Information Security & Privacy Consultant

Company Description

The Bosch Group is a leading global supplier of technology and services. It employs roughly 429,000 associates worldwide (as of December 31, 2023). The company generated sales of 91.6 billion euros in 2023. Its operations are divided into four business sectors: Mobility, Industrial Technology, Consumer Goods, and Energy and Building Technology. With its business activities, the company aims to use technology to help shape universal trends such as automation, electrification, digitalization, connectivity, and an orientation to sustainability. In this context, Bosch’s broad footprint across industries and regions strengthens its innovativeness and robustness. Bosch uses its proven expertise in sensor technology, software, and services to offer customers cross-domain solutions from a single source. It also applies its expertise in connectivity and artificial intelligence to develop and manufacture user-friendly, sustainable products. With technology that is “Invented for life,” Bosch wants to help improve quality of life and conserve natural resources. Read more at https://www.bosch.com/company/#what-we-do

Bosch Global Software Technologies Private Limited (BGSW) is a 100% owned subsidiary of Robert Bosch GmbH. We are one of the world’s leading global suppliers of technology and services, offering end-to-end Engineering, IT, and Business Solutions. With a global footprint and presence in US, Europe, Japan, China, and the Asia Pacific region, we are at the forefront of designing, developing, and executing IoT ecosystems through our all-encompassing capability within the 3 aspects of IoT – Sensors, Software, and Services. We have always focused on improving the quality of the life of people, providing newer revenue-generating opportunities, and improving operational efficiencies for enterprises through an array of solutions. With our unique ability to offer end-to-end solutions that connect Sensors, Software, and Services, we enable businesses to move from the traditional to digital, or improve businesses by introducing a digital element in their products and processes. Learn more at https://www.bosch-softwaretechnologies.com/en/our-company/about-us/

Job Description

This role is of a Senior Information Security & Privacy consultant. Bare minimum responsibilities as follows:

Stakeholder Management

• Undertaking business travels across India to assigned Bosch entities for audits, awareness etc.

Governance:

• Handling Governance risk and compliance requirement for assigned legal entity
• Handling compliance requirements of Bosch Central Directive CD 2900 / ISO 27001:2022 Identifying information security, data protection (ISP) risks and reporting to customer management
• Functional guidance to Data Security Partners (DSP) on Information Security and Privacy topics· Audit planning, mentoring, checking the status of completion, provide consultancy on ISP topics

Awareness:

• Creating awareness content and conduction awareness for target audience across hierarchy

Assurance

• Performing Audits. Planning and conducting different types of Information Security and Data protection audits as per Bosch internal and ISO 27001 Standard.· E.g. Privacy audits, Extended risk-based audits, Project audits, process audits, IT security in manufacturing audits

Advisory

• Providing consultancy on Data privacy topics – privacy by design requirements
• Identifying control requirements from Central Directives, NISPR (National ISP regulations) and translating requirements to implementation level
• Privacy principles, (GDPR, Data protection law in India)
• Cloud on-boarding solutions
• Data privacy topics -during application development, Privacy contract review➢ Participation in Quality Gates - providing review and feedback➢ IT systems - security review as per Bosch Central Directives➢ Supporting enterprise applications development as per EISA (Enterprise Information Security Architecture) as per Bosch Central Directive
• Other soft skills required - Good communication & presentation skills

Qualifications

• Fulltime BE/ B.Tech in any discipline.
• 10 – 15 years of post qualification experience in Information Security and Privacy, preferably CISSP, CISA certification status
• Experience in working in Manufacturing industry -an added advantage
• ISO 27001 Lead Auditor certified. ISO 27001:2022 (Implementation experience)
• Personal Data Protection implementation (e.g. EU-GDPR or any other country regulations)