5 Pcidss Jobs

Client interface for understanding the IT Governance, IT Risk & Compliance Management Controls as applicable to Infrastructure operations. Responsible and accountable for driving and maintaining the Compliance Program Which Includes: I. Defining and implementing controls as per Customer defined Security and Privacy policies II. Ensuring measurement and compliance to the policies. III. Drives Internal and External Audits IV. Participate and advise on Security Incident Investigation V. Training and awareness of Employees on Security Policies Well versed and hands-on experience for establishing processes, controls and audits of compliances like ISO 27001, ISO 15408. SOX ITGCs, SSAE 18 SOC 1 & SOC 2, PCIDSS,HIPAA, Data Privacy Standards (GDPR/Schrems) Frameworks. Documentation of IT & risk management Controls as they are currently being executed in client environment and ensuring that the same controls are followed and implemented in service delivery operations Work with the client & technical teams for change request on any risk or control implementation as well as governance process Participate in internal as well as external regulatory audits as well as IT security audits. Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security Point of contact for the client compliance & IT audit team for provisioning audit evidences within the SLAs defined. Provide strategic guidance & consulting support on implementation of IT controls for Networks, Operating Systems, System Security, Backup & Recovery, Storage, BCP/DR Work with the client & team in identifying any process/ control gaps and suggesting the remediation plan& tracking the plan progress till closure. Liaison with Audit Firms and Client for all types of External audits like (ISO 27001, SSAE 16 SOC 1/ SOC 2 etc)

Key highlights of the role are listed below (purely indicative and not limiting): Develop and execute a comprehensive information security strategy, aligned with the organizations goals, to protect sensitive data and systems from cyber threats. Collaborate with senior management to integrate security best practices into the organization's overall strategy and operations. Oversee the development and implementation of risk management frameworks, including business continuity and disaster recovery plans. Identify, assess, and mitigate cybersecurity risks across all organizational levels. Establish and maintain the company’s cybersecurity policies, standards, and procedures. Ensure the organization’s cybersecurity practices comply with regulatory and local data protection laws Manage the company’s security posture, including risk assessments, audits, and compliance initiatives Conduct regular risk assessments to identify potential security gaps and implement corrective actions Define and enforce a risk management framework to address emerging threats and vulnerabilities. Managing and monitoring SOC and drive cyber security related projects. Conduct and complete an annual review of required PCIDSS, ISO 27001 regulations and certification. Conducting risk assessment and security reviews of new applications and initiatives and recommendation to mitigate risk. Ensuring that periodic tests are conducted to evaluate the adequacy and effectiveness of technical security control measures, especially after each significant change to the IT applications/ systems/ networks as well as after any major incident Ensuring regulatory and non-regulatory compliance on IT Governance and Cyber Security within stipulated timelines Develop Information security awareness training and education program. Lead internal and external cybersecurity audits, reviews, and compliance reporting, while conducting security committee meetings and liaising with internal and external auditors on matters related to information security. Ensure personnel only have access to the sensitive information for which they have appropriate authority and clearance. Ensure controlsin place against unauthorized access to workstations and related equipment. Set the access and authorization controls for everyday operations as well as emergency procedures for data. Implement automated and continuous monitoring of security incidents. Respond to cyber incidents in a timely manner. Implement Cyber capability index to identify cyber maturity and reporting the cyber health to regulators. Work closely with the legal and compliance teams to ensure adherence to industry regulations and standards. Stay up-to-date with the latest security trends, threats, and regulatory changes and adjust the security program accordingly. Applicants should possess the following attributes: Extensive experience in information security leadership roles, with a proven track record of strategic planning and execution. Deep understanding of regulatory standards and frameworks, including PCIDSS, ISO 27001, GDPR, and others. Hands-on expertise in cybersecurity technologies such as SIEM, SOAR, UEBA, TIP, and advanced threat detection systems. Strong background in risk management, governance, and compliance across diverse IT environments. Familiarity with emerging technologies, including AI, ML, and blockchain, and their implications on cybersecurity. Exceptional communication skills with the ability to present complex security topics to executive leadership and stakeholders.

Key highlights of the role are listed below (purely indicative and not limiting): Develop and execute a comprehensive information security strategy, aligned with the organizations goals, to protect sensitive data and systems from cyber threats. Collaborate with senior management to integrate security best practices into the organization's overall strategy and operations. Oversee the development and implementation of risk management frameworks, including business continuity and disaster recovery plans. Identify, assess, and mitigate cybersecurity risks across all organizational levels. Establish and maintain the company’s cybersecurity policies, standards, and procedures. Ensure the organization’s cybersecurity practices comply with regulatory and local data protection laws Manage the company’s security posture, including risk assessments, audits, and compliance initiatives Conduct regular risk assessments to identify potential security gaps and implement corrective actions Define and enforce a risk management framework to address emerging threats and vulnerabilities. Managing and monitoring SOC and drive cyber security related projects. Conduct and complete an annual review of required PCIDSS, ISO 27001 regulations and certification. Conducting risk assessment and security reviews of new applications and initiatives and recommendation to mitigate risk. Ensuring that periodic tests are conducted to evaluate the adequacy and effectiveness of technical security control measures, especially after each significant change to the IT applications/ systems/ networks as well as after any major incident Ensuring regulatory and non-regulatory compliance on IT Governance and Cyber Security within stipulated timelines Develop Information security awareness training and education program. Lead internal and external cybersecurity audits, reviews, and compliance reporting, while conducting security committee meetings and liaising with internal and external auditors on matters related to information security. Ensure personnel only have access to the sensitive information for which they have appropriate authority and clearance. Ensure controlsin place against unauthorized access to workstations and related equipment. Set the access and authorization controls for everyday operations as well as emergency procedures for data. Implement automated and continuous monitoring of security incidents. Respond to cyber incidents in a timely manner. Implement Cyber capability index to identify cyber maturity and reporting the cyber health to regulators. Work closely with the legal and compliance teams to ensure adherence to industry regulations and standards. Stay up-to-date with the latest security trends, threats, and regulatory changes and adjust the security program accordingly. Applicants should possess the following attributes: Extensive experience in information security leadership roles, with a proven track record of strategic planning and execution. Deep understanding of regulatory standards and frameworks, including PCIDSS, ISO 27001, GDPR, and others. Hands-on expertise in cybersecurity technologies such as SIEM, SOAR, UEBA, TIP, and advanced threat detection systems. Strong background in risk management, governance, and compliance across diverse IT environments. Familiarity with emerging technologies, including AI, ML, and blockchain, and their implications on cybersecurity. Exceptional communication skills with the ability to present complex security topics to executive leadership and stakeholders.

2-5 years of experience in Third-Party Risk Management (TPRM) or vendor risk assessment. Knowledge of risk assessment frameworks such as ISO 27001, NIST, PCI DSS, GDPR, SOC 2

Responsibility- One Trust Module Integration, Free Marker Templates ,One Trust API Integration ,Cookie Management ,Privacy Assessments ,Compliance:, Incident Response: ,Training and Support: Strong understanding of privacy principles and regulation..