Job Title: Information Security & Data Protection Officer (DPO) – Manager

Location: Gurugram

Experience: 6–7 years

Employment Type: Contract

About the Role

We are seeking a highly skilled and motivated InfoSec/DPO Manager to lead our organization’s information security, data protection, and compliance initiatives. The ideal candidate will have 6–7 years of experience in information security and data privacy, with a strong grounding in IT systems, processes, and infrastructure. This role will be central to ensuring that the company’s information assets are secure, compliant with regulatory requirements, and aligned with best industry practices.

Key Responsibilities

Information Security Management

Develop, implement, and maintain the organization’s information security policies, standards, and procedures.

Conduct regular risk assessments, vulnerability assessments, and penetration tests to identify and mitigate threats.

Monitor security systems, incident reports, and ensure timely resolution of issues.

Data Protection & Compliance (DPO Role)

Act as the Data Protection Officer in compliance with GDPR, DPDP Act (India), and other applicable data protection regulations.

Ensure company-wide compliance with data privacy laws, security frameworks (ISO 27001, SOC 2, etc.), and industry best practices.

Conduct regular audits to ensure adherence to security and privacy obligations.

Manage data subject requests (DSARs), privacy impact assessments (PIAs), and liaison with regulatory authorities as needed.

IT & Security Integration

Collaborate with IT teams to implement secure infrastructure, network security, access controls, and endpoint protection.

Provide guidance on secure system design, cloud security, and data lifecycle management.

Lead investigations of IT-related security incidents, breaches, and root cause analysis.

Governance, Risk & Training

Maintain and track compliance with security and privacy KPIs.

Develop awareness programs and training for employees on cybersecurity and data protection.

Lead internal and external audits on InfoSec and data protection.

Qualifications & Skills

Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field. (Master’s preferred)

6–7 years of relevant experience in information security, data protection, and IT security operations.

Strong knowledge of GDPR, DPDP Act, HIPAA, and other global privacy laws/regulations.

Experience with ISO 27001, SOC 2, NIST, CIS Controls, PCI DSS frameworks.

Hands-on IT security expertise (firewalls, intrusion detection/prevention, cloud security, identity & access management).

Certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor, CEH, or CIPM/CIPP are highly desirable.

Strong analytical, communication, and stakeholder management skills.

What We Offer

Opportunity to lead InfoSec and Data Protection strategy for a growing organization.

Exposure to international compliance frameworks and cutting-edge security practices.

A collaborative, inclusive, and technology-driven work environment.