Director Information Security & Privacy

About the Company

Director – Information Security & Privacy

As the company scales globally, it offers a rare opportunity to join early, shape operational excellence, and work alongside seasoned professionals passionate about building a next-generation risk management solutions & services.

Director – Information Security & Privacy

Location: Hyderabad, India (Hybrid)

Start Date: Q4 2025

Employment Type: Full-Time

Industry: Third-Party & Supply Chain Risk Management

Role Overview

Director – Information Security & Privacy

Hyderabad

Key Responsibilities

Internal Security, Privacy & Compliance

• Lead the design, implementation, and management of the Information Security Management System (ISMS) in alignment with ISO 27001.
• Drive the organization’s ISO 27001 certification and maintain ongoing compliance and audit readiness.
• Develop and enforce internal security and data privacy policies, procedures, and governance frameworks.
• Oversee compliance with

  data protection laws

  such as

  GDPR

  , and ensure secure data processing practices across all business units.
• Lead incident response planning, risk assessments, internal audits, and employee security awareness programs.
• Act as the organization’s

  Data Protection Officer (DPO)

  or equivalent function, ensuring privacy compliance and advising on privacy-by-design.

Client-Facing Advisory & Risk Services

• Provide advisory support to clients on information security and privacy matters, including third-party risk assessments and audit readiness.
• Conduct client-facing security and data protection audits, assessments, and consulting engagements.
• Advise clients on GDPR compliance strategies, data protection impact assessments (DPIAs), and related privacy frameworks.
• Support pre-sales and delivery teams with subject matter expertise for client proposals and RFPs.
• Ensure alignment of internal controls and capabilities with client expectations and service commitments.

Leadership & Collaboration

• Collaborate with senior leadership and global teams to align security and privacy strategy with business and compliance objectives.
• Monitor evolving cybersecurity threats, technologies, and regulations; adapt policies and controls accordingly.
• Foster a culture of security awareness and compliance across the organization.

Qualifications & Experience

• 10–15 years of experience in

  Information Security

  ,

  Data Protection

  , or related domains with combined internal and client-facing responsibilities.
• Demonstrated experience leading

  ISO 27001 implementation

  and

  GDPR compliance programs

  .
• Deep knowledge of security frameworks (e.g., NIST, SOC 2), data privacy laws, and risk management practices.
• Proven ability to work strategically while also executing hands-on tasks as needed.
• Experience with

  global teams and international clients

  is essential.
• Strong communication, presentation, and stakeholder engagement skills.
• Professional certifications such as

  CISSP, CISM, ISO 27001 LA/LI, CIPP/E, or CIPM

  are highly desirable.
• Bachelor’s degree in Information Security, Computer Science, or related field; a Master’s degree is a plus.

Note: