Security Compliance Officer

Vadodara The Security Compliance Officer (SCO) is responsible for ensuring that the organization is compliant with all relevant security and privacy regulations, standards, and policies. They will develop and implement compliance programs, policies, and procedures to minimize the risk of data breaches and ensure that the organization's IT systems are secure. **Key Responsibilities**: - Develop and implement a comprehensive security compliance program that aligns with industry standards and best practices. - Ensure compliance with regulations such as HIPAA, PHI, COPPA, GDPR, and PCI-DSS. - Conduct regular risk assessments to identify potential security threats and vulnerabilities. - Develop and implement policies and procedures to prevent security breaches and minimize the impact of incidents. - Provide guidance and training to staff on security compliance matters. - Monitor compliance with security policies and procedures and take corrective action where necessary. - Investigate and respond to security incidents, including breaches and incidents involving malware, phishing, and other cyber threats. - Work closely with IT teams to ensure that security controls are in place, and any issues are addressed promptly. - Ensure that security compliance metrics are collected and reported to management. - Stay up to date on security regulations and standards: The SCO must stay up to date with industry and regulatory security standards and ensure that the organization is complying with all applicable regulations, such as HIPAA, PHI, COPPA, GDPR, and PCI-DSS. - Manage security incidents: The SCO must develop and implement procedures for managing security incidents, including response, investigation, and resolution. - Conduct security training and awareness: The SCO must educate employees on the importance of security and provide training on security policies and procedures. This includes conducting regular security awareness training and developing a culture of security within the organization. - Focus on developing and improving security processes, assisting in metrics development, both within the technology and business organizations. - Utilize expertise to identify evolving security threats and provide in-depth understanding of "if, how, and when" they should be addressed - Evaluate and assess supplier criticality and review changes in scale and scope of services contracted with supplier for material impact - Manage, monitor and track third party compliance to the Third-Party Risk Management Program **Requirements**: - Bachelor's degree in computer science, Information Security, or related field. - At least 5 years of experience in information security and compliance. - Knowledge of security and privacy regulations such as HIPAA, GDPR, and PCI-DSS. - Strong understanding of security technologies and controls, including firewalls, intrusion detection and prevention systems, and security incident and event management (SIEM). - Excellent communication and interpersonal skills, including the ability to communicate complex technical concepts to non-technical stakeholders. - Attention to detail and the ability to work independently. - Relevant security certifications such as CISSP, CISA, or CISM are highly desirable. **Desired Skills**: - Application Security - Network Security - Database Security - Information Security - Best Practices - Data security practices and procedures - Databases and Operating systems - Secure coding principles - Cyber security risk management concepts