JOB DESCRIPTION:

Entity: EPPL/ETPL

Department: Information Technology

Location: Bangalore

Title: Manager IS & DP

Reporting: Head - IT

Purpose of the Role:

This professional will lead and manage our organization's information security and data protection programs. As the ISM & DPM, will oversee the implementation of robust security frameworks, ensure compliance with data protection regulations, and safeguard sensitive information across all business units.

Role & Responsibilities:

Information Security (ISM Role):

- Work closely with IT-Head to Develop, implement, and maintain an enterprise-wide information security strategy and framework.

- Identify, assess, and mitigate cybersecurity risks across all systems and platforms.

- Lead the organizations incident response and disaster recovery planning efforts.

- Establish and enforce information security policies, procedures, and standards.

- Oversee security audits, penetration tests, and vulnerability assessments.

- Collaborate with IT and other departments to integrate security practices into daily operations.

- Monitor emerging threats, vulnerabilities, and technology trends to proactively strengthen defenses.

- Work closely with IT-Head to Manage security budgets, resources, and vendor relationships.

- Help IT-Head to Manage third party vendors and security operations of the organization.

Data Protection (DPM Role):

- Act as the point of contact for all data protection and privacy-related matters and help IT-Head to ensure that.

- Ensure compliance with global data protection regulations (e.g., GDPR, PCI, ISO 27001 and DPDPA).

- Oversee the implementation of privacy impact assessments and data protection impact assessments (DPIAs).

- Establish processes for data subject rights requests (e.g., access, rectification, and erasure).

- Provide training and awareness programs to employees regarding data protection and privacy obligations.

- Maintain a data breach response plan and ensure timely reporting of incidents to relevant authorities.

- Liaise with regulatory authorities and represent the organization during audits or investigations.

Management and Collaboration:

- Advise IT-Head on security and data protection risks, compliance requirements, and best practices.

- Lead the security and compliance programs, fostering a culture of security and privacy awareness.

- Collaborate with legal, compliance, and risk management teams to align security and privacy strategies with organizational goals.

Qualifications & Skills:

- BE(CS/Information Security)/MBA(IT/Cyber security)/MCA with IS certifications

- 10 - 12 years of experience and minimum 8 years of experience in information security, with at least 5 years in a Managerial role.

- Proven experience as a Data Protection Officer or in managing data privacy programs.

- In-depth knowledge of cybersecurity frameworks (NIST, ISO 27001) and data protection laws (GDPR, CCPA).

- Strong understanding of risk management, data governance, and compliance.

- Excellent problem-solving, decision-making, and analytical skills.

- Exceptional communication and managerial abilities.

- Ability to work under pressure and manage multiple priorities effectively.

- Certifications such as CISSP, DCPA, CISM, CISA, ISO 27001 Lead Auditor, would be an added advantage

Key Relationships:

Internal:

External:

1. Business Leaders

2. Business Managers / Stakeholders

3. Team members/colleagues

4. Sales Team members

5. Clients

6. Suppliers / Vendors

7. Consultants

8. Professional networks