance workflows
Support business teams in risk-based decision-making and control validation
3) Compliance & Governance (Regulatory + Customer Requirements)
Ensure compliance with relevant standards and frameworks such as:
ISO 27001, SOC 2 Type II
GDPR, PDPA, CCPA
IT Act and contractual security requirements
Support customer audits, security questionnaires, and compliance evidence submissions
Work closely with Legal, HR, IT, and Business teams for governance alignment
Maintain compliance dashboards and periodic reporting to leadership
4) Data Privacy & Protection Compliance
Support implementation of privacy and data protection controls aligned to:
GDPR (EU/UK)
PDPA (as applicable to customer/region)
CCPA (US privacy requirements)
Assist in privacy governance activities such as:
Data classification and handling requirements
Supporting DPIAs / privacy risk assessments
Supporting breach notification processes and compliance reporting
Coordinate with Legal and business stakeholders for privacy-related compliance evidence
5) Third-Party / Vendor Risk Management
Conduct vendor security and privacy assessments (including cloud and SaaS providers)
Validate vendor controls and ensure contractual security and privacy requirements are met
Support onboarding/offboarding compliance checks and periodic vendor reviews
6) Security Awareness & Policy Governance
Drive security policy updates and periodic reviews across the organization
Support security awareness programs, compliance training, and audit readiness campaigns
7) Incident & Control Assurance Support
Support incident response from a governance/compliance perspective
Ensure evidence collection, RCA tracking, and closure of corrective/preventive actions (CAPA)
Monitor control effectiveness through periodic checks and audits
EXPERIENCE
- 12-14 Years
SKILLS
- Primary Skill: Information Security
- Sub Skill(s): ISMS
- Additional Skill(s): GDPR, ISMS
ABOUT THE COMPANY
Infogain is a human-centered digital platform and software engineering company based out of Silicon Valley. We engineer business outcomes for Fortune 500 companies and digital natives in the technology, healthcare, insurance, travel, telecom, and retail & CPG industries using technologies such as cloud, microservices, automation, IoT, and artificial intelligence. We accelerate experience-led transformation in the delivery of digital platforms. Infogain is also a Microsoft (NASDAQ: MSFT) Gold Partner and Azure Expert Managed Services Provider (MSP).
Infogain, an Apax Funds portfolio company, has offices in California, Washington, Texas, the UK, the UAE, and Singapore, with delivery centers in Seattle, Houston, Austin, Kraków, Noida, Gurgaon, Mumbai, Pune, and Bengaluru.