IT Security & Data Protection Officer
1. Information Security Management<\/span>
<\/h3>- Develop, implement, and maintain IT security policies, standards, and procedures<\/span>
<\/li>- Monitor systems for vulnerabilities, threats, and breaches<\/span>
<\/li>- Conduct regular security audits, risk assessments, and penetration testing<\/span>
<\/li>- Assist in conducting ISO27001 audits with internal and external auditors<\/span>
<\/li>- Experience in breach handling procedures<\/span>
<\/li>- Working knowledge of India IT act for compliances<\/span>
<\/li>- Ensure endpoint, network, and cloud security across all platforms<\/span>
<\/li><\/ul>2. Data Protection & Privacy Compliance<\/span>
<\/h3>- Act as the <\/span>Data Protection Officer (DPO)<\/b> <\/span>under applicable laws (e.g., DPDP Act, GDPR where applicable)<\/span>
<\/li>- Ensure compliance with data protection regulations and donor requirements<\/span>
<\/li>- Define and implement data <\/span><\/span>inventory, <\/span>classification, retention, and access policies<\/span><\/span>
<\/li>- Ensure compliance to consent handling and management procedures<\/span>
<\/li>- Handle data subject requests and privacy\-related incidents<\/span>
<\/li><\/ul>3. Risk Management & Governance<\/span>
<\/h3>- Identify and mitigate IT and data security risks across projects and operations<\/span>
<\/li>- Maintain a IT security framework with focus on risk registers and BIA<\/span>
<\/li>- Ensure compliance to IT general controls in place<\/span>
<\/li>- Develop incident response and disaster recovery plans<\/span>
<\/li>- Maintain risk registers and report to leadership<\/span>
<\/li><\/ul>4. Stakeholder & Vendor Management<\/span>
<\/h3>- Work with internal teams, partners, and vendors to ensure secure data handling<\/span>
<\/li>- Review third\-party contracts for data protection and security clauses<\/span>
<\/li>- Conduct vendor security assessments<\/span>
<\/li><\/ul>5. Awareness & Training<\/span>
<\/h3>- Conduct regular cybersecurity and data privacy awareness programs for staff<\/span>
<\/li>- Promote best practices for secure usage of IT systems<\/span>
<\/li><\/ul>6. Monitoring & Reporting<\/span>
<\/h3>- Track and report security incidents, compliance status, and KPIs<\/span>
<\/li>- Prepare periodic reports for leadership and audits<\/span>
<\/li><\/ul>
<\/div><\/span>
Requirements<\/h3>Required Qualifications<\/span>
<\/h2>- Bachelor\u2019s/Master\u2019s degree in Computer Science, Information Security, or related field<\/span>
<\/li>- Certifications preferred: <\/span>CISSP,<\/b><\/span> <\/span>CISA, <\/span>CISM, CEH, ISO 27001 Lead Implementer/Auditor, or equivalent<\/span><\/span><\/b>
<\/li><\/ul>Experience<\/span>
<\/h2>- 5\u201310 years<\/span><\/b> <\/span>of experience in IT security, cybersecurity, or data protection<\/span>
<\/li>- Experience in <\/span>NGO / social sector / large distributed environments<\/b> <\/span>is a plus<\/span>
<\/li>- Familiarity with cloud platforms (AWS/Azure/Google Cloud)<\/span>
<\/li><\/ul>Key Skills<\/span>
<\/h2>- Strong understanding of cybersecurity frameworks (ISO 27001, NIST, etc.)<\/span>
<\/li>- Knowledge of data protection laws (DPDP Act, GDPR basics)<\/span>
<\/li>- Risk assessment and incident response expertise<\/span>
<\/li>- Vendor risk management<\/span>
<\/li>- Excellent communication and stakeholder management<\/span>
<\/li><\/ul>Preferred Attributes<\/span>
<\/h2>- Ability to work in a mission\-driven, resource\-constrained environment<\/span>
<\/li>- High ethical standards and integrity<\/span>
<\/li>- Problem\-solving mindset with attention to detail<\/span>
<\/li><\/ul>
<\/div><\/span>
<\/li>
<\/li>
<\/li>
<\/li>
<\/li>
<\/li>
<\/li><\/ul>
2. Data Protection & Privacy Compliance<\/span>
<\/h3>- Act as the <\/span>Data Protection Officer (DPO)<\/b> <\/span>under applicable laws (e.g., DPDP Act, GDPR where applicable)<\/span>
<\/li>- Ensure compliance with data protection regulations and donor requirements<\/span>
<\/li>- Define and implement data <\/span><\/span>inventory, <\/span>classification, retention, and access policies<\/span><\/span>
<\/li>- Ensure compliance to consent handling and management procedures<\/span>
<\/li>- Handle data subject requests and privacy\-related incidents<\/span>
<\/li><\/ul>3. Risk Management & Governance<\/span>
<\/h3>- Identify and mitigate IT and data security risks across projects and operations<\/span>
<\/li>- Maintain a IT security framework with focus on risk registers and BIA<\/span>
<\/li>- Ensure compliance to IT general controls in place<\/span>
<\/li>- Develop incident response and disaster recovery plans<\/span>
<\/li>- Maintain risk registers and report to leadership<\/span>
<\/li><\/ul>4. Stakeholder & Vendor Management<\/span>
<\/h3>- Work with internal teams, partners, and vendors to ensure secure data handling<\/span>
<\/li>- Review third\-party contracts for data protection and security clauses<\/span>
<\/li>- Conduct vendor security assessments<\/span>
<\/li><\/ul>5. Awareness & Training<\/span>
<\/h3>- Conduct regular cybersecurity and data privacy awareness programs for staff<\/span>
<\/li>- Promote best practices for secure usage of IT systems<\/span>
<\/li><\/ul>6. Monitoring & Reporting<\/span>
<\/h3>- Track and report security incidents, compliance status, and KPIs<\/span>
<\/li>- Prepare periodic reports for leadership and audits<\/span>
<\/li><\/ul>
<\/div><\/span>
Requirements<\/h3>Required Qualifications<\/span>
<\/h2>- Bachelor\u2019s/Master\u2019s degree in Computer Science, Information Security, or related field<\/span>
<\/li>- Certifications preferred: <\/span>CISSP,<\/b><\/span> <\/span>CISA, <\/span>CISM, CEH, ISO 27001 Lead Implementer/Auditor, or equivalent<\/span><\/span><\/b>
<\/li><\/ul>Experience<\/span>
<\/h2>- 5\u201310 years<\/span><\/b> <\/span>of experience in IT security, cybersecurity, or data protection<\/span>
<\/li>- Experience in <\/span>NGO / social sector / large distributed environments<\/b> <\/span>is a plus<\/span>
<\/li>- Familiarity with cloud platforms (AWS/Azure/Google Cloud)<\/span>
<\/li><\/ul>Key Skills<\/span>
<\/h2>- Strong understanding of cybersecurity frameworks (ISO 27001, NIST, etc.)<\/span>
<\/li>- Knowledge of data protection laws (DPDP Act, GDPR basics)<\/span>
<\/li>- Risk assessment and incident response expertise<\/span>
<\/li>- Vendor risk management<\/span>
<\/li>- Excellent communication and stakeholder management<\/span>
<\/li><\/ul>Preferred Attributes<\/span>
<\/h2>- Ability to work in a mission\-driven, resource\-constrained environment<\/span>
<\/li>- High ethical standards and integrity<\/span>
<\/li>- Problem\-solving mindset with attention to detail<\/span>
<\/li><\/ul>
<\/div><\/span>
<\/li>
<\/li>
<\/li>
<\/li>
<\/li><\/ul>
3. Risk Management & Governance<\/span>
<\/h3>- Identify and mitigate IT and data security risks across projects and operations<\/span>
<\/li>- Maintain a IT security framework with focus on risk registers and BIA<\/span>
<\/li>- Ensure compliance to IT general controls in place<\/span>
<\/li>- Develop incident response and disaster recovery plans<\/span>
<\/li>- Maintain risk registers and report to leadership<\/span>
<\/li><\/ul>4. Stakeholder & Vendor Management<\/span>
<\/h3>- Work with internal teams, partners, and vendors to ensure secure data handling<\/span>
<\/li>- Review third\-party contracts for data protection and security clauses<\/span>
<\/li>- Conduct vendor security assessments<\/span>
<\/li><\/ul>5. Awareness & Training<\/span>
<\/h3>- Conduct regular cybersecurity and data privacy awareness programs for staff<\/span>
<\/li>- Promote best practices for secure usage of IT systems<\/span>
<\/li><\/ul>6. Monitoring & Reporting<\/span>
<\/h3>- Track and report security incidents, compliance status, and KPIs<\/span>
<\/li>- Prepare periodic reports for leadership and audits<\/span>
<\/li><\/ul>
<\/div><\/span>
Requirements<\/h3>Required Qualifications<\/span>
<\/h2>- Bachelor\u2019s/Master\u2019s degree in Computer Science, Information Security, or related field<\/span>
<\/li>- Certifications preferred: <\/span>CISSP,<\/b><\/span> <\/span>CISA, <\/span>CISM, CEH, ISO 27001 Lead Implementer/Auditor, or equivalent<\/span><\/span><\/b>
<\/li><\/ul>Experience<\/span>
<\/h2>- 5\u201310 years<\/span><\/b> <\/span>of experience in IT security, cybersecurity, or data protection<\/span>
<\/li>- Experience in <\/span>NGO / social sector / large distributed environments<\/b> <\/span>is a plus<\/span>
<\/li>- Familiarity with cloud platforms (AWS/Azure/Google Cloud)<\/span>
<\/li><\/ul>Key Skills<\/span>
<\/h2>- Strong understanding of cybersecurity frameworks (ISO 27001, NIST, etc.)<\/span>
<\/li>- Knowledge of data protection laws (DPDP Act, GDPR basics)<\/span>
<\/li>- Risk assessment and incident response expertise<\/span>
<\/li>- Vendor risk management<\/span>
<\/li>- Excellent communication and stakeholder management<\/span>
<\/li><\/ul>Preferred Attributes<\/span>
<\/h2>- Ability to work in a mission\-driven, resource\-constrained environment<\/span>
<\/li>- High ethical standards and integrity<\/span>
<\/li>- Problem\-solving mindset with attention to detail<\/span>
<\/li><\/ul>
<\/div><\/span>
<\/li>
<\/li>
<\/li>
<\/li>
<\/li><\/ul>
4. Stakeholder & Vendor Management<\/span>
<\/h3>- Work with internal teams, partners, and vendors to ensure secure data handling<\/span>
<\/li>- Review third\-party contracts for data protection and security clauses<\/span>
<\/li>- Conduct vendor security assessments<\/span>
<\/li><\/ul>5. Awareness & Training<\/span>
<\/h3>- Conduct regular cybersecurity and data privacy awareness programs for staff<\/span>
<\/li>- Promote best practices for secure usage of IT systems<\/span>
<\/li><\/ul>6. Monitoring & Reporting<\/span>
<\/h3>- Track and report security incidents, compliance status, and KPIs<\/span>
<\/li>- Prepare periodic reports for leadership and audits<\/span>
<\/li><\/ul>
<\/div><\/span>
Requirements<\/h3>Required Qualifications<\/span>
<\/h2>- Bachelor\u2019s/Master\u2019s degree in Computer Science, Information Security, or related field<\/span>
<\/li>- Certifications preferred: <\/span>CISSP,<\/b><\/span> <\/span>CISA, <\/span>CISM, CEH, ISO 27001 Lead Implementer/Auditor, or equivalent<\/span><\/span><\/b>
<\/li><\/ul>Experience<\/span>
<\/h2>- 5\u201310 years<\/span><\/b> <\/span>of experience in IT security, cybersecurity, or data protection<\/span>
<\/li>- Experience in <\/span>NGO / social sector / large distributed environments<\/b> <\/span>is a plus<\/span>
<\/li>- Familiarity with cloud platforms (AWS/Azure/Google Cloud)<\/span>
<\/li><\/ul>Key Skills<\/span>
<\/h2>- Strong understanding of cybersecurity frameworks (ISO 27001, NIST, etc.)<\/span>
<\/li>- Knowledge of data protection laws (DPDP Act, GDPR basics)<\/span>
<\/li>- Risk assessment and incident response expertise<\/span>
<\/li>- Vendor risk management<\/span>
<\/li>- Excellent communication and stakeholder management<\/span>
<\/li><\/ul>Preferred Attributes<\/span>
<\/h2>- Ability to work in a mission\-driven, resource\-constrained environment<\/span>
<\/li>- High ethical standards and integrity<\/span>
<\/li>- Problem\-solving mindset with attention to detail<\/span>
<\/li><\/ul>
<\/div><\/span>
<\/li>
<\/li>
<\/li><\/ul>
5. Awareness & Training<\/span>
<\/h3>- Conduct regular cybersecurity and data privacy awareness programs for staff<\/span>
<\/li>- Promote best practices for secure usage of IT systems<\/span>
<\/li><\/ul>6. Monitoring & Reporting<\/span>
<\/h3>- Track and report security incidents, compliance status, and KPIs<\/span>
<\/li>- Prepare periodic reports for leadership and audits<\/span>
<\/li><\/ul>
<\/div><\/span>
Requirements<\/h3>Required Qualifications<\/span>
<\/h2>- Bachelor\u2019s/Master\u2019s degree in Computer Science, Information Security, or related field<\/span>
<\/li>- Certifications preferred: <\/span>CISSP,<\/b><\/span> <\/span>CISA, <\/span>CISM, CEH, ISO 27001 Lead Implementer/Auditor, or equivalent<\/span><\/span><\/b>
<\/li><\/ul>Experience<\/span>
<\/h2>- 5\u201310 years<\/span><\/b> <\/span>of experience in IT security, cybersecurity, or data protection<\/span>
<\/li>- Experience in <\/span>NGO / social sector / large distributed environments<\/b> <\/span>is a plus<\/span>
<\/li>- Familiarity with cloud platforms (AWS/Azure/Google Cloud)<\/span>
<\/li><\/ul>Key Skills<\/span>
<\/h2>- Strong understanding of cybersecurity frameworks (ISO 27001, NIST, etc.)<\/span>
<\/li>- Knowledge of data protection laws (DPDP Act, GDPR basics)<\/span>
<\/li>- Risk assessment and incident response expertise<\/span>
<\/li>- Vendor risk management<\/span>
<\/li>- Excellent communication and stakeholder management<\/span>
<\/li><\/ul>Preferred Attributes<\/span>
<\/h2>- Ability to work in a mission\-driven, resource\-constrained environment<\/span>
<\/li>- High ethical standards and integrity<\/span>
<\/li>- Problem\-solving mindset with attention to detail<\/span>
<\/li><\/ul>
<\/div><\/span>
<\/li>
<\/li><\/ul>
6. Monitoring & Reporting<\/span>
<\/h3>- Track and report security incidents, compliance status, and KPIs<\/span>
<\/li>- Prepare periodic reports for leadership and audits<\/span>
<\/li><\/ul>
<\/div><\/span>
Requirements<\/h3>Required Qualifications<\/span>
<\/h2>- Bachelor\u2019s/Master\u2019s degree in Computer Science, Information Security, or related field<\/span>
<\/li>- Certifications preferred: <\/span>CISSP,<\/b><\/span> <\/span>CISA, <\/span>CISM, CEH, ISO 27001 Lead Implementer/Auditor, or equivalent<\/span><\/span><\/b>
<\/li><\/ul>Experience<\/span>
<\/h2>- 5\u201310 years<\/span><\/b> <\/span>of experience in IT security, cybersecurity, or data protection<\/span>
<\/li>- Experience in <\/span>NGO / social sector / large distributed environments<\/b> <\/span>is a plus<\/span>
<\/li>- Familiarity with cloud platforms (AWS/Azure/Google Cloud)<\/span>
<\/li><\/ul>Key Skills<\/span>
<\/h2>- Strong understanding of cybersecurity frameworks (ISO 27001, NIST, etc.)<\/span>
<\/li>- Knowledge of data protection laws (DPDP Act, GDPR basics)<\/span>
<\/li>- Risk assessment and incident response expertise<\/span>
<\/li>- Vendor risk management<\/span>
<\/li>- Excellent communication and stakeholder management<\/span>
<\/li><\/ul>Preferred Attributes<\/span>
<\/h2>- Ability to work in a mission\-driven, resource\-constrained environment<\/span>
<\/li>- High ethical standards and integrity<\/span>
<\/li>- Problem\-solving mindset with attention to detail<\/span>
<\/li><\/ul>
<\/div><\/span>
<\/li>
<\/li><\/ul>
<\/div><\/span>
Requirements<\/h3>Required Qualifications<\/span>
<\/h2>- Bachelor\u2019s/Master\u2019s degree in Computer Science, Information Security, or related field<\/span>
<\/li>- Certifications preferred: <\/span>CISSP,<\/b><\/span> <\/span>CISA, <\/span>CISM, CEH, ISO 27001 Lead Implementer/Auditor, or equivalent<\/span><\/span><\/b>
<\/li><\/ul>Experience<\/span>
<\/h2>- 5\u201310 years<\/span><\/b> <\/span>of experience in IT security, cybersecurity, or data protection<\/span>
<\/li>- Experience in <\/span>NGO / social sector / large distributed environments<\/b> <\/span>is a plus<\/span>
<\/li>- Familiarity with cloud platforms (AWS/Azure/Google Cloud)<\/span>
<\/li><\/ul>Key Skills<\/span>
<\/h2>- Strong understanding of cybersecurity frameworks (ISO 27001, NIST, etc.)<\/span>
<\/li>- Knowledge of data protection laws (DPDP Act, GDPR basics)<\/span>
<\/li>- Risk assessment and incident response expertise<\/span>
<\/li>- Vendor risk management<\/span>
<\/li>- Excellent communication and stakeholder management<\/span>
<\/li><\/ul>Preferred Attributes<\/span>
<\/h2>- Ability to work in a mission\-driven, resource\-constrained environment<\/span>
<\/li>- High ethical standards and integrity<\/span>
<\/li>- Problem\-solving mindset with attention to detail<\/span>
<\/li><\/ul>
<\/div><\/span>
<\/h2>
- Bachelor\u2019s/Master\u2019s degree in Computer Science, Information Security, or related field<\/span>
<\/li>- Certifications preferred: <\/span>CISSP,<\/b><\/span> <\/span>CISA, <\/span>CISM, CEH, ISO 27001 Lead Implementer/Auditor, or equivalent<\/span><\/span><\/b>
<\/li><\/ul>Experience<\/span>
<\/h2>- 5\u201310 years<\/span><\/b> <\/span>of experience in IT security, cybersecurity, or data protection<\/span>
<\/li>- Experience in <\/span>NGO / social sector / large distributed environments<\/b> <\/span>is a plus<\/span>
<\/li>- Familiarity with cloud platforms (AWS/Azure/Google Cloud)<\/span>
<\/li><\/ul>Key Skills<\/span>
<\/h2>- Strong understanding of cybersecurity frameworks (ISO 27001, NIST, etc.)<\/span>
<\/li>- Knowledge of data protection laws (DPDP Act, GDPR basics)<\/span>
<\/li>- Risk assessment and incident response expertise<\/span>
<\/li>- Vendor risk management<\/span>
<\/li>- Excellent communication and stakeholder management<\/span>
<\/li><\/ul>Preferred Attributes<\/span>
<\/h2>- Ability to work in a mission\-driven, resource\-constrained environment<\/span>
<\/li>- High ethical standards and integrity<\/span>
<\/li>- Problem\-solving mindset with attention to detail<\/span>
<\/li><\/ul>
<\/div><\/span> - High ethical standards and integrity<\/span>
- Knowledge of data protection laws (DPDP Act, GDPR basics)<\/span>
- Experience in <\/span>NGO / social sector / large distributed environments<\/b> <\/span>is a plus<\/span>
- Certifications preferred: <\/span>CISSP,<\/b><\/span> <\/span>CISA, <\/span>CISM, CEH, ISO 27001 Lead Implementer/Auditor, or equivalent<\/span><\/span><\/b>