IT Security & Data Protection Officer

1. Information Security Management

• Develop, implement, and maintain IT security policies, standards, and procedures
  
• Monitor systems for vulnerabilities, threats, and breaches
  
• Conduct regular security audits, risk assessments, and penetration testing
  
• Assist in conducting ISO27001 audits with internal and external auditors
  
• Experience in breach handling procedures
  
• Working knowledge of India IT act for compliances
  
• Ensure endpoint, network, and cloud security across all platforms
  

2. Data Protection & Privacy Compliance

• Act as the Data Protection Officer (DPO) under applicable laws (e.g., DPDP Act, GDPR where applicable)
  
• Ensure compliance with data protection regulations and donor requirements
  
• Define and implement data inventory, classification, retention, and access policies
  
• Ensure compliance to consent handling and management procedures
  
• Handle data subject requests and privacy -related incidents
  

3. Risk Management & Governance

• Identify and mitigate IT and data security risks across projects and operations
  
• Maintain a IT security framework with focus on risk registers and BIA
  
• Ensure compliance to IT general controls in place
  
• Develop incident response and disaster recovery plans
  
• Maintain risk registers and report to leadership
  

4. Stakeholder & Vendor Management

• Work with internal teams, partners, and vendors to ensure secure data handling
  
• Review third -party contracts for data protection and security clauses
  
• Conduct vendor security assessments
  

5. Awareness & Training

• Conduct regular cybersecurity and data privacy awareness programs for staff
  
• Promote best practices for secure usage of IT systems
  

6. Monitoring & Reporting

• Track and report security incidents, compliance status, and KPIs
  
• Prepare periodic reports for leadership and audits
  

Requirements

Required Qualifications

• Bachelor’s/Master’s degree in Computer Science, Information Security, or related field
  
• Certifications preferred: CISSP, CISA, CISM, CEH, ISO 27001 Lead Implementer/Auditor, or equivalent
  

Experience

• 5–10 years of experience in IT security, cybersecurity, or data protection
  
• Experience in NGO / social sector / large distributed environments is a plus
  
• Familiarity with cloud platforms (AWS/Azure/Google Cloud)
  

Key Skills

• Strong understanding of cybersecurity frameworks (ISO 27001, NIST, etc.)
  
• Knowledge of data protection laws (DPDP Act, GDPR basics)
  
• Risk assessment and incident response expertise
  
• Vendor risk management
  
• Excellent communication and stakeholder management
  

Preferred Attributes

• Ability to work in a mission -driven, resource -constrained environment
  
• High ethical standards and integrity
  
• Problem -solving mindset with attention to detail