Compliance Manager/Governance, Risk, and Compliance Manager(10+ Yrs of Exp)

We build breakthrough software products that power digital businesses. We are an innovative product development partner whose solutions drive rapid revenue, market share, and customer growth for industry leaders in Software and SaaS, Media and Publishing, Information Services, and Retail. Our key differentiator is our Product Mindset. Our development teams focus on building for outcomes and all of our team members around the globe are trained on the Product Mindset’s core values – Minimize Time to Value, Solve For Need, and Excel at Change. Our teams apply this mindset to build digital products that are customer-facing and revenue-generating. Our business-minded approach to agile development ensures that we align to client goals from the earliest conceptual stages through market launch and beyond.
In 2024, 3Pillar Global India was named as a “Great Place to Work” for the fifth year in a row based on how our employees feel about our company, collaborative culture, and work/life balance - come join our growing team

The Compliance Manager is responsible for the following activities:

• Establishing and documenting the company’s global Information Security Management System (“ISMS”) as per the requirements of the following standards: SOC2; ISO 27001; HIPPA; GDPR; HiTrust (collectively, the “Standards”);
• Developing and delivering training content for all employees regarding the Standards and compliance with privacy laws;
• Implementing the company’s ISMS;
• Planning and managing internal audits and ensure that they are conducted as per the applicable requirements;
• Ensuring effective corrective actions as identified during the internal audit, is taken by the departments;
• Controlling all the documents related to ISMS;
• Coordinating periodic management review meetings;
• Reporting to the General Counsel of the company at regular intervals on the status of the ISMS activities in the company;
• Ensuring that 3Pillar conducts its business in compliance with applicable privacy and data security laws, regulations and standards;
• Collaborating with and provide leadership to global cross-functional teams regarding compliance with privacy and data security standards;
• Developing, disseminating and administering global company policies and practices for complying with privacy and data security standards;
• Developing and overseeing control systems to prevent or deal with violations of legal guidelines and internal policies;
• Evaluating the efficiency of controls and improve them continuously;
• Collaborating with corporate counsel and HR departments to monitor enforcement of standards and regulations;
• Conducting periodic internal reviews or audits of adherence to privacy and data security requirements;
• Managing external audit of compliance with privacy and data security requirements;
• Conducting internal investigations of compliance issues, with oversight by the General Counsel;
• Assessing service, compliance and operational risks in relation to privacy and data security requirements and standards, and develop pragmatic, cost-effective risk mitigation strategies;
• Verifying that appropriate systems are in place to adequately provide oversight and monitoring in all required areas;
• Preparing reports for senior management and external regulatory bodies as appropriate;
• Jointly managing with IT Global Manager the overall information systems security program implemented efficiently in IT Department;
• For any breach of information security event and/or incident coming to your notice, will work out together with Global IT Manager to establish corrective action plan & implementation for reducing such risk;
• Encouraging the participation of the managers, auditors and the staff members from other disciplines, who can contribute to the information systems security program;
• Reviewing audit and examination reports and addressing any identified information security issues;
• Working with company stakeholders to decide on the priority of security needs and then spend according to an organization's financial constraints and directives; 
• Working with technical personnel to ensure that the software and hardware configurations in their organization and their vendors’ organizations are compliant with the Standards and regulatory requirements;
• Overall technology evaluation and selection to meet the agreed upon security architecture plan.

Qualifications:

• Two or four-year degree from a reputable college or university required.
• Minimum of five years  experience in ISMS program development and management,  governance, risk management, security incident management, ISMS auditing, control, security or assurance required. 
• Strong background and knowledge of security and compliance standards and associated guidelines for protecting sensitive data from unauthorized access, security incidents, and other vulnerabilities. 
• Minimum of three years of experience in managing SOC2 and/or ISO 27001 audits.
• Minimum of one year of experience in managing compliance with HIPPA and GDPR requirements; 

One or more of the following certifications (or their equivalents) is desirable:   
• Certified Information Privacy Professional (“CIPP”); 
• Certified Information Security Manager (“CISM”); 
• Certified Information Systems Security Professional (“CISSP”);  
• Certified systems Information Auditor (“CISA”)
• Project Management Professional (“PMP”)
• Certified in Risk and Information Systems Control (“CRISC”).