Senior manager Infosec and compliance

Senior Manager (Compliance, Information Security)

Designation/ Role:

Compliance – Senior Manager

Experience:

12 to 15 years of experience in Compliance, Information Security and BCM Domains

Department:

Compliance & Information Security

Work Timing:

9 hours/day; 5 days a week flexible shift timing between 10 am to 12 am IST. Should be ready to work as per US/UK shift timings as and when needed.

Qualifications:

Graduate / B.E. 

Professional Certifications:

ISO27001 Lead Auditor/PCI DSS/CEH-EC council/CISA.  

Key Skills:

ISO 27001:2022 (ISMS), HIPAA, SOC 2 Type II, HITRUST, PCI DSS, VAPT and Cyber Security Assessments, Vulnerability Management, Third-party Risk management, Creating New Policies/SOPs, Filling the client questionnaire, Dark Web Monitoring, and Attack Surface Monitoring.

Experience

• Mandatory
• Expertise working with ISO 27001:2022, PCI DSS Certifications and HIPAA Assessments.
• Internal and External audit experience of ISO standards ISO 27001.
• Sound knowledge and audit experience of HIPAA compliance and HITRUST requirements.
• Good hands-on experience in VAPT, Vulnerability management, Dark Web Monitoring, Attack Surface Monitoring, and cyber security management.
• Should have hands-on experience in responding to Client's RFP questionnaires/documents and performing Third-party Risk Management.
• Should have hands-on experience working on SOC 2 Type II/ HITRUST/PCI DSS certification requirements.
• Good knowledge of basic ITGC controls/Information Security.
• Good written and verbal communication skills.
• Experience in coordinating with vendors, external auditors and internal stakeholders for different compliance and information security tasks.
• Experience in handling cybersecurity audits/assessments.

• 12+years of relevant experience in the same field.

• Desired

• Certified Lead Auditor for ISMS and Certified PCI DSS implementer.

Job Summary:

Compliance and Information Security Senior Manager will be a part of the core compliance team and will help drive, manage, implement, and evaluate the certification and compliance standards is certified for i.e., ISO 9001, ISO 27001, HIPAA, SOC2, VAPT, PCI DSS, HITRUST, Cyber Security Assessments, Dark Web Monitoring, Attack Surface Monitoring, VAPT Assessment, Third-Party Vendor Management, and Filling up of client security questionnaires/RFP documents.

Duties and responsibilities:

• Communicate with internal and external stakeholders for all compliance related activities.
• Participate in Compliance audit programs both internal and external for ISO, HIPAA, SOC2, VAPT, PCI DSS, HITRUST, Cyber Security assessments, etc., as and when needed.
• Develop and review company policies and procedures, handle training programs and monitor compliance related matters.
• Educate stakeholders to implement corrective actions.
• Ensure corrective actions have been implemented for all identified compliance deficiencies.
• Promote awareness related to privacy, and security and enforce compliance across the enterprise.
• Support Implement and manage compliance programs effectively.
• Report MR/CISO/Management about the status of compliance and information security in the organization through detailed reports.
• Create, manage, and track effective action plans in response to audit observations and compliance violations.
• Manage and perform internal audits to identify possible weaknesses or risks to the company's information security management system.
• Perform additional audits as and when required.
• Assess the organization's processes to determine the compliance risk and formulate necessary risk mitigation plans.
• Ensure all employees are aware of their compliance responsibilities.
• Working with the vendors and external auditors on all audits and assessments related tasks and ensuring to close the loop with them.
• Work with the vendors in performing the third-party audits based on the frequency.
• Handling Dark Web Monitoring / Attack Surface Monitoring tools and ensuring to mitigate the risks for the organization.
• Work with internal stakeholders in filling up the client questionnaires and RFP documents for submitting them timely.
• Ensure to send awareness mailers to users.
• Experience in handling Phishing Simulation campaigns across the organization.