About Us 

At House Of Diagnostics, safeguarding our infrastructure and protecting our users' data is our highest priority. We are looking for a highly skilled Data Protection & Cybersecurity Officer to drive our network security strategy while ensuring strict adherence to the new Digital Personal Data Protection (DPDP) Act, 2023. In this hybrid role, you will act as the primary guardian of our network perimeter, identity governance, and data privacy operations. 

Role Overview 

As our Lead Data Protection & Cybersecurity Officer, you will sit at the critical intersection of IT Operations, Cybersecurity, and Data Privacy. You will be responsible for enforcing robust Identity and Access Management (IAM) protocols, conducting rigorous network audits, and leading our incident response efforts. Furthermore, you will act as our internal champion for DPDP Act compliance, maintaining our Records of Processing Activities (ROPA) and ensuring our data workflows are mapped, secure, and legally compliant. 

Key Responsibilities 

Access Control & Identity Governance 

• Access Lifecycle Management: Manage the end-to-end user access lifecycle, including provisioning, modification, and de-provisioning. 
• Policy Implementation: Implement, enforce, and strictly monitor Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) policies. 
• Access Reviews & SoD: Conduct periodic user access reviews and ensure proper Segregation of Duties (SoD) across systems. 
• Audit Trails: Maintain comprehensive access logs and audit trails for compliance reporting. 

ROPA & DPDP Compliance 

• ROPA Maintenance: Maintain and regularly updates the organization's Records of Processing Activities (ROPA). 
• Data Mapping: Ensure rigorous data classification and accurate mapping of personal data flows across the network. 
• Privacy by Design: Champion data minimization and purpose limitation practices across all IT projects. 
• System Verification: Conduct system base verification to ensure only authorized systems and personnel process personal data. 
• DPDP Act (2023) Enforcement: Ensure full compliance with India's DPDP Act, specifically focusing on: 
• Implementing technical data security safeguards. 
• Enforcing access restrictions on PII/sensitive data. 
• Supporting breach reporting mechanisms. 
• Coordinating vendor security reviews and third-party risk assessments. 

Periodic Network Audit & Security Review 

• Routine Audits: Conduct comprehensive quarterly and half-yearly network and firewall audits. 
• Vulnerability Management: Perform vulnerability assessments and configuration reviews across cloud and on-premise infrastructure. 
• Baseline Validation: Validate system baseline configurations, focusing on OS hardening and patch compliance. 
• Remediation: Identify security gaps, recommend remediation strategies, and track them to closure. 
• Reporting: Prepare detailed audit reports for senior management and compliance teams. 

Monitoring, Incident Response & Reporting 

• Threat Monitoring: Actively monitor network and cloud environments utilizing SIEM and log monitoring tools. 
• Incident Response: Lead the investigation and rapid response to potential security incidents and breaches. 
• Root Cause Analysis (RCA): Perform thorough RCA and develop actionable corrective action plans post-incident. 
• Documentation: Maintain meticulous documentation, playbooks, and compliance records. 

Qualifications & Skills 

• Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. 
• Experience: 3–5+ years of hands-on experience in Network Engineering, Security Engineering, or IT Governance. 
• Core Technical Skills: Strong working knowledge of VLANs, Aruba firewalls, AWS networking, IAM, and access governance. 
• Compliance Expertise: Deep understanding of data protection frameworks (especially the DPDP Act, 2023) and IT audit processes. 
• Bonus Certifications: Certifications such as CISM, CISA, CISSP, or CDPSE are highly advantageous. 

Why Join Us? 

• Play a foundational role in shaping our security and privacy posture. 
• Work in a dynamic environment that values both technical excellence and regulatory integrity.