Information Security Consultant, ISO 27001, GDPR, Data Privacy, ISO 9001, ISO 20000, IRCA Lead Auditor, expert with Document Management, Policy & Procedure writing and editing expert.

1. Page 1 of 4
Jagroop Singh Jagpal (Jag) 02085816262 / 07902296888| jagroop@smup.london | LinkedIn
Certified GDPR Practitioner; Lead Auditor Information Security Management (ISO 27001:2013
Certificate Number: 01195562); Lead Auditor in Quality Management (ISO 9001:2015 Certificate
Number: 01195562); IT Service Management (ISO 20000); Design, Implementation; Maintenance;
Auditing; Risk Management; Business Improvement; Business Continuity; Business Change and
Efficiency
Summary
A result driven, Information Security, Quality Management and Data Protection leader equipped with
international recognition as a certified auditor in Information Security Management ISO 27001 and
Quality Management ISO 9001as well as being a certified GDPR practitioner. I have leveraged analytical
and problem-solving strengths at senior management level, thriving in dynamic, high-pressure
environments. At the forefront of my skillset lies the ability to analyse and streamline systems, operations
and business processes to increase productivity, quality and efficiency.
I am now open to consulting opportunities with large and small organisations across industries and
sectors. In these contexts, I would be a multi-faceted asset, adept at ensuring regulatory compliance,
streamlining operations without losing customer focus, integrating management systems to decrease
costs and formalising internal policies and standards.
Profile
• Certified GDPR Practitioner, project management, implementation, DPIA, Record of Processing –
HR/Marketing, Subject Access Request, policy writing/amendment, advice and training
• Information Security expert, consultant and auditor with multiple implementation experience
• Quality Manager with a strong background in, and thorough understanding of, the project management
process along with IS0 9001:2015
• Risk Management consulting advice and development
• Organised, enthusiastic professional; willing to hear new ideas and go the extra mile to improve
performance
• Possess strong interpersonal skills; able to work effectively with individuals at all levels
• Demonstrated ability to develop and maintain sound employee relations
• Strong problem resolution skills; able to prioritise a broad range of responsibilities efficiently and
effectively
• Worked on international projects in Dubai, France and Ireland
• Catalyst for change, transformation and performance improvement
• Achieved reputation as a resource person, problem solver, trouble-shooter and creative turnaround
manager
Project/Achievements
• Obtaining external certification for ISO 27001, ISO 9001, ISO 20000
• GDPR Transition and Implementation Project x2
• Information Security Implementation
• Development of Audit Management on RSA Archer and ServiceNow
• Development of Risk Management on RSA Archer and ServiceNow
• Relationship Manager for two major six sigma projects involving credit and customer relations
department with a projected first year saving of £2m
• QA Lead on the project management planning of key multi-million-pound contracts across the business:
A5 Project in Ireland – £100m & Cooling the tube - £30m
• Lead for design & roll out of £3m company-wide document management system
• Lead for customer feedback and audit reporting tool
• Information Security Management certification achieved and maintained
• Successfully obtained and renewed ISO certification in ISO 9001, ISO 27001 and ISO 20000
• Established Central Document Management Systems bringing the organisations consistency, clarity
and control in all company documentation
Professional Experience
May 2018 – Current Smup Ltd
Director/Consultant
Self-employed, company director offering services in:
• Design, implementation and maintenance of Information Security, Quality and Service
Management Systems

2. Page 2 of 4
• Advice on implementing an Integrated Management System
• Advice on business requirements and impact of GDPR
• Internal auditing
• Readiness for external certification audits
• Assistance at client audits
• Supplier audits
• Contract audits
• Project status audits
• Risk management
• Analysis of business processes to recommend business improvement and development
• Design, implementation and maintenance of Document Management System
• Advice on increasing efficiency and reducing cost
May 2019 – Current Harneys LLP (Contract)
Information Risk & Security Consultant
ISO 27001 policy re-write and preparation for external certification audits across international
locations including GDPR implementation including conducting extensive internal audits in order
to uncover potential issues prior to the external audit and the planning for remediation of the audit
findings.
Tailoring the Information Security Management System to fit The Firm to ensure processes are fit-
for-purpose and specific to The Firm and not generic. Creating suitable training and embedding of
the ISMS and GDPR into everyday working life of the employees to ensure that information security
is practiced throughout The Firm reducing information leakage that would adversely effect The
Firm.
Working with department heads and senior managers from Global Partners, Chief Operations
Officer, Chief Technical Officer to the Chief Information Officer, in order to create an understanding
of the ISMS as well as GDPR and other business leading best practices for seamless working and
efficiency to reduce costs and increase assurance in the security of information and reduction of
risk threats while mitigating vulnerabilities.
Developed and transferred, audit management, risk management, legal and regulatory lists,
document library, supplier management and business impact assessment from excel to
ServiceNow.
Since late June I have been fulfilling the role of acting CISO which has increased the strategic
element of the role as well as dealing with incident and event tickets, client questionnaires, setting
the internal audit program, running Senior Management Review meetings, setting ISMS objectives
to ensure the ISMS is running to the needs of The Firm. Managing direct reports who were mostly
technical architects, setting up the structure of the document management system, advising on
Business Continuity Management as well as physical security.
Oct 2018 – Dec 2018 Diktamen (Contract)
ISO 27001 Implementation Consultant
ISO 27001 Implementation from scratch, initially starting with a gap analysis, interviews with Leadership,
following on to creation of documentation, training, auditing planning with preparation for external audit.
Oct 2018 – Oct 2018 telent Technology Services (Contract)
Auditor
ISO 20000 Internal Audit: Preparation of audit checklists in order to allow the internal audit process to
carry out a specific structure achieving better value from the audit. Carrying out internal audit in order to
provide status of the management system offering improvement in order to provide efficiencies in order
to reduce cost. Trained staff during the audit process in how to interact with the external auditor as well
as offered training and guidance to the telent internal auditors.
May 2018 – Oct 2018 Six Degrees Group (Contract)
GDPR Implementation Project Manager/Consultant
Overall Accountability for the GDPR implementation project
Policy Creation: Subject Access Request, DPIA, Legitimate Interests, Privacy Notice, International
Transfer of Personal Data, Security Incident Response

3. Page 3 of 4
Record of Processing advice and guidance: Organised and hosted workshops with all departments
identifying records containing personal information, advised and coached on how to determine the
correct lawful basis of processing information in order to comply with GDPR requirements
DPIA implementation and advice: Created the documentation, trained on how to complete a DPIA and
completed a mock DPIA
GDPR risk assessment development: Identified and scored risks related to information security
Training development and delivery: Produced and delivered training for staff awareness
Interpreted GDPR jargon into simple language: Used examples relevant to Six Degrees Group
Subject Access Request: Created the documentation, trained on implementation and ran a mock
Subject Access Request exercise to ensure all affected employees knew what to do
Project Management reporting and updates: Created project reporting documentation and chaired the
project review meetings to provide project status
GDPR integration: Integrated GDPR requirements into existing processes e.g. for ISO 27001 to ensure
a streamlined set of documentation and processes were kept simple for the business
GDPR process mapping: Created process maps in order to simplify the understanding of some GDPR
requirements such as the Subject Access Request process making the obligations easier to follow
Document classification: Advised on the correct document classification and labels to apply to
information and how to handle documents with a higher sensitive classification.
Dec 2010 – May 2018 T-Systems Limited
Country Quality Manager
Responsible for maintaining certification for established Integrated Management System:
Integral member of the GDPR Implementation project covering all aspects of GDPR starting with the
Record of Processing to final awareness training. Streamlined the business auditing regime by creating
and maintain audit schedules based on a risk-based approach, conducting audits touching on financial
performance, business processes, data protection, compliance, ISO standards and suppliers. Reduced
cost of auditing via a simple initiative of remote audits through use of conferencing technology as well
as implementing a risk and audit platform to reduce administration ensuring value of risk and audit
findings.
Initiated continual improvement exercises with the purpose of cost savings and waste reductions, with
key successes in new starter induction, buildings estate waste reduction through better use of space.
Implementation of a group-wide document management framework, including document classification
which ensured clarity and continuity of documentation as well as ensuring documents were easily
identifiable and retrievable which reduced time wasted looking for required documents.
Aug 2010 – Nov 2010 EDF Energy
Quality Assurance Lead
Responsible for implementation of Quality Management System for a Nuclear framework, internal &
supplier auditing for established Nuclear Licensing requirements. Internal Training of understanding to
the Quality and Document Management System
Mar 2010 – Jun 2010 British Gas Business (Contract)
Quality Manager
Responsible for developing and delivering an appropriate BGB QMS framework in accordance with ISO
9001:2008 to ensure costs are reduced and efficiency is increased to supply a better performance to
clients while increasing profits. Mitigation of organisational risks through leading the deployment of
corporate risk management. Improved end-to-end processes and general running of complaints
department to reduce escalation of complaints to ombudsmen level saving costs to a significant level.
Designed the framework of a new Document Management System to have a central place for
documents to avoid obsolete and consistency of document style and correct document classification
Communication link between Top-Management and the business
Dec 2006 – Feb 2010 Mouchel Group Plc
Senior Group Quality Advisor
Maintain and fulfil an internal audit programme across all UK offices via undertaking full system audits
to ensure ISO 9001:2008 registration was maintained due to this being a requirement to bid for work
and maintain existing contracts. Designed and implemented a new non-conformity and audit
management module for use across the business to ensure timely closure of audit actions in a consistent
manner to reduce audit findings going overdue and leading to potential major non-conformities.

4. Page 4 of 4
Designed and implemented an online document management system to ensure the easier retrieval and
identification key documentation in order to reduce administration time.
Accreditation/Professional Courses
QA
GDPR Foundation & Certified Practitioner Course
Lloyd’s Register Quality Assurance
Introduction to GDPR
ISO 9001:2015 Lead Auditor Transition
Quality Manager Training Course
ISO 27001:2013 Update and Appreciation Course
ISO 27001 Lead Auditor Conversion Course
ISO 20000 Interpretation & Appreciation Course
ISO 9001:2008 Update and Transfer Course
ISO 9001:2000 Lead Auditor Training Course
IS0 9001:2000 Appreciation Course
ISO 9001:2000 Internal Auditor Training Course
Education
The College of Law – Legal Practice Course
Kingston University - LLB (Hons) – Law
Lampton School – A Levels and GCSEs
Volunteer Work
Working with SGSS Hounslow (local Sikh Temple) as Chair of the Events Committee to plan,
innovate and evolve events including an annual procession through Hounslow which has up to
20,000 people.
Project management of events includes liaisons and influencing of the Executive Committee,
Metropolitan Police, London Fire Brigade, Transport for London, St John’s Ambulance, London
Ambulance Service and London Borough of Hounslow. Chairing the Gold Partners Meetings as
well as training and organising all volunteers.
Part of the SGSS Southall annual procession which is the largest of its kind in Europe with over
100,000 people.