InfoTech
/ Hospitality [ Remote ]
3 Months
Information Security Policy Framework & Compliance Alignment for European Hospitality Player
CLIENT:
A Global Consulting firm
CONSULTANT:
He is an accomplished Information Security and IT Governance expert with over 23 years of experience leading digital transformation initiatives across global enterprises. As Founder and Principal Consultant at TransCon Services & Technologies and SecureKal, he has successfully delivered over 50 cybersecurity and data privacy projects across 13 industries and 4 continents. His expertise spans IT Governance, Risk and Compliance, Data Security, Privacy Management, and Application Security, enabling organizations to achieve regulatory compliance with GDPR, ISO 27001, RBI, and SEBI frameworks. A certified CISA, ISO 27001 Lead Auditor & Implementer, and GDPR Practitioner, he has designed enterprise-wide information security architectures, implemented secure IT infrastructures, and advised clients as a Virtual CISO. Recognized as a NEXT100 CIO awardee, he is also a sought-after speaker at cybersecurity forums, known for his strategic leadership in aligning technology, governance, and risk management with business goals.
ASSIGNMENT:
Objective: Assess the organization’s current security and compliance posture (CIS 18, GDPR) and develop a comprehensive Information Security Policy Framework.
Discovery Phase (1A): Establish baseline understanding of existing security posture, business drivers, and compliance maturity.
Document Review: Examine current IT/security policies, asset registers, compliance reports, and audit findings.
Risk Assessment: Conduct workshops with key stakeholders (CISO, DPO, Finance Lead) and develop a detailed Risk Register.
Control Mapping: Align identified risks with CIS 18 controls, GDPR obligations, and upcoming internal financial control frameworks.
Policy Development (1B): Draft an overarching Information Security Policy Framework and seven sub-policies (IR, Data Protection, AUP, Access Control, Third-Party Mgmt, Training, BYOD).
Compliance Alignment: Ensure all policies reference ISO 27001 clauses, CIS controls, and GDPR principles in clear, business-friendly language.
Review & Governance (1C): Conduct executive workshops, define review cycles, establish governance oversight, and finalize policies for adoption.
Implementation Readiness: Deliver an Implementation Playbook, Awareness & Training Plan, and Communication Materials to support rollout and ownership.
Discovery Phase (1A): Establish baseline understanding of existing security posture, business drivers, and compliance maturity.
Document Review: Examine current IT/security policies, asset registers, compliance reports, and audit findings.
Risk Assessment: Conduct workshops with key stakeholders (CISO, DPO, Finance Lead) and develop a detailed Risk Register.
Control Mapping: Align identified risks with CIS 18 controls, GDPR obligations, and upcoming internal financial control frameworks.
Policy Development (1B): Draft an overarching Information Security Policy Framework and seven sub-policies (IR, Data Protection, AUP, Access Control, Third-Party Mgmt, Training, BYOD).
Compliance Alignment: Ensure all policies reference ISO 27001 clauses, CIS controls, and GDPR principles in clear, business-friendly language.
Review & Governance (1C): Conduct executive workshops, define review cycles, establish governance oversight, and finalize policies for adoption.
Implementation Readiness: Deliver an Implementation Playbook, Awareness & Training Plan, and Communication Materials to support rollout and ownership.
OUTCOME:
1. Risk Assessment & Findings Report – Current State in a Maturity Framework
2. Risk Register with Risks, Prioritization, Controls, and Owners
3.Overarching Information Security Policy Framework
4. Seven Sub-Policies, reviewed, refined, and approved by stakeholders
5.Approved Policy Suite and Governance Framework outlining roles, responsibilities, and decision-making mechanisms
6. Implementation Readiness Plan
2. Risk Register with Risks, Prioritization, Controls, and Owners
3.Overarching Information Security Policy Framework
4. Seven Sub-Policies, reviewed, refined, and approved by stakeholders
5.Approved Policy Suite and Governance Framework outlining roles, responsibilities, and decision-making mechanisms
6. Implementation Readiness Plan