Regulatory Compliance Management SOC ITGCS | 6-16 years

Regulartory Compliance Management 

Locations: NOIDA, Bengaluru, Chennai

Experience Required: minimum 6-16 years

Work-Experience: Total – 8 to 10 years in Information Security and exposure to regulatory audits and testing. Directly engaged in helping customers across multiple industry verticals transform their risk and compliance programs from either non-existent or ad-hoc in nature to fully controlled, quantified and further optimized.

Type of Experience: 

Comprehensive experience in different areas of Information security such as Information Security Consulting, Third Party Risk management, Compliance Audits, Risk Management

Design and implement different security frameworks likes of NIST CSF

Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that customer meets both the requirements and intent of its regulatory and compliance obligations 

Good knowledge of IT Security technologies, Operating Systems, Database, routing and switching.

Knowledge of implementing, managing and auditing security & compliance regulation (SOX, GDPR etc), Standards (ISO 27001) and frameworks (ITIL, NIST , COBIT)

Experience in Risk Management/Compliance Assurance/ Audits

Holds experience in delivering Risk and Compliance management services for a client-based delivery environment.

Certifications 

CISM / CISSP / CISA / ISO 27001, along with other technical certification like CCNA, CCSA etc.

Areas of Responsibility

Develop and implement security frameworks aligned with NIST CSF, ISO 27001 

Develop and implement security control compliance frameworks aligned with different regulations and standards

Lead / manage / design different security risk assessments and suggest recommendations 

Evaluate the effectiveness of the information security program by developing, monitoring, gathering, and analyzing information security and compliance metrics for management

Work with internal/external teams to understand the security audit requirements and deliver against project plans

Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, SOX 404, HIPAA, NIST CSF, ISO 27001

Designed and developed risk management frameworks

Assist in compliance initiatives at function and organizational levels in areas of Information security and Risk Management

Perform Information Systems Audits & Assessments based on SOX 404 regulatory requirement and IT Security methodology and framework

Design and develop control testing and data gathering procedures for specific controls to meet different regulatory requirements likes of SOX / GDPR / HIPAA

Identifies, analyzes, evaluates, and documents information security risks and controls based on established risk criteria

Design and develop information security policies, procedures and guidelines

Conducts security risk assessments of planned and installed information systems to identify vulnerabilities and risks 

Recommends controls to mitigate security risks identified via risk assessment process

Review IT Security policy and IT infrastructure to reconcile critical control testing procedure for Password policy, Privilege access validation, Privilege access approval, Patching, Network user reconciliation, External email encryption, Sever log management, Antivirus monitoring, Backup management, Data center access validation

Prepare and Conduct Security and Privacy assessment for HIPPA, GDPR Compliance 

Report Key Risk Indicators and deriving root cause for significant deviations

Continuously assess security measures in place for effectiveness thus highlighting deficiencies for remedial action

Participating in the solution development process and ensuring that customer requests around information security

Collecting and understanding business requirements from customer and design fit for a purpose compliance program

Review, design and deploy information/IT security procedures & guidelines across various IT functions and services.

Manage and mature security audit program

Creating, maintaining, communicating, and enforcing information security policies

Soft Skills Required

Leader with integrity, maintains strategic orientation, demonstrates business & financial acumen, champions innovation, manages execution, leads team

Good problem-solving capability, good communication and documentation skills

Leading highly empowered, self-directed teams including cross-functional teams

Handle multiple tasks with different group in a team in a wider domain

Ability to work well with people from different disciplines with varying degrees of technical experience

Ability to work comfortably under pressure and deliver on tight deadlines

Ability to prepare Informative Presentation & MIS documentation

Should be working as per policies & procedures in compliance with Information Security recommendations.

Self-driven to take individual initiatives and able to work with minimal guidance.