Information Security Consultant / Security & Compliance Advisor – India-Based
Worldwide
# Information Security Consultant / Security & Compliance Advisor – India-Based ## Summary We are a growing AI, SAP, and IT consulting organization with operations in India and international clients. We are looking for an **India-based Information Security Consultant / Security & Compliance Advisor** to assess our current security posture and help us implement practical, affordable, and scalable security controls. This is **not a high-budget US/Canada vCISO engagement**. We are specifically looking for a hands-on consultant based in India who understands Indian IT services companies, delivery teams, employee controls, source code protection, client data security, cloud security, DLP, and practical compliance needs. Preference will be given to consultants located in **Noida, Delhi NCR, Pune, Hyderabad, Bangalore, Chennai, or other major Indian technology hubs**. --- ## Engagement Type * Part-time consultant * Project-based security assessment * Potential ongoing monthly advisory retainer * Remote, with availability during India business hours * India-based consultants only * Fees to be quoted in INR --- ## Budget Expectation We are looking for practical and reasonable India-market pricing. Please provide either: * Fixed project fee in INR, or * Hourly / monthly advisory rate in INR Proposals quoted at US, Canada, or enterprise global consulting rates may not be considered. --- ## About the Organization We are a rapidly growing AI, SAP, software development, and IT consulting company serving enterprise clients. As we scale, we want to strengthen our security controls around: * Employee access * Source code protection * Client data protection * Cloud infrastructure * AI tool usage * DLP * Backup security * Remote work security * Contractor controls * Security policies and governance We need a consultant who can identify risks, challenge weak practices, and give clear, practical recommendations that can actually be implemented in an Indian IT services environment. --- ## Key Objectives The consultant will help us: * Assess our current security posture * Identify practical security gaps * Protect source code and intellectual property * Reduce employee and insider-risk exposure * Strengthen DLP controls * Improve cloud and SaaS security * Secure backup and recovery processes * Build practical security policies * Prepare for future client security reviews * Improve awareness and accountability across teams --- ## Scope of Work ### 1. Security Assessment & Risk Review The consultant should review current practices and identify gaps across: * Security governance * Employee access controls * Client data handling * Source code access * Cloud security * SaaS usage * AI tool usage * Device and endpoint controls * Backup and disaster recovery * Incident response readiness * Vendor and contractor access Expected output: * Security Risk Assessment Report * Gap Analysis * Risk Register * Priority-wise Remediation Roadmap --- ### 2. Data Loss Prevention and Insider Risk Review and recommend controls for: * Unauthorized file downloads * External storage devices * Personal email usage * Personal Google Drive / Dropbox / OneDrive usage * Source code copying * Client data sharing * Screenshots and document leakage * AI tools such as ChatGPT, Copilot, Claude, Gemini, etc. * Email forwarding * Document sharing permissions * Employee exit risk * Contractor access risk Expected output: * DLP Strategy * Insider Risk Control Recommendations * AI Usage and Data Protection Guidelines --- ### 3. Source Code and Intellectual Property Protection Review and recommend controls for: * GitHub / GitLab / Bitbucket access * Repository permissions * Branch protection * Admin access controls * Developer access review * Code download restrictions where practical * Secrets management * Credential leakage prevention * Secure development standards * Offboarding controls for developers * Contractor code access controls Expected output: * Source Code Protection Framework * Developer Access Governance Recommendations * Secure Development Policy Outline --- ### 4. Cloud and SaaS Security Review Review security controls across cloud and SaaS platforms such as: * AWS * Azure * Google Cloud * GitHub / GitLab * Google Workspace / Microsoft 365 * Jira / project tools * HR / payroll / finance tools * Client delivery tools Areas of focus: * IAM * MFA enforcement * Privileged access * Admin accounts * Logging and monitoring * Security alerts * Encryption * Backup security * Access reviews * Configuration risks Expected output: * Cloud Security Recommendations * SaaS Access Control Review * Privileged Access Control Recommendations --- ### 5. Backup, Recovery and Business Continuity Review and recommend improvements for: * Backup process * Backup access controls * Backup encryption * Ransomware resilience * Recovery testing * RPO / RTO expectations * Critical system recovery planning * Client data recovery process Expected output: * Backup and Recovery Review * Disaster Recovery Improvement Plan * Business Continuity Recommendations --- ### 6. Employee Security Controls Review and recommend controls for: * Employee onboarding * Employee offboarding * Device management * Remote work security * Password policies * MFA * Access approvals * Access reviews * Contractor access * Vendor access * Security awareness training * Acceptable use expectations Expected output: * Employee Security Control Framework * Access Management Recommendations * Offboarding Security Checklist --- ### 7. Security Policies and Governance Help create or improve practical policies such as: * Information Security Policy * Data Protection Policy * Access Control Policy * Password Policy * Remote Work Policy * Incident Response Plan * Vendor Security Policy * Business Continuity Plan * Acceptable Use Policy * Secure Development Policy * AI Usage Policy * Source Code Protection Policy * Backup and Recovery Policy Expected output: * Security Policy Framework * Priority Policy List * Draft Policy Templates or Outlines --- ## Deliverables ### Phase 1 – Assessment * Security Risk Assessment Report * Security Gap Analysis * Risk Register * Top Security Risks Summary * Prioritized Remediation Roadmap ### Phase 2 – Security Framework * DLP Strategy * Source Code Protection Framework * Cloud Security Recommendations * Backup and Recovery Review * AI Usage and Data Protection Guidelines * Security Policy Framework ### Phase 3 – Governance * Executive Security Dashboard * Security Governance Model * Security Metrics and Reporting Framework * Ongoing Advisory Recommendations --- ## Preferred Experience We prefer consultants with experience in: * Indian IT services companies * SAP consulting companies * Software development companies * SaaS / technology companies * Managed services organizations * ISO 27001 implementation or audit support * Client security review preparation * Internal security audits * DLP implementation * Cloud security reviews * Source code protection * Employee access governance Experience with any of the following is useful: * ISO 27001 * SOC 2 * NIST Cybersecurity Framework * CIS Controls * OWASP * ITGC * Cloud Security Best Practices * Data Protection and Privacy Controls --- ## Ideal Candidate The right consultant should be: * Based in India * Practical and hands-on * Cost-conscious * Comfortable working with Indian delivery teams * Able to explain risks clearly to management * Able to create simple, enforceable policies * Strong in security governance and operations * Experienced with cloud, SaaS, source code, and DLP controls * Comfortable challenging weak practices * Focused on implementation, not only theory We are not looking for only a PowerPoint advisor. We need someone who can identify real risks and help us implement workable controls. --- ## Success Criteria The engagement will be successful if we are able to: * Identify top security risks clearly * Improve protection of source code and client data * Reduce employee and insider-risk exposure * Strengthen cloud and SaaS access controls * Establish practical DLP controls * Improve backup and recovery readiness * Implement basic security governance * Create usable security policies * Prepare for future enterprise client security reviews * Build a stronger security-first culture --- ## Proposal Requirements Please include the following in your proposal: 1. Confirm that you are based in India. 2. Mention your city and working timezone. 3. Quote your fee in INR. 4. Specify whether your quote is hourly, monthly, or fixed project-based. 5. Share relevant security consulting experience. 6. Mention experience with Indian IT / software / consulting companies. 7. List certifications, if any. 8. Share examples of similar engagements. 9. Mention frameworks you have worked with: ISO 27001, SOC 2, NIST, CIS, OWASP, etc. 10. Explain your assessment approach. 11. Share expected timeline for Phase 1 assessment. 12. Share sample deliverables, redacted if necessary. 13. Confirm availability for calls during India business hours. --- ## Screening Questions Please answer these questions clearly: 1. Are you currently based in India? 2. Which city are you located in? 3. What is your expected fee in INR? 4. Have you worked with Indian IT services, SAP, software, or SaaS companies? 5. Have you created or reviewed DLP policies? 6. Have you reviewed GitHub, GitLab, or source code access controls? 7. Have you reviewed AWS, Azure, Google Cloud, or SaaS security? 8. Have you helped companies prepare for ISO 27001, SOC 2, or client security audits? 9. Can you provide practical templates and implementation steps, not just reports? 10. Are you available for ongoing monthly advisory support if needed? --- ## Important Note This role is intended for an India-based consultant with practical security experience and India-market pricing. We are not looking for US, Canada, or global enterprise consulting rates. Please apply only if you can provide hands-on, practical, affordable, and implementation-focused security guidance suitable for a growing Indian technology consulting company.
- Less than 30 hrs/weekHourly
- < 1 monthDuration
- Entry levelExperience Level
- Remote Job
- One-time projectProject Type
Skills and Expertise
Activity on this job
- Proposals:5 to 10
- Last viewed by client:3 weeks ago
- Interviewing:0
- Invites sent:0
- Unanswered invites:0
About the client
- India10:15 PM
- Tech & ITLarge company (100-1,000 people)
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by