13 Iso 27701 Jobs

Line of Service Advisory Industry/Sector Not Applicable Specialism Risk Management Level Associate Job Description & Summary At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. Those in internal audit at PwC help build, optimise and deliver end-to-end internal audit services to clients in all industries. This includes IA function setup and transformation, co-sourcing, outsourcing and managed services, using AI and other risk technology and delivery models. IA capabilities are combined with other industry and technical expertise, in areas like cyber, forensics and compliance, to address the full spectrum of risks. This helps organisations to harness the power of IA to help the organisation protect value and navigate disruption, and obtain confidence to take risks to power growth. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firms growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " JOB DESCRIPTION ITGC Reviews, IT Internal Audits, Controls Testing, Compliance Reviews, ISO 27001 Reviews, HIPAA/ HITRUST Reviews Location: Mumbai Department: Risk Consulting Purpose of the Job /Role Perform IT Assessment Reviews which includes IT General Controls, Internal Audits, Controls Testing, Compliance Reviews (such as ISO 27001, HIPAA, HITRUST etc.) Responsibilities Strong understanding of IT General Controls domains such as Change Management ,User Access Management, IT Operations, Back and Recovery Management etc Strong understanding of the third-party risk management Implementation and assessment knowledge of various industry standards, frameworks, and compliances such as ISO 27001, HIPAA, HITRUST, ISO 22301, ISO 27701 etc Understanding of the IT Risk Assessment methodologies and ability to comprehend and apply the knowledge during IT assessment lifecycle Interview client stakeholders and conducts walkthrough meetings and develop assessment artifacts Should understand complete assessment lifecycle from assessment scoping to project deliverables Great communication skills and the ability to break down and explain complex data security problems Excellent presentation skills and ability to effectively communicate proposals and point of view at senior management levels. Mandatory Skill Sets ITGC Preferred Skill Sets ITAC Years Of Experience Required 4 years Education Qualification: BE/ BTech Postgraduates in any stream would be preferred (not mandatory) Prior Big 4 experience would be an added advantage Experience in IT Risk Advisory/ Assurance for varied industry segments preferred Excellent communication skills - both written and oral Certifications: CIA/CISA/CISM will be added advantageB.Tech/MBA Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Technology, Master of Business Administration Degrees/Field Of Study Preferred Certifications (if blank, certifications not specified) Required Skills ITGC Optional Skills Accepting Feedback, Accepting Feedback, Accounting and Financial Reporting Standards, Active Listening, Artificial Intelligence (AI) Platform, Auditing, Auditing Methodologies, Business Process Improvement, Communication, Compliance Auditing, Corporate Governance, Data Analysis and Interpretation, Data Ingestion, Data Modeling, Data Quality, Data Security, Data Transformation, Data Visualization, Emotional Regulation, Empathy, Financial Accounting, Financial Audit, Financial Reporting, Financial Statement Analysis, Generally Accepted Accounting Principles (GAAP) + 19 more Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship No Government Clearance Required No Job Posting End Date Show more Show less

Conduct current state assessments of Clients Data Privacy program against leading standards/ frameworks such as ISO 27701, NIST DPF, GAPP and applicable privacy laws and regulations. Design Data Privacy Program Strategy and Roadmap. Design and Develop the Data Privacy Framework. Experience with IT/ITES/ CSP, data privacy related experience in such sectors are a Value add. Strong knowledge on global data privacy regulations especially GDPR, Middle East Privacy Laws, and GAPP. Ability to work independently and in a team environment with both the local and global Compliance and Legal teams and the information security teams. Educational Professional Credentials At minimum 4+ experience in Information Security with a minimum of 3+ years of working experience in Data Privacy projects. Bachelors or masters degree in cyber law, IT, computer science, Software engineering, or Data Privacy. Certifications like CIPP, CIPM, ISO 27701 LI are a Value add. Required Knowledge Skills Excellent written and verbal communication skills. Should have knowledge on DPDP Act and GDPR.

Conduct current state assessments of Clients Data Privacy program against leading standards/ frameworks such as ISO 27701, NIST DPF, GAPP and applicable privacy laws and regulations. Design Data Privacy Program Strategy and Roadmap. Design and Develop the Data Privacy Framework. Experience with IT/ITES/ CSP, data privacy related experience in such sectors are a Value add. Strong knowledge on global data privacy regulations especially GDPR, Middle East Privacy Laws, and GAPP. Ability to work independently and in a team environment with both the local and global Compliance and Legal teams and the information security teams. Educational Professional Credentials At minimum 4+ experience in Information Security with a minimum of 3+ years of working experience in Data Privacy projects. Bachelors or masters degree in cyber law, IT, computer science, Software engineering, or Data Privacy. Certifications like CIPP, CIPM, ISO 27701 LI are a Value add. Required Knowledge Skills Excellent written and verbal communication skills. Should have knowledge on DPDP Act and GDPR.

A Senior Compliance Executive in a technology department plays a crucial role in ensuring that the organization adheres to various legal, regulatory, and industry-specific standards related to Information Technology and data management such as GDPR, ISO 27001, ISO 27701, SoC2 Type 2, ISO 9001. 1. Regulatory Compliance Monitoring: o Ensure the technology department complies with relevant laws and regulations, such as GDPR, ISO 27001, ISO 27701, SoC2 Type 2, ISO 9001 and other data protection or cybersecurity laws. o Stay updated on new or changing regulations that impact the tech landscape. 2. Policy Development & Enforcement: o Develop and implement internal policies and procedures to ensure compliance with external regulations and internal standards. o Regularly review and update policies to ensure they remain aligned with changing regulations and industry best practices. 3. Risk Management: o Assess risks related to technology operations, particularly data privacy and cybersecurity risks. o Ensure that the tech department implements appropriate security measures to mitigate potential threats and risks. o Conduct regular audits and reviews of IT systems to ensure they meet compliance standards. 4. Training & Awareness: o Educate and train technology teams and other employees on compliance-related matters, such as data security, privacy policies, and risk mitigation strategies. o Promote awareness of compliance issues, helping staff understand their responsibilities in maintaining compliance. 5. Audit & Reporting: o Prepare reports for management, regulators, or auditors, demonstrating compliance with relevant regulations and policies. o Coordinate internal and external audits related to technology compliance. o Implement corrective actions where necessary to address non-compliance findings. 6. Data Privacy Management: o Oversee data protection strategies and ensure proper handling of sensitive information, including encryption, access control, and data retention policies. o Manage consent collection and user privacy preferences in accordance with privacy regulations. 7. Incident Management: o Oversee the handling of data breaches or other incidents that might affect compliance, ensuring timely reporting and response in accordance with regulatory requirements. o Coordinate with relevant authorities if there is a need to disclose any breaches or security incidents.

Position Summary The Compliance, Quality & Data Fiduciary Manager is responsible for ensuring the organizations compliance with ISO 9001 (Quality Management System), ISO 27001 (Information Security Management System) standards, also fulfilling the duties of data fiduciary. This role involves managing the quality and information security frameworks, ensuring data protection & privacy compliance and overseeing all related processes to maintain the highest standards of integrity and trust. Area of Responsibility A . ISO 9001Quality Management System (QMS) 1. Design, Development and Implementation Design, implement and maintain QMS in accordance with ISO 9001 standards Develop and document quality policies, procedures and processes which are aligned with prevailing ISO 9001 standards. 2. Monitoring and Auditing Conduct regular interval audits to ensure ISO 9001 Compliance Monitor key performance indicators(KPIs) to access and improve effectiveness of QMS Lead continuous improvement initiatives in quality management 3. Training and Awareness Provide training on ISO 9001 standards and quality management best practices Ensure all employees understand their role within the QMS framework B.ISO 27001 Information Security Management System (ISMS) 1. Development and Implementation Establish, implement the ISMS standards as per ISO 27001 Develop and maintain robust information security policies, procedures and controls. 2. Risk Management Conduct risk assessments to identify potential threats to information security. Implement appropriate security measures to mitigate identified risks. 3. Monitoring and Auditing Conduct regular interval audits to ensure ISO 27001 Compliance Address any non-conformities identified during audits and ensure continuous improvement 4. Incident Management Develop and manage an incident response plan for handling security breaches. Lead investigation into security incidents and coordinate remedies efforts. C.ISO 27701 Privacy Information Management System (PIMS) 1. Development and Implementation Establish, implement the PIMS standards as per ISO 27701 Develop and maintain robust personal data protection policies, procedures and controls 2. Data security and Privacy Regularly review and update data protection policy to align with changing regulation Implement appropriate data protection measures, ensuring that personal data is secured and handled ethically. 3. Monitoring and Auditing Conduct regular interval audits to ensure ISO 27701 Compliance Address any non-conformities identified during audits and ensure continuous improvement 4. Transparency and Accountability Maintain transparent data practices, clearly communicating how personal data is used and stored. Ensure that the organization can demonstrate compliance with data protection principles and respond effectively to data principles request. 5. Training and Awareness Provide training on ISO 27701 standards and train employees on data protection laws DPDP Act 2023, emphasizing their roles and responsibilities as data handlers Promote a culture of privacy and data protection within the organization D. Compliance Management 1. Regulatory Compliance Ensure the organization complies with all relevant legal and regulatory requirements related to quality, privacy information and information security Keep up-to date with changes in legislation and standards that impact ISO 9001, ISO 27001 and ISO 27701 2. Documentation and Reporting Maintain comprehensive record of compliance activity, include audit findings, corrective actions and management reviews Prepare and present compliance and quality reports to senior management E. Continuous Improvement 1. Process Optimization Identify opportunities for process improvements for across quality, information security and data protection functions Lead initiatives to enhance organizational practices and promote a culture of continuous improvement 2. Stakeholder Engagement Collaborate with internal and external stakeholders to ensure alignment with these ISO 90001, ISO 27001 and ISO 27701 requirements. Act as a primary contact for all compliance certification such as quality, information security and data protection related matters. Qualification: Bachelor Degree, relevant certifications( ISO 9001 lead auditor, ISO 27001 Lead Auditor, Data Protection Officer) Shift Timing 9 AM-6 PM, 5 days with 2 alternate Saturdays in a month Experience: Proven experience in managing, implementing and getting certification on ISO 9001 and ISO 27001 for at least 9 -12 years of experience Last experience along with ISO 9001 and ISO 27001, preferably in managing ISO 27701 for at least 2-3 years Experience in conducting audits, vendor assessments/ due diligence with respect to ISMS and data protection as requested by the clients. Leading all compliance initiatives. Key Competencies Functional Strong knowledge of ISO 9001, ISO 27001 and ISO 27701 along with data protection regulations Excellent analytical, problem solving and decision making skills Strong communication skills with ability to influence and lead cross functional teams. Should have excellent presentation skills and should be able to present to senior management High attention to details and strong organizational skills Should be able to conduct and manage audits of different business units within the organization Should be able to manage vendors and possess good negotiation skills Perks: Health & Wellness Work-Life Balance Recognition & Awards Collaborative Culture Learning & Development Professional Growth

Position Summary The Compliance, Quality & Data Fiduciary Manager is responsible for ensuring the organizations compliance with ISO 9001 (Quality Management System), ISO 27001 (Information Security Management System) standards, also fulfilling the duties of data fiduciary. This role involves managing the quality and information security frameworks, ensuring data protection & privacy compliance and overseeing all related processes to maintain the highest standards of integrity and trust. Area of Responsibility A . ISO 9001Quality Management System (QMS) 1. Design, Development and Implementation Design, implement and maintain QMS in accordance with ISO 9001 standards Develop and document quality policies, procedures and processes which are aligned with prevailing ISO 9001 standards. 2. Monitoring and Auditing Conduct regular interval audits to ensure ISO 9001 Compliance Monitor key performance indicators(KPIs) to access and improve effectiveness of QMS Lead continuous improvement initiatives in quality management 3. Training and Awareness Provide training on ISO 9001 standards and quality management best practices Ensure all employees understand their role within the QMS framework B.ISO 27001 Information Security Management System (ISMS) 1. Development and Implementation Establish, implement the ISMS standards as per ISO 27001 Develop and maintain robust information security policies, procedures and controls. 2. Risk Management Conduct risk assessments to identify potential threats to information security. Implement appropriate security measures to mitigate identified risks. 3. Monitoring and Auditing Conduct regular interval audits to ensure ISO 27001 Compliance Address any non-conformities identified during audits and ensure continuous improvement 4. Incident Management Develop and manage an incident response plan for handling security breaches. Lead investigation into security incidents and coordinate remedies efforts. C.ISO 27701 Privacy Information Management System (PIMS) 1. Development and Implementation Establish, implement the PIMS standards as per ISO 27701 Develop and maintain robust personal data protection policies, procedures and controls 2. Data security and Privacy Regularly review and update data protection policy to align with changing regulation Implement appropriate data protection measures, ensuring that personal data is secured and handled ethically. 3. Monitoring and Auditing Conduct regular interval audits to ensure ISO 27701 Compliance Address any non-conformities identified during audits and ensure continuous improvement 4. Transparency and Accountability Maintain transparent data practices, clearly communicating how personal data is used and stored. Ensure that the organization can demonstrate compliance with data protection principles and respond effectively to data principles request. 5. Training and Awareness Provide training on ISO 27701 standards and train employees on data protection laws DPDP Act 2023, emphasizing their roles and responsibilities as data handlers Promote a culture of privacy and data protection within the organization D. Compliance Management 1. Regulatory Compliance Ensure the organization complies with all relevant legal and regulatory requirements related to quality, privacy information and information security Keep up-to date with changes in legislation and standards that impact ISO 9001, ISO 27001 and ISO 27701 2. Documentation and Reporting Maintain comprehensive record of compliance activity, include audit findings, corrective actions and management reviews Prepare and present compliance and quality reports to senior management E. Continuous Improvement 1. Process Optimization Identify opportunities for process improvements for across quality, information security and data protection functions Lead initiatives to enhance organizational practices and promote a culture of continuous improvement 2. Stakeholder Engagement Collaborate with internal and external stakeholders to ensure alignment with these ISO 90001, ISO 27001 and ISO 27701 requirements. Act as a primary contact for all compliance certification such as quality, information security and data protection related matters. Qualification: Bachelor Degree, relevant certifications( ISO 9001 lead auditor, ISO 27001 Lead Auditor, Data Protection Officer) Shift Timing 9 AM-6 PM, 5 days with 2 alternate Saturdays in a month Experience: Proven experience in managing, implementing and getting certification on ISO 9001 and ISO 27001 for at least 10 -12 years of experience Last experience along with ISO 9001 and ISO 27001, preferably in managing ISO 27701 for at least 2-3 years Experience in conducting audits, vendor assessments/ due diligence with respect to ISMS and data protection as requested by the clients. Leading all compliance initiatives. Key Competencies Functional Strong knowledge of ISO 9001, ISO 27001 and ISO 27701 along with data protection regulations Excellent analytical, problem solving and decision making skills Strong communication skills with ability to influence and lead cross functional teams. Should have excellent presentation skills and should be able to present to senior management High attention to details and strong organizational skills Should be able to conduct and manage audits of different business units within the organization Should be able to manage vendors and possess good negotiation skills Perks: Health & Wellness Work-Life Balance Recognition & Awards Collaborative Culture Learning & Development Professional Growth

The Compliance, Quality & Data Fiduciary Manager is responsible for ensuring the organizations compliance with ISO 9001 (Quality Management System), ISO 27001 (Information Security Management System) standards, also fulfilling the duties of data fiduciary. This role involves managing the quality and information security frameworks, ensuring data protection & privacy compliance and overseeing all related processes to maintain the highest standards of integrity and trust. Responsibilities: A . ISO 9001Quality Management System (QMS) Design, Development and Implementation Design, implement and maintain QMS in accordance with ISO 9001 standards Develop and document quality policies, procedures and processes which are aligned with prevailing ISO 9001 standards. Monitoring and Auditing Conduct regular interval audits to ensure ISO 9001 Compliance Monitor key performance indicators (KPIs) to access and improve effectiveness of QMS Lead continuous improvement initiatives in quality management Training and Awareness Provide training on ISO 9001 standards and quality management best practices Ensure all employees understand their role within the QMS framework B. ISO 27001 Information Security Management System (ISMS) Development and Implementation Establish, implement the ISMS standards as per ISO 27001 Develop and maintain robust information security policies, procedures and controls. Risk Management Conduct risk assessments to identify potential threats to information security. Implement appropriate security measures to mitigate identified risks. Monitoring and Auditing Conduct regular interval audits to ensure ISO 27001 Compliance Address any non-conformities identified during audits and ensure continuous improvement Incident Management Develop and manage an incident response plan for handling security breaches. Lead investigation into security incidents and coordinate remedies efforts. C. ISO 27701 Privacy Information Management System (PIMS) Development and Implementation Establish, implement the PIMS standards as per ISO 27701 Develop and maintain robust personal data protection policies, procedures and controls Data security and Privacy Regularly review and update data protection policy to align with changing regulation Implement appropriate data protection measures, ensuring that personal data is secured and handled ethically. Monitoring and Auditing Conduct regular interval audits to ensure ISO 27701 Compliance Address any non-conformities identified during audits and ensure continuous improvement Transparency and Accountability Maintain transparent data practices, clearly communicating how personal data is used and stored. Ensure that the organization can demonstrate compliance with data protection principles and respond effectively to data principles request. D. Training and Awareness Provide training on ISO 27701 standards and train employees on data protection laws DPDP Act 2023, emphasizing their roles and responsibilities as data handlers Promote a culture of privacy and data protection within the organization E. Compliance Management Regulatory Compliance Ensure the organization complies with all relevant legal and regulatory requirements related to quality, privacy information and information security Keep up to date with changes in legislation and standards that impact ISO 9001, ISO 27001 and ISO 27701 Documentation and Reporting Maintain comprehensive record of compliance activity, include audit findings, corrective actions and management reviews Prepare and present compliance and quality reports to senior management F. Continuous Improvement Process Optimization Identify opportunities for process improvements for across quality, information security and data protection functions Lead initiatives to enhance organizational practices and promote a culture of continuous improvement G. Stakeholder Engagement Collaborate with internal and external stakeholders to ensure alignment with these ISO 90001, ISO 27001 and ISO 27701 requirements. Act as a primary contact for all compliance certification such as quality, information security and data protection related matters. Preferred candidate profile Key Competencies: Functional Strong knowledge of ISO 9001, ISO 27001 and ISO 27701 along with data protection regulations Excellent analytical, problem solving and decision-making skills Strong communication skills with ability to influence and lead cross functional teams Should have excellent presentation skills and should be able to present to senior management High attention to details and strong organizational skills Should be able to conduct and manage audits of different business units within the organization Should be able to manage vendors and possess good negotiation skills Experience: Proven experience in managing, implementing and getting certification on ISO 9001 and ISO 27001 for at least 9-11 years of experience Last experience along with ISO 9001 and ISO 27001, preferably in managing ISO 27701 for at least 2-3 years Experience in conducting audits, vendor assessments/ due diligence with respect to ISMS and data protection as requested by the clients. Leading all compliance initiatives Must possess strong technical knowledge and hands-on experience in cybersecurity and data security product lines. This includes expertise in implementing and managing security solutions to protect organizational assets and data

Assist the team in planning engagements, conducting fieldwork, discussing findings and observations with the clients, preparing work papers to support conclusions and preparing written reports. Conduct IT, Data Privacy & Information Security audits. Develop policies and procedures inline with Information Security & Privacy international and local standards. Attend preliminary meetings with clients; offer advice and develop a client understanding for the overall service process; communicate access and information requirements. Support Engagement partners and Directors to lead business development initiatives including, but not limited to, review pre-engagement activities, contracting and setting up meetings with prospective clients. Keeping up to date with developments in Technology, UAE markets, relevant professional standards (eg: ISO 27001, Data Privacy Law etc.) and specific industry sectors. Pursuit of highest professional standards, specialist skills in technology and credibility in the market through continuous professional education, certification, contributions to professional groups and appropriate networking. Contribute towards managing the overall client service delivery in accordance with BDO quality guidelines & methodologies. Contribute towards managing accounts on a day-to-day basis & explore new business opportunities for the firm. Maintain professional relations with clients, answer queries, offer expert advice. Ensure thorough project documentation and maintain electronic filing in accordance to BDO guidelines. Complete project assignments with minimum supervision and within the timelines provided by the management. Required Skills: Bachelors degree in Computer science, Engineering, or related field Post-qualification work experience of 6 to 8 years, with at-least 6-year experience in implementing the regulatory & compliance framework requirements (e.g. ISO 27001, ISO 27701, GDPR, ADHICS) Experience in international and local regulatory requirements related to Data Privacy & Protection Two (2) or more industry certifications strongly preferred. Example certifications include: CISA, CISSP, CIPM/CIPP, CISM, CCSP

Position Summary The Compliance, Quality & Data Fiduciary Manager is responsible for ensuring the organizations compliance with ISO 9001 (Quality Management System), ISO 27001 (Information Security Management System) standards, also fulfilling the duties of data fiduciary. This role involves managing the quality and information security frameworks, ensuring data protection & privacy compliance and overseeing all related processes to maintain the highest standards of integrity and trust. Area of Responsibility A . ISO 9001Quality Management System (QMS) 1. Design, Development and Implementation Design, implement and maintain QMS in accordance with ISO 9001 standards Develop and document quality policies, procedures and processes which are aligned with prevailing ISO 9001 standards. 2. Monitoring and Auditing Conduct regular interval audits to ensure ISO 9001 Compliance Monitor key performance indicators(KPIs) to access and improve effectiveness of QMS Lead continuous improvement initiatives in quality management 3. Training and Awareness Provide training on ISO 9001 standards and quality management best practices Ensure all employees understand their role within the QMS framework B.ISO 27001 Information Security Management System (ISMS) 1. Development and Implementation Establish, implement the ISMS standards as per ISO 27001 Develop and maintain robust information security policies, procedures and controls. 2. Risk Management Conduct risk assessments to identify potential threats to information security. Implement appropriate security measures to mitigate identified risks. 3. Monitoring and Auditing Conduct regular interval audits to ensure ISO 27001 Compliance Address any non-conformities identified during audits and ensure continuous improvement 4. Incident Management Develop and manage an incident response plan for handling security breaches. Lead investigation into security incidents and coordinate remedies efforts. C.ISO 27701 Privacy Information Management System (PIMS) 1. Development and Implementation Establish, implement the PIMS standards as per ISO 27701 Develop and maintain robust personal data protection policies, procedures and controls 2. Data security and Privacy Regularly review and update data protection policy to align with changing regulation Implement appropriate data protection measures, ensuring that personal data is secured and handled ethically. 3. Monitoring and Auditing Conduct regular interval audits to ensure ISO 27701 Compliance Address any non-conformities identified during audits and ensure continuous improvement 4. Transparency and Accountability Maintain transparent data practices, clearly communicating how personal data is used and stored. Ensure that the organization can demonstrate compliance with data protection principles and respond effectively to data principles request. 5. Training and Awareness Provide training on ISO 27701 standards and train employees on data protection laws DPDP Act 2023, emphasizing their roles and responsibilities as data handlers Promote a culture of privacy and data protection within the organization D. Compliance Management 1. Regulatory Compliance Ensure the organization complies with all relevant legal and regulatory requirements related to quality, privacy information and information security Keep upto date with changes in legislation and standards that impact ISO 9001, ISO 27001 and ISO 27701 2. Documentation and Reporting Maintain comprehensive record of compliance activity, include audit findings, corrective actions and management reviews Prepare and present compliance and quality reports to senior management E. Continuous Improvement 1. Process Optimization Identify opportunities for process improvements for across quality, information security and data protection functions Lead initiatives to enhance organizational practices and promote a culture of continuous improvement 2. Stakeholder Engagement Collaborate with internal and external stakeholders to ensure alignment with these ISO 90001, ISO 27001 and ISO 27701 requirements. Act as a primary contact for all compliance certification such as quality, information security and data protection related matters. Qualification: Bachelor Degree, relevant certifications( ISO 9001 lead auditor, ISO 27001 Lead Auditor, Data Protection Officer) Experience: Proven experience in managing, implementing and getting certification on ISO 9001 and ISO 27001 for atleast 9-11 years of experience Last experience along with ISO 9001 and ISO 27001, preferably in managing ISO 27701 for atleast 2-3 years Experience in conducting audits, vendor assessments/ due diligence with respect to ISMS and data protection as requested by the clients. Leading all compliance initiatives. Compensation 14-16 LPA Timing 9 AM-6 PM, 5 days with 2 alternate Saturdays in a month Key Competencies Functional Strong knowledge of ISO 9001, ISO 27001 and ISO 27701 along with data protection regulations Excellent analytical, problem solving and decision making skills Strong communication skills with ability to influence and lead cross functional teams. Should have excellent presentation skills and should be able to present to senior management High attention to details and strong organizational skills Should be able to conduct and manage audits of different business units within the organization Should be able to manage vendors and possess good negotiation skills

Responsible for Information Security, Governance and Compliance for the IT projects delivered to our customers. End to end project reviews, drive to ensure quality delivery and adherence to compliance. Analyze various data points and work at improvement plan for the project delivery. Ensure projects adhere to standards such as ISO 27001, 27701 and 22301. Effective reporting and follow-up on actions. Skills required: 6 to 8 years of experience in IT Governance, Risk and Compliance for large scale organizations. Strong conceptual knowledge / experience in Project Management and Information Security. Very good at written and oral communication, able to work independently with minimal support. Candidate should be well versed with legacy as well as cutting edge technologies. Experience in certifications such as ISO 27001, 27701 and 22301 is desirable. Experience in documentation of processes and policies. Preferred to have experience in Project Management, Solution Architecture.

A Senior Compliance Executive in a technology department plays a crucial role in ensuring that the organization adheres to various legal, regulatory, and industry-specific standards related to Information Technology and data management such as GDPR, ISO 27001, ISO 27701, SoC2 Type 2, ISO 9001. 1. Regulatory Compliance Monitoring: o Ensure the technology department complies with relevant laws and regulations, such as GDPR, ISO 27001, ISO 27701, SoC2 Type 2, ISO 9001 and other data protection or cybersecurity laws. o Stay updated on new or changing regulations that impact the tech landscape. 2. Policy Development & Enforcement: o Develop and implement internal policies and procedures to ensure compliance with external regulations and internal standards. o Regularly review and update policies to ensure they remain aligned with changing regulations and industry best practices. 3. Risk Management: o Assess risks related to technology operations, particularly data privacy and cybersecurity risks. o Ensure that the tech department implements appropriate security measures to mitigate potential threats and risks. o Conduct regular audits and reviews of IT systems to ensure they meet compliance standards. 4. Training & Awareness: o Educate and train technology teams and other employees on compliance-related matters, such as data security, privacy policies, and risk mitigation strategies. o Promote awareness of compliance issues, helping staff understand their responsibilities in maintaining compliance. 5. Audit & Reporting: o Prepare reports for management, regulators, or auditors, demonstrating compliance with relevant regulations and policies. o Coordinate internal and external audits related to technology compliance. o Implement corrective actions where necessary to address non-compliance findings. 6. Data Privacy Management: o Oversee data protection strategies and ensure proper handling of sensitive information, including encryption, access control, and data retention policies. o Manage consent collection and user privacy preferences in accordance with privacy regulations. 7. Incident Management: o Oversee the handling of data breaches or other incidents that might affect compliance, ensuring timely reporting and response in accordance with regulatory requirements. o Coordinate with relevant authorities if there is a need to disclose any breaches or security incidents.

A Senior Compliance Executive in a technology department plays a crucial role in ensuring that the organization adheres to various legal, regulatory, and industry-specific standards related to Information Technology and data management such as GDPR, ISO 27001, ISO 27701, SoC2 Type 2, ISO 9001. 1. Regulatory Compliance Monitoring: o Ensure the technology department complies with relevant laws and regulations, such as GDPR, ISO 27001, ISO 27701, SoC2 Type 2, ISO 9001 and other data protection or cybersecurity laws. o Stay updated on new or changing regulations that impact the tech landscape. 2. Policy Development & Enforcement: o Develop and implement internal policies and procedures to ensure compliance with external regulations and internal standards. o Regularly review and update policies to ensure they remain aligned with changing regulations and industry best practices. 3. Risk Management: o Assess risks related to technology operations, particularly data privacy and cybersecurity risks. o Ensure that the tech department implements appropriate security measures to mitigate potential threats and risks. o Conduct regular audits and reviews of IT systems to ensure they meet compliance standards. 4. Training & Awareness: o Educate and train technology teams and other employees on compliance-related matters, such as data security, privacy policies, and risk mitigation strategies. o Promote awareness of compliance issues, helping staff understand their responsibilities in maintaining compliance. 5. Audit & Reporting: o Prepare reports for management, regulators, or auditors, demonstrating compliance with relevant regulations and policies. o Coordinate internal and external audits related to technology compliance. o Implement corrective actions where necessary to address non-compliance findings. 6. Data Privacy Management: o Oversee data protection strategies and ensure proper handling of sensitive information, including encryption, access control, and data retention policies. o Manage consent collection and user privacy preferences in accordance with privacy regulations. 7. Incident Management: o Oversee the handling of data breaches or other incidents that might affect compliance, ensuring timely reporting and response in accordance with regulatory requirements. o Coordinate with relevant authorities if there is a need to disclose any breaches or security incidents.

This role will implement and manage data privacy tools and controls, support compliance with UAE and International data protection laws and promote responsible data governance practices across the groups.