7 Iso 27701 Jobs

Assist the team in planning engagements, conducting fieldwork, discussing findings and observations with the clients, preparing work papers to support conclusions and preparing written reports. Conduct IT, Data Privacy & Information Security audits. Develop policies and procedures inline with Information Security & Privacy international and local standards. Attend preliminary meetings with clients; offer advice and develop a client understanding for the overall service process; communicate access and information requirements. Support Engagement partners and Directors to lead business development initiatives including, but not limited to, review pre-engagement activities, contracting and setting up meetings with prospective clients. Keeping up to date with developments in Technology, UAE markets, relevant professional standards (eg: ISO 27001, Data Privacy Law etc.) and specific industry sectors. Pursuit of highest professional standards, specialist skills in technology and credibility in the market through continuous professional education, certification, contributions to professional groups and appropriate networking. Contribute towards managing the overall client service delivery in accordance with BDO quality guidelines & methodologies. Contribute towards managing accounts on a day-to-day basis & explore new business opportunities for the firm. Maintain professional relations with clients, answer queries, offer expert advice. Ensure thorough project documentation and maintain electronic filing in accordance to BDO guidelines. Complete project assignments with minimum supervision and within the timelines provided by the management. Required Skills: Bachelors degree in Computer science, Engineering, or related field Post-qualification work experience of 6 to 8 years, with at-least 6-year experience in implementing the regulatory & compliance framework requirements (e.g. ISO 27001, ISO 27701, GDPR, ADHICS) Experience in international and local regulatory requirements related to Data Privacy & Protection Two (2) or more industry certifications strongly preferred. Example certifications include: CISA, CISSP, CIPM/CIPP, CISM, CCSP

Position Summary The Compliance, Quality & Data Fiduciary Manager is responsible for ensuring the organizations compliance with ISO 9001 (Quality Management System), ISO 27001 (Information Security Management System) standards, also fulfilling the duties of data fiduciary. This role involves managing the quality and information security frameworks, ensuring data protection & privacy compliance and overseeing all related processes to maintain the highest standards of integrity and trust. Area of Responsibility A . ISO 9001Quality Management System (QMS) 1. Design, Development and Implementation Design, implement and maintain QMS in accordance with ISO 9001 standards Develop and document quality policies, procedures and processes which are aligned with prevailing ISO 9001 standards. 2. Monitoring and Auditing Conduct regular interval audits to ensure ISO 9001 Compliance Monitor key performance indicators(KPIs) to access and improve effectiveness of QMS Lead continuous improvement initiatives in quality management 3. Training and Awareness Provide training on ISO 9001 standards and quality management best practices Ensure all employees understand their role within the QMS framework B.ISO 27001 Information Security Management System (ISMS) 1. Development and Implementation Establish, implement the ISMS standards as per ISO 27001 Develop and maintain robust information security policies, procedures and controls. 2. Risk Management Conduct risk assessments to identify potential threats to information security. Implement appropriate security measures to mitigate identified risks. 3. Monitoring and Auditing Conduct regular interval audits to ensure ISO 27001 Compliance Address any non-conformities identified during audits and ensure continuous improvement 4. Incident Management Develop and manage an incident response plan for handling security breaches. Lead investigation into security incidents and coordinate remedies efforts. C.ISO 27701 Privacy Information Management System (PIMS) 1. Development and Implementation Establish, implement the PIMS standards as per ISO 27701 Develop and maintain robust personal data protection policies, procedures and controls 2. Data security and Privacy Regularly review and update data protection policy to align with changing regulation Implement appropriate data protection measures, ensuring that personal data is secured and handled ethically. 3. Monitoring and Auditing Conduct regular interval audits to ensure ISO 27701 Compliance Address any non-conformities identified during audits and ensure continuous improvement 4. Transparency and Accountability Maintain transparent data practices, clearly communicating how personal data is used and stored. Ensure that the organization can demonstrate compliance with data protection principles and respond effectively to data principles request. 5. Training and Awareness Provide training on ISO 27701 standards and train employees on data protection laws DPDP Act 2023, emphasizing their roles and responsibilities as data handlers Promote a culture of privacy and data protection within the organization D. Compliance Management 1. Regulatory Compliance Ensure the organization complies with all relevant legal and regulatory requirements related to quality, privacy information and information security Keep upto date with changes in legislation and standards that impact ISO 9001, ISO 27001 and ISO 27701 2. Documentation and Reporting Maintain comprehensive record of compliance activity, include audit findings, corrective actions and management reviews Prepare and present compliance and quality reports to senior management E. Continuous Improvement 1. Process Optimization Identify opportunities for process improvements for across quality, information security and data protection functions Lead initiatives to enhance organizational practices and promote a culture of continuous improvement 2. Stakeholder Engagement Collaborate with internal and external stakeholders to ensure alignment with these ISO 90001, ISO 27001 and ISO 27701 requirements. Act as a primary contact for all compliance certification such as quality, information security and data protection related matters. Qualification: Bachelor Degree, relevant certifications( ISO 9001 lead auditor, ISO 27001 Lead Auditor, Data Protection Officer) Experience: Proven experience in managing, implementing and getting certification on ISO 9001 and ISO 27001 for atleast 9-11 years of experience Last experience along with ISO 9001 and ISO 27001, preferably in managing ISO 27701 for atleast 2-3 years Experience in conducting audits, vendor assessments/ due diligence with respect to ISMS and data protection as requested by the clients. Leading all compliance initiatives. Compensation 14-16 LPA Timing 9 AM-6 PM, 5 days with 2 alternate Saturdays in a month Key Competencies Functional Strong knowledge of ISO 9001, ISO 27001 and ISO 27701 along with data protection regulations Excellent analytical, problem solving and decision making skills Strong communication skills with ability to influence and lead cross functional teams. Should have excellent presentation skills and should be able to present to senior management High attention to details and strong organizational skills Should be able to conduct and manage audits of different business units within the organization Should be able to manage vendors and possess good negotiation skills

Responsible for Information Security, Governance and Compliance for the IT projects delivered to our customers. End to end project reviews, drive to ensure quality delivery and adherence to compliance. Analyze various data points and work at improvement plan for the project delivery. Ensure projects adhere to standards such as ISO 27001, 27701 and 22301. Effective reporting and follow-up on actions. Skills required: 6 to 8 years of experience in IT Governance, Risk and Compliance for large scale organizations. Strong conceptual knowledge / experience in Project Management and Information Security. Very good at written and oral communication, able to work independently with minimal support. Candidate should be well versed with legacy as well as cutting edge technologies. Experience in certifications such as ISO 27001, 27701 and 22301 is desirable. Experience in documentation of processes and policies. Preferred to have experience in Project Management, Solution Architecture.

A Senior Compliance Executive in a technology department plays a crucial role in ensuring that the organization adheres to various legal, regulatory, and industry-specific standards related to Information Technology and data management such as GDPR, ISO 27001, ISO 27701, SoC2 Type 2, ISO 9001. 1. Regulatory Compliance Monitoring: o Ensure the technology department complies with relevant laws and regulations, such as GDPR, ISO 27001, ISO 27701, SoC2 Type 2, ISO 9001 and other data protection or cybersecurity laws. o Stay updated on new or changing regulations that impact the tech landscape. 2. Policy Development & Enforcement: o Develop and implement internal policies and procedures to ensure compliance with external regulations and internal standards. o Regularly review and update policies to ensure they remain aligned with changing regulations and industry best practices. 3. Risk Management: o Assess risks related to technology operations, particularly data privacy and cybersecurity risks. o Ensure that the tech department implements appropriate security measures to mitigate potential threats and risks. o Conduct regular audits and reviews of IT systems to ensure they meet compliance standards. 4. Training & Awareness: o Educate and train technology teams and other employees on compliance-related matters, such as data security, privacy policies, and risk mitigation strategies. o Promote awareness of compliance issues, helping staff understand their responsibilities in maintaining compliance. 5. Audit & Reporting: o Prepare reports for management, regulators, or auditors, demonstrating compliance with relevant regulations and policies. o Coordinate internal and external audits related to technology compliance. o Implement corrective actions where necessary to address non-compliance findings. 6. Data Privacy Management: o Oversee data protection strategies and ensure proper handling of sensitive information, including encryption, access control, and data retention policies. o Manage consent collection and user privacy preferences in accordance with privacy regulations. 7. Incident Management: o Oversee the handling of data breaches or other incidents that might affect compliance, ensuring timely reporting and response in accordance with regulatory requirements. o Coordinate with relevant authorities if there is a need to disclose any breaches or security incidents.

A Senior Compliance Executive in a technology department plays a crucial role in ensuring that the organization adheres to various legal, regulatory, and industry-specific standards related to Information Technology and data management such as GDPR, ISO 27001, ISO 27701, SoC2 Type 2, ISO 9001. 1. Regulatory Compliance Monitoring: o Ensure the technology department complies with relevant laws and regulations, such as GDPR, ISO 27001, ISO 27701, SoC2 Type 2, ISO 9001 and other data protection or cybersecurity laws. o Stay updated on new or changing regulations that impact the tech landscape. 2. Policy Development & Enforcement: o Develop and implement internal policies and procedures to ensure compliance with external regulations and internal standards. o Regularly review and update policies to ensure they remain aligned with changing regulations and industry best practices. 3. Risk Management: o Assess risks related to technology operations, particularly data privacy and cybersecurity risks. o Ensure that the tech department implements appropriate security measures to mitigate potential threats and risks. o Conduct regular audits and reviews of IT systems to ensure they meet compliance standards. 4. Training & Awareness: o Educate and train technology teams and other employees on compliance-related matters, such as data security, privacy policies, and risk mitigation strategies. o Promote awareness of compliance issues, helping staff understand their responsibilities in maintaining compliance. 5. Audit & Reporting: o Prepare reports for management, regulators, or auditors, demonstrating compliance with relevant regulations and policies. o Coordinate internal and external audits related to technology compliance. o Implement corrective actions where necessary to address non-compliance findings. 6. Data Privacy Management: o Oversee data protection strategies and ensure proper handling of sensitive information, including encryption, access control, and data retention policies. o Manage consent collection and user privacy preferences in accordance with privacy regulations. 7. Incident Management: o Oversee the handling of data breaches or other incidents that might affect compliance, ensuring timely reporting and response in accordance with regulatory requirements. o Coordinate with relevant authorities if there is a need to disclose any breaches or security incidents.

This role will implement and manage data privacy tools and controls, support compliance with UAE and International data protection laws and promote responsible data governance practices across the groups.

Assist the team in planning engagements, conducting fieldwork, discussing findings and observations with the clients, preparing work papers to support conclusions and preparing written reports. Conduct IT, Data Privacy & Information Security audits. Develop policies and procedures inline with Information Security & Privacy international and local standards. Attend preliminary meetings with clients; offer advice and develop a client understanding for the overall service process; communicate access and information requirements. Support Engagement partners and Directors to lead business development initiatives including, but not limited to, review pre-engagement activities, contracting and setting up meetings with prospective clients. Keeping up to date with developments in Technology, UAE markets, relevant professional standards (eg: ISO 27001, Data Privacy Law etc.) and specific industry sectors. Pursuit of highest professional standards, specialist skills in technology and credibility in the market through continuous professional education, certification, contributions to professional groups and appropriate networking. Contribute towards managing the overall client service delivery in accordance with BDO quality guidelines & methodologies. Contribute towards managing accounts on a day-to-day basis & explore new business opportunities for the firm. Maintain professional relations with clients, answer queries, offer expert advice. Ensure thorough project documentation and maintain electronic filing in accordance to BDO guidelines. Complete project assignments with minimum supervision and within the timelines provided by the management. Required Skills: Bachelors degree in Computer science, Engineering, or related field Post-qualification work experience of 6 to 8 years, with at-least 6-year experience in implementing the regulatory & compliance framework requirements (e.g. ISO 27001, ISO 27701, GDPR, ADHICS) Experience in international and local regulatory requirements related to Data Privacy & Protection Two (2) or more industry certifications strongly preferred. Example certifications include: CISA, CISSP, CIPM/CIPP, CISM, CCSP