Compliance Analyst

The Analyst-Compliance officer's role is to ensure the secure operation of the Sakon information

assets in accordance with our internal processes, procedures, and compliance requirements as

per the relevant ISO standards, regulatory frameworks applicable to Sakon and industry best

practices.

Responsibilities:

Establish and implement practices for Information Security aligned to Cyber

Security Frameworks such as International Organization for Standardization (ISO)

2700X, National Institute of Standards and Technology (NIST) 800-53, Payment

Card Industry Data Security Standard (PCI DSS), AICPA Trust Services Principles

and Criteria (SOC).

• Develop, implement, and maintain the organization’s security architecture to

provide an effective platform to protect the organization’s assets.

• Perform security reviews and compliance testing to ensure adherence to adopted

security and governance frameworks.

• Conduct gap assessments against security and privacy frameworks, regulations, and

best practices.

• Implementation of security and governance controls to address requirements of

privacy like GDPR, CCPA and HIPPA.

• Third party risk assessment for onboarding new vendors and annual review for

existing vendors.

• Perform IT Risk Management as per the ISO 31000 Risk Management

Framework (RMF) and provide recommendations for applying the RMF to the

organizations information systems.

• Information Security Policy and Procedure Management: Creating,

communicating, and maintaining IT Security policies/procedures.

• Lead the development of security and privacy awareness training in conjunction

with other members of the Information Security group.

• Ensuring Security Awareness Trainings and refreshers are updated to current

IT Security Standards.

• Perform and maintain IT Risk Management for processes and technological

controls as per ISO 27002 guidelines.

• Managing internal audits, creating Corrective and Preventive Actions (CAPA)

and tracking until closure.

• Monitor change management process to ensure compliance.

Skills:

Complete understanding of Cyber Security compliances like SOC1 (SSAE-18), SOC2,

SOC3, ISO27001, PCI- DSS, Cloud Security Alliance (CSA).

• Complete understanding of Privacy Compliances and Frameworks like GDPR, CCPA and

HIPPA.

• Working knowledge and understanding of COBIT and ITIL Framework.

• Understanding of Software Development Life Cycle (SDLC).

• Integrating security practices within SDLC.

• Knowledge of Information Technology trends and impact on related security procedures

and processes.

• Strong analytical and critical-thinking skills.

• Identification and mitigation of gaps within Information Security policies and

procedures.

• Knowledge of identity management include authentication and authorization across

internal and external IT assets of services.

• High quality documentation based on relative standards.

• At least one industry certification (ISO 27001 LA, CISA, CISM, CRISC, ISAAP) highly

desired.

• Minimum two to three years’ experience conducting security control assessments or

audits.

• Minimum two years' experience developing or managing a security awareness program.

• High-level of attention to detail and be a self-starter with ability to work independently,

multi-task and adjust to shifting priorities.

Perks & Benefits:

Flexible Holiday Policy (choose your own

holidays)

• Life & Medical Insurance

• Focus on Skill Development, Re-imbursement

for Certifications

• Wifi-Mobile bill reimbursement

• Employee wellbeing activities

How to Apply and Interview Process:

To apply, kindly share the resume with namrata1.navadgi@sakon.com.