Lead- Information security, Risk and Compliance (12436)
Location: Bengaluru,None,None
Position Summary:
The Security Compliance Specialist is responsible for managing all compliance related activities within the Whatfix platform and supporting other global compliance related initiatives. Compliance activities will include coordinating internal and external assessments/audits, contributing to policy and standards updates, developing compliance framework and producing compliance reports, metrics, scorecards and dashboards. This position will require some technical background with appropriate security training/skills.
Responsibilities:
Lead, manage and improve security compliance program for Whatfix
Coordinate external audits and customer assessments of Whatfix platform
Develop compliance strategy in alignment with business requirements, objectives and metrics
Translate legal, statutory and contractual obligations into a cohesive collection of processes and provide the respective stakeholders with the compliance requirements and methodologies
Interface with management and partner with groups such as Engineering, operations and Customer Success on how to best improve security compliance and reduce risk
Use key business measurements to identify and drive process improvement opportunities for compliance and risk management
Review and update security policies and standards on a regular basis to address new threats, new industry practices, requirements and standards based on security and compliance requirements
Coordinate regular system and network audits, reviews, and tests to verify compliance with security policies and standards
Conduct and/or interpret network, system and application Audits/assessments and track through to remediation
Monitor internal and external security advisories that impact security, risk and compliance requirements
Support the implementation of security controls and recommend areas for risk reduction
Support RFP and contractual agreements process in assessing security requirements from potential customers
Develop and enhance an information security, risk & compliance management framework based on CobIT/Risk IT, NIST, ISO and CSA CCM/STAR, FEDRAMP
Manage updates to the external and internal security portals
Assist and improve security awareness program
Assist and improve governance activities
Evaluate suspected security breaches, work with subject matter experts, and recommend corrective actions
Skills and Experience Required:
At least 6-8+ years of experience in information security, compliance, audit and/or risk management
End-to-end security experience including web, application, network, OS and database
Knowledge of security issues, trends, best practices
Familiarity with audit, business and segregation of duties, risks, and controls
Ability to foresee and identify mitigation strategies for risks
Knowledge in at least 2 of security industry standards such as SSAE18/SOC2, ISO 27001, PCI-DSS, NIST and CSA CCM/STAR, FEDRAMP mandatory
Working knowledge in one or more privacy laws such as GLBA, HIPAA, GDPR, CCPA is important.
Excellent communication and presentation skills
Ability to communicate well up to line management and also motivate technical teams
Ability to work autonomously with flexibility and excellent judgment
Ability to work effectively under pressure to meet deadlines
Ability to solve problems quickly and automate processes
Ability to work cooperatively as part of a team
Education:
Bachelor's degree in computer science, information technology or other related major required
ISO 27001 Internal Auditor
CISM/ CISA