Security & Compliance Specialist

What will you do every day?

As a Security & Compliance Specialist, you are responsible for helping the implementation of the organization's information security and compliance programs. You will also help in implementing and reviewing data protection and privacy controls through technical, operational, and administrative measures. The ideal candidate will have good experience in Security in SaaS products, a deep understanding of regulatory requirements, and a proactive approach to managing security threats and third-party risks; someone who enjoys security work and possesses both deep and wide expertise in the security space.

Job Responsibilities

• Develop and Implement Security & Privacy Policies (Primary | Must have)

• Create and maintain comprehensive security policies and procedures for cloud environments and application security that align with organizational goals and regulatory requirements

• Ensure policies are regularly updated and communicated to relevant stakeholders; should be an SME for Enterprise Security and Privacy related activities

• Third-Party Risk Management (Primary | Must have)

• Handle the third-party risk management activities (TPRM) covering both inbound and outbound assessments (through the Customer & Vendor lifecycles)

• Collaborate with procurement and legal teams to ensure third-party contracts include appropriate security and compliance requirements (this includes reviews of MSA, Bids, RFP’s)

• Compliance Oversight (Primary | Must have)

• Ensure the organization’s compliance with relevant laws, regulations, and standards (e.g., GDPR, HIPAA, ISO 27001, ISO 27701, DPDP, SOC 2); should be an SME for compliance

• Implementation of minimum 3 standards from GDPR, HIPAA, ISO 27001, ISO 27701, DPDP, SOC 2

• Lead internal and external audits and manage responses to audit findings

• Product Security Practices (Primary | Must have)

• Integrate security practices into the software development lifecycle (SDLC) and review the releases based on the established Secure SDLC processes

• Review the Products from time to time checking the availability of enterprise security features

• Cloud & Infra Security (Secondary | Good to have)

• Implement, review and maintain robust security controls for cloud platforms (AWS/Azure/GCP) as per the industry best practices (DevSecOps)

• Perform security assessments/reviews and VA scans (non-mandatory) on cloud infra.

• Cybersecurity (Secondary | Good to have)

• Knowledge on Cyber Attack Vectors, Cyber Threat Intelligence, Attack Surface Mgmt., etc.

• Adequate knowledge on Incident Response, Business Resilience and Risk Management

Other responsibilities

• To act as a Security & Privacy champion/catalyst for all functions/BUs within the Company

• This role needs an avert-risk mindset and should handle Incident Management (able to Identify, Analyze, and Resolve Security Incidents)

• Contribute to the Cloud & CyberSecurity roadmap and act as an internal advisory/consultant

• Training entire staff about security and privacy best practices whenever necessary

Experience & Other Requirements

• Degree/Diploma in Computer Science / Information Technology / Cybersecurity or equivalent

• 5+ years (5-7) of experience in information security, with a focus on compliance

• Proven track record in implementing security and compliance policies & controls in a Product based Product company (preferably in a SaaS-based company)

• At least 3 years of working and implementation knowledge for any three of the compliances (ISO 27001, 27701, GDPR, HIPAA, SOC 2, DPDP) 

• Good to have working knowledge of Cloud security practices & involved in DevSecOps activities

• Good research mindset with a zeal to explore, learn, share, and implement

• Preferable who can join in 30 days