Manager @ Infogain

Lead the implementation, maintenance, and continual improvement of the ISO 27001 Information Security Management System (ISMS)

Manage ISMS documentation including policies, procedures, risk treatment plans, and Statement of Applicability (SoA)

Plan and execute internal audits, coordinate external audits, and drive closure of non-conformities

Conduct management reviews and ensure ongoing compliance with ISO 27001 controls

Own and manage the enterprise information security risk register

Conduct periodic risk assessments for:

• IT infrastructure, endpoints, networks, cloud (Azure/AWS), applications, and data

• Third-party vendors and outsourced services

Drive risk treatment planning, mitigation tracking, and risk acceptance workflows

Support business teams in risk-based decision-making and control validation

Ensure compliance with relevant standards and frameworks such as:

• ISO 27001, SOC 2 Type II

• GDPR, PDPA, CCPA

• IT Act and contractual security requirements

Support customer audits, security questionnaires, and compliance evidence submissions

Work closely with Legal, HR, IT, and Business teams for governance alignment

Maintain compliance dashboards and periodic reporting to leadership

Support implementation of privacy and data protection controls aligned to:

• GDPR (EU/UK)

• PDPA (as applicable to customer/region)

• CCPA (US privacy requirements)

Assist in privacy governance activities such as:

• Data classification and handling requirements

• Supporting DPIAs / privacy risk assessments

• Supporting breach notification processes and compliance reporting

Coordinate with Legal and business stakeholders for privacy-related compliance evidence

Conduct vendor security and privacy assessments (including cloud and SaaS providers)

Validate vendor controls and ensure contractual security and privacy requirements are met

Support onboarding/offboarding compliance checks and periodic vendor reviews

Drive security policy updates and periodic reviews across the organization

Support security awareness programs, compliance training, and audit readiness campaigns

Support incident response from a governance/compliance perspective

Ensure evidence collection, RCA tracking, and closure of corrective/preventive actions (CAPA)

Monitor control effectiveness through periodic checks and audits