Information Security and QA process compliance Officer

4 - 9 years

10 - 12 Lacs

Posted:5 months ago| Platform: Naukri logo

AI Match Score
Apply

Work Mode

Remote

Job Type

Full Time

Job Description

Information Security and QA process compliance

Experience:

Candidates who have taken a break from career can also apply. Candidates who demonstrate strong intention and capability to learn this domain and have worked in Quality and Process development roles can apply.

Excellent communication skills and documentation skills are very important.

Key Responsibilities:

  • Proficiency in Information Security domains, such as policies and procedures, risk management, compliance, and incident response; familiarity with security frameworks (ISO 27001, NIST, CIS, etc.).
  • Creation and periodic revision of company policies and procedures to align with different compliance standards.
  • Conduct regular security assessments and audits to ensure compliance with industry regulations and best practices.
  • Ensure the organization follows best practices in cloud security, application security, and endpoint protection.
  • Identify vulnerabilities and provide actionable recommendations to enhance security measures.
  • Prepare audit reports detailing gaps, risks, and areas for improvement.
  • Participate in compliance training sessions to educate employees on new policies and procedures.
  • Collaborate with cross-functional teams to address security issues and improve overall security posture.
  • Review and validate release documentation (e.g., release notes, rollback plans) for completeness and accuracy against defined acceptance criteria.
  • Monitor and validate change management processes to guarantee compliance with SOC2, HITRUST, and industry-specific regulations.
  • Identify gaps in the release management process and recommend corrective actions.
  • Ensuring deployment approvals are properly documented.
  • Work closely with Development, QA, NOC and Security teams to align release processes with compliance requirements.
  • Communicate release compliance issues and risks to stakeholders.
  • Track and Report on compliance metrics to senior management.

Required Qualifications:

  • Minimum 5+ years of experience and Strong knowledge of information security and cybersecurity, including network security and infrastructure assessments.
  • Good knowledge of security frameworks, standards, and best practices (SOC2, ISO 27001, NIST and HITRUST).
  • Proficiency in using security tools and technologies for auditing and vulnerability assessment.
  • Certified ISO 27001 Lead Auditor
  • Ability to work independently and manage multiple tasks effectively.