Job
Description
br> Work Mode : Onsite Job description This is a very dynamic high-growth environment and requires being agile and flexible. Successful candidates for this role should be experienced in evaluating, ever-evolving compliance requirements and conducting gap assessments, documenting compliance-related governance documents (policies, standards, etc.), and experienced in third-party compliance audits. The successful candidate will be knowledgeable with risk management and risk treatment methodologies working in a similar fast-paced organization. The candidate is expected to have an understanding of the Cloud SaaS technical environment and translate the compliance requirements into language Developers, DevOps, and Leadership can apply to our environments and work closely with cross-functional teams spread across multiple geographies. Major Responsibilities/Activities Evaluate new and evolving certification programs, regulatory requirements, and technologies. Conduct comprehensive assessments of technical controls, information security policies, and procedures against applicable regulations and compliance requirements. Assessments include GAP analysis, recommendations and prioritize enhancements to the security and privacy infrastructure to remove or mitigate risk. Effectively communicate execution status, key accomplishments, and risks that impact Cloud s ability to achieve or maintain compliance accreditations or certifications to line management. Evaluate and audit security control systems to address requirements. Advise process/control owners with the preparation and ongoing maintenance of controls and control documentation (e.g., policies, procedures, etc.). Guide Development Operations on the appropriate selection, design, implementation, and configuration of security controls. Identify control deficiencies make appropriate recommendations and drive remediation of control deficiencies. Proactively identify gaps or conflicts in existing processes and work to develop solutions with cross-functional teams. Program manage Third-party compliance audits. Collaborate effectively across multiple organizations with diverse personalities and expertise to drive agreement on complex issues. Support the annual review of information security and privacy policies, standards, and guidelines covering all areas within the environment. Engage with Infrastructure and/or Architect Teams to assess the security risk of proposed projects and system/application modifications. Build strong cross-functional relationships with business partners to facilitate the development of strong compliance programs that support continuous improvement and operational efficiency. Minimum Requirements 4+ years of related Governance Risk and compliance and/or security experience. Knowledge and experience in audit execution of a global security certification such as ISO 27001/17/18, PCI, HIPAA, ENS, HDS, SOC 1 / 2 etc. Knowledge of compliance frameworks (NIST etc.). Good understanding of security concepts and practical usage. Knowledge of, or experience working with, Cloud technologies/environments, including evaluating and implementing controls on Software as a Service (SaaS), is a plus. Working knowledge of GRC tools and technologies. Understanding of current Cyber Security trends. Experience managing GRC projects and project management skills. Focus on team and organizational goals, building accountability and a positive team culture. Proactive achiever and comfortable working in a fast-paced, dynamic environment incorporating constant change as we grow. Excellent written and verbal English communication skills; ability to communicate effectively across all levels of the organization. Analytical problem solver with organizational skills and an eye for detail. Prior Big-4 consulting experience or prior professional experience in similar cloud-based organizations is a plus. Desirable certifications One or more Information Security Certifications: CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CRISC ( Certified in Risk and Information Systems Control) , ISO 27K Lead Auditor/ Implementor or other security certification/accreditation.
