Job Title

Role OverviewThe Director / Associate Director – Data Privacy & Information Security will lead the organisation’s information security governance and data protection programs, ensuring that enterprise systems, digital assets, and personal data are protected across global operations.The role is responsible for designing, implementing, and managing the organisation’s Information Security Management System (ISMS) and data privacy governance frameworks, ensuring compliance with global security standards, regulatory requirements, and client security expectations.Working closely with Enterprise Risk, Legal & Compliance, Technology, Internal Audit, and business leadership, the role will strengthen the organisation’s cybersecurity posture, safeguard personal data, manage cyber risk exposure, and embed security and privacy principles across technology platforms and business processes.Key ResponsibilitiesInformation Security GovernanceEstablish and maintain the organisation’s Information Security Management System (ISMS) aligned with global standards such as ISO 27001, NIST Cybersecurity Framework, and CIS Controls.Develop and enforce enterprise-wide information security policies, standards, and procedures.Ensure the confidentiality, integrity, and availability of enterprise information assets and IT systems.Conduct periodic security risk assessments and support enterprise security control reviews.Cybersecurity Operations & Risk ManagementMonitor cybersecurity threats, vulnerabilities, and enterprise cyber risk exposure.Oversee vulnerability management programs, threat monitoring, and security control implementation.Lead response and remediation activities for cybersecurity incidents and security breaches.Track security incidents and coordinate with Enterprise Risk Management to ensure cyber risks are reflected in enterprise risk registers.Data Privacy & Personal Data ProtectionImplement and manage the organisation’s data privacy governance program.Ensure compliance with applicable data protection regulations including GDPR, UK GDPR, India DPDP Act, and other global privacy frameworks.Maintain records of processing activities, privacy policies, and data protection governance documentation.Conduct Data Protection Impact Assessments (DPIAs) for new systems, technologies, and data processing initiatives.Ensure appropriate safeguards for cross-border data transfers and vendor data processing activities.Vendor Security & Data Protection Risk ManagementConduct security and privacy risk assessments for third-party vendors and service providers handling company systems or data.Evaluate vendor cybersecurity practices and privacy controls against enterprise security standards.Ensure vendors comply with organisational security and data protection requirements.Collaborate with procurement and legal teams to ensure appropriate security and data protection clauses are included in vendor contracts.Privacy & Security by DesignEmbed security-by-design and privacy-by-design principles into enterprise systems, products, and digital platforms.Collaborate with engineering and IT teams to implement secure architecture, encryption, and access control mechanisms.Provide guidance on data classification, data retention, and secure data handling practices.Incident Response & Breach ManagementLead investigation and response to cybersecurity incidents and personal data breaches.Coordinate cross-functional incident response with Legal, Enterprise Risk, and Technology teams.Support regulatory breach notification processes where required.Conduct post-incident reviews and implement improvements to strengthen security posture.Security & Privacy Compliance and AuditsSupport internal and external security and privacy audits, including ISO 27001 certification, client security assessments, and regulatory inspections.Maintain documentation and evidence required for security certifications and regulatory reviews.Track remediation actions arising from security and privacy audit findings.Security & Privacy AwarenessDevelop and implement security and privacy awareness programs across the organisation.Promote responsible data handling practices and strengthen organisational cyber awareness culture.Cross-Functional CollaborationThe role will collaborate closely with key governance and operational functions:Chief Legal, Risk & Compliance Officer Overall governance oversight and regulatory alignment.Enterprise Risk Management Integration of cyber and privacy risks into enterprise risk frameworks.Compliance & Legal Regulatory compliance, breach notification obligations, and privacy governance.Technology / IT Teams Implementation of security controls, infrastructure protection, and secure architecture.Internal Audit Independent assurance over security and privacy governance frameworks.Key Qualifications12–14+ years of experience in information security, cybersecurity, data privacy, or technology risk roles.Experience managing enterprise information security or privacy programs within multinational or technology-driven organisations.Strong understanding of ISO 27001, NIST Cybersecurity Framework, CIS Controls, or equivalent security standards.Knowledge of global data protection regulations including GDPR and emerging privacy frameworks.Experience managing cybersecurity incidents, vulnerability management programs, and security governance frameworks.Strong stakeholder management and cross-functional leadership capabilities.Preferred CertificationsCandidates with the following certifications are preferred:CISSP – Certified Information Systems Security ProfessionalCISM – Certified Information Security ManagerCISA – Certified Information Systems AuditorCIPP / CIPM – Privacy CertificationsISO 27001 Lead Implementer / Lead AuditorReporting to: Chief Legal, Risk & Compliance OfficerLocation: Bangalore (No Remote)