Information Security Auditor

Description :

The Information Security Auditor will work across the organization to ensure Nextivas compliance with global security and privacy regulations.

This will be achieved by establishing strong working relationships with system and control owners and applying knowledge of IT infrastructure to develop security policies and procedures, monitor compliance, and remediation efforts, conduct internal audits, and support external audits.

Monitoring and assessments will include periodic reviews of user access, firewall configuration, and vendors.

The auditor will also perform periodic internal security and privacy compliance audits, document and report gaps and non-conformities and lead remediation efforts with internal teams.

The auditor will support external audits by working with internal teams to collect control evidence and manage the audits to achieve compliance.

Key Responsibilities :

- Assess compliance of the organization to industry standards, security frameworks, and privacy regulations.

- Review and update security and privacy policies and procedures to ensure consistency with new and evolving requirements.

- Plan and conduct internal audits of the design and effectiveness of the organizations security and privacy controls, policies, processes and procedures.

- Document audit findings, identify and report gaps and risks in controls, and lead remediation efforts.

- Support external audits by working with the auditor and internal asset, process, and control owners to gather and submit evidence for compliance.

- Keep up to date with changes in security frameworks, regulatory changes, and commercial requirements that affect the organizations compliance, including all countries where Nextiva provides, or intends to provide, service.

- Work with product development teams, infrastructure, and other parts of the organization to define policies and procedures, implement remediation plans, and monitor compliance.

- Effectively use available AI tools to plan and conduct audits, develop policies and procedures, and document audits.

- Perform other duties to support the security and compliance of the organization as required.

- Comply with organization information security policies.

Qualifications :

- Bachelors degree in an IT related field or equivalent experience and 2-5 years of experience in working in IT security, software development, or IT or information security audit.

- Strong knowledge of IT infrastructure and networking, including data center infrastructure, cloud infrastructure (GCP and AWS), IP networking, firewalls, IDS/IPS and endpoint security tools, backup and recovery, identity and access management, application security, and SIEM tools.

- Understanding of security and privacy frameworks and regulations, including SOC 2, ISO-27001, UK Cyber Essentials, NIST, NIS2, HITRUST, PCI-DSS, HIPAA, GDPR, and CPRA.

- Desired certifications - one or more of the following : CISSP (Certified Information Systems Security Professional), Certified Information Security Manager (CISM), SSCP (Systems Security Certified Practitioner), CCSP (Certified Cloud Security Professional) or CompTIA Security .

- Flexibility to work extended hours and off-hours to support global project teams.

Competencies :

- Strong analytical problem-solving skills and attention to detail.

- Organization, Time Management & Prioritization Self-starter that focuses on key priorities; plans, organizes, schedules and executes on tasks and projects in an efficient and productive manner.

- Ability to form productive relationships across the organization to accomplish information security objectives.

- Ability and willingness to learn all aspects of the information security field.

- Professional verbal and written communication skills in English.

- Expresses ideas using clear, effective and efficient language.

- Listens patiently and attentively.

- Adapts to the purpose of communication with appropriate style, substance, detail, confidence and channel.

- Possess the ability to manage multiple channels of communication simultaneously; phone, email, tickets, and chat.

- Able to assess, document, and prioritize identified security control gaps and vulnerabilities based on risk.

Nextiva DNA (Core Competencies) :

Nextivas most successful team members share common traits and behaviors :

- Drives Results : Action-oriented with a passion for solving problems. They bring clarity and simplicity to ambiguous situations, challenge the status quo, and ask what can be done differently. They lead and drive change, celebrating success to build more success.

- Critical Thinker : Understands the "why" and identifies key drivers, learning from the past. They are fact-based and data-driven, forward-thinking, and see problems a few steps ahead. They provide options, recommendations, and actions, understanding risks and dependencies.

- Right Attitude : They are team-oriented, collaborative, competitive, and hate losing. They are resilient, able to bounce back from setbacks, zoom in and out, and get in the trenches to help solve important problems. They cultivate a culture of service, learning, support, and respect, caring for customers and teams.

Total Rewards :

Our Total Rewards offerings are designed to allow our employees to take care of themselves and their families so they can be their best, in and out of the office. Our compensation packages are tailored to each role and candidate's qualifications.

We consider a wide range of factors, including skills, experience, training, and certifications, when determining compensation. We aim to offer competitive salaries or wages that reflect the value you bring to our team. Depending on the position, compensation may include base salary and/or hourly wages, incentives, or bonuses.

- Medical : Medical insurance coverage is available for employees, their spouse, and up to two dependent children with a limit of 500,000 INR, as well as their parents or in-laws for up to 300,000 INR. This comprehensive coverage ensures that essential healthcare needs are met for the entire family unit, providing peace of mind and security in times of medical necessity.

- Group Term & Group Personal Accident Insurance Provides insurance coverage against the risk of death / injury during the policy period sustained due to an accident caused by violent, visible & external means. Coverage Type Employee Only. Sum Insured 3 times of annual CTC with minimum cap of INR 10,00,000. Free Cover Limit 1.5 Crore.

- Work-Life Balance - 15 days of Privilege leaves per calendar year, 6 days of Paid Sick leave per calendar year, 6 days of Casual leave per calendar year. Paid 26 weeks of Maternity leaves, 1 week of Paternity leave, a day off on your Birthday, and paid holidays.

- Financial Security Provident Fund & Gratuity.

- Wellness Employee Assistance Program and comprehensive wellness initiatives.

- Growth Access to ongoing learning and development opportunities and career advancement.

At Nextiva, we're committed to supporting our employees' health, well-being, and professional growth. Join us and build a rewarding career

---