Role: Information Security Compliance & Audit Assurance
Purpose of the role: Plan and Assess Security compliance audit assurance programme for the client accounts to support all compliance audit and certification reviews in line with client contractual commitments and enterprise policies & standards
Liaise with organization technology security policy, ISO 27001, Data privacy and requirement to remediate new and outstanding issues; track security-related issues.
Position reports to: Director – Information Security (Information Security Compliance & Audit Assurance)
Positions that report to this position: Not Applicable
Key interactions:
Internal: Internal Audit, Information Security, IT, HR, Physical Security, Admin/Facilities, BCM, Data Privacy and Delivery Operations
External: External Auditors, Clients
Size of operations: NA
Main Responsibilities:
• Responsible for validating compliance to enterprise controls and client mandates of all info security, network, data security and data management controls across all locations for client account
• Own and deliver all security related audits and Certifications pertaining to client account contractual requirements
• Proficient in security compliance assurance programme implementation with a defined calendar schedule for assurance review / audit
• Strong presentation skills to demonstrate client account level compliance to enterprise security & monitoring controls and client contractual commitments from compliance perspective
• Ensure security gaps identification, assessment, quantification, reporting, communication, mitigation and monitoring
• In-depth knowledge of security compliance and assurance concepts including risk assessment, risk acceptance process, vulnerability management, etc.
• Revise and develop processes to strengthen the current Security Assurance Framework, Review policies & client contractual documents to highlight the challenges/dependencies in managing SLAs
• Creation of reports, dashboards, metrics for security compliance & assurance operations and presentation to CISO and enterprise leadership
• Oversee and / or conduct information security audits as per internal defined schedule and support facilitation of client / certification audits.
Qualifications:
• A bachelor’s degree required.
• Security certifications such as CISSP is an advantage.
• Experience of at-least 4 years in Information Security domain.
• Experience with audit/consulting firm would be an added advantage
Functional Skills:
• Strong understanding of Security Compliance and Risk Assurance.
• Strong knowledge of risk assessment, security incident management, compliance audits, security metrics
• Sound knowledge of ISO 27001:2013, Knowledge of NIST 800-53 and NIST Cybersecurity Framework
• Working knowledge of industry standards such as SOC1/SOC2, CIS
• Working knowledge of privacy standards such as GDPR/ CCPA
Bachelors
B.E
NIST Cybersecurity Framework,Knowledge of NIST 800-53,ISO 27001:2013,
IT-Hardware & Networking