Security & Compliance Specialist

Position : Security & Compliance Specialist

Reports to: Manager InfoSec, GRC

Department: Information Security (InfoSec)

Location: Bangalore

Work Mode : Hybrid

Key Responsibilities

This role oversee the development, evaluation and implementation of governance, risk and compliance.

This role provides operational and conformance checking of information security implemented. The role will undertake specific audits tasks directly and will work with identified stakeholders to ensure that audit lifecycle is in compliance.

Additionally, this role will undertake regular conformance checking tasks to ensure compliance is met to acceptable security levels in different audits.

This role will also undertake a number of critical asks and requests from security projects which manages to successful delivery of projects and the associated resources.

Further, this role will work with all departments across Technology, Business and Third Party vendors/partners and manages inter-dependencies / work-streams and across multiple projects to ensure that Projects are delivered on time:

• Provide consulting services for Technology & Business team for Audit Security process and implementation of controls.
• Define Security assessment scope, requirements, time lines and goals.
• Pro-actively reviews all gaps found on audits related to systems and types of access controls on various risks like Cyber Threats, Data Security and compliance and communicate for timely actions to mitigate them.
• Supports in managing all type of internal and external InfoSec audits (end to end), status of Security assessment, Report Observations and remediation with all the agreed timelines.
• Works with end customer SPOC to ensure all the desired requirements are delivered by liaising with all the business stakeholders.
• Delivers Security Assessments projects on time, and at the expected quality, have root- cause analysis with clear action plan and obtain sign-off with all relevant parties.

Preferred Skills

• Ensure the organization complies with local, federal and international regulatory and legal requirements
• Stay up to date on all major privacy and data protection laws, GDPR, CCPA, DPA, PIPEDA etc.
• Experience in handling various Security Assessments, regulatory requirements but not limited to PCI- DSS, ISO27001, ISO9001, GDPR, CCPA, SOC2 and privacy shield.
• Practical understanding of security standards, Processes and risk frameworks.
• Has good understanding of audit frameworks and various datasheet involved in preparing for the external audits.
• Knowledge of current industry best practices and standards, local/international security and compliance guidance.
• Broad, and commensurately high-level knowledge of Security technology, such as: PKI, firewalls, access management, encryption, IDS & IPS, Cyber threats, encryption, and identity management.
• Strong time management, communication and prioritization skills.
• Ability to work with Technical and Non- Technical business owners.
• Practical understanding of security processes and risk frameworks.
• Partners with External consultants/ internal stakeholders on Regulatory Changes to ensure regulatory changes are added within the system of record.
• Drive integration with Compliance teams aligned to Business Units for all the related audits (end to end).
• Knowledge of current industry best practices and standards, local/international security and compliance guidance.
• Conducting deep dives into specific areas of focus based on Risk and Regulatory priorities as and when needed.
• Proficiency in reviewing and assessing process flows to detect potential risks, deficient controls, duplicated effort, extravagance, and fraud, non-compliance with laws, regulations, and management policies.
• Partners with other Operations Managers to ensure timely and effective delivery for all audit requirements.
• Contribute to the Group ISMS content development, maintenance and maturity.
• Take the interface between custom authorities and colleagues/partners on customs Audits.
• Drive matrixed project planning and execution to deliver and sustain privacy compliance

Required Qualifications

• Bachelor/Master of Science degree. Computer Science, Engineering, Telecommunications or management degree(would be advantage)
• 6/6+ years’ experience in audits and compliance management
• Excellent planning, multi-tasking, organization and problem solving skills.
• Knowledge of certifications and framework like NIST, HIPAA, ISO 27K, PCI-DSS and SOC2.
• Excellent communication skills.
• Hold certifications like ISO9001, ISO 27001 and Green belt(added advantage)