Job type full-time
Full job description
Department product & engineering job posted on mar 10, 2022 employee type full time experience range 0 - n.a.
Role: senior compliance associate
Experience :- 4 – 7 years
Duties and responsibilities
Implement and maintain compliance with data protection standards, regulations & legal requirements, including general data protection regulation (gdpr), iso 27001, iso 27701 and other regulatory standards.
Ensure that the organization processes the personal data of its staff, customers, providers or any other individuals in compliance with the applicable data protection rules.
Perform periodic privacy impact assessments to identify and manage privacy risksImplement appropriate controls to mitigate unacceptable risks.
Define, assess and review the contracts/agreements of customers and vendors for information security and data privacy related clauses/ requirements
Respond to information security assessments/audits performed by customers, external and internal auditors
Plan and co-ordinate business impact analysis, ongoing bcp and dr tests
Work with internal stakeholders such as engineering, devops, customer success, it, product, finance, hr etcFor implementing controls for the respective functions and ensuring the continuous operating effectiveness of the controls.
Prepare metrics based periodic reports and dashboards with support from the stakeholder functions for management review
Support information security governance, operations, compliance programs
Support periodic risk assessments based on organization information security policies, industry standards and regulations applicable to the company and its customers including, iso 27001, iso 9001, gdpr, iso 27701, nist 800-53, hipaa, soc 1, soc 2.
Support in conducting information security awareness and training programs for the employees as part of their induction and regular awareness
Support information security incident management process for incident reporting, containment, resolution, and root cause analysis.
Maintain relationships with internal partners, external consultants and suppliers to ensure third party suppliers are assessed, on-boarded, monitored and off-boarded with appropriate due diligence or security maturity identification.
Third party management
Work with upstream and downstream of vendor onboarding/third parties effectively
Provide security assurance review delivery for critical third party vendors
Conduct assurance activity like review of suppliers soc reports.
Lead the oversight of all supporting activities, including reporting and issue remediation
Provide leadership as part of a globally facing team to handle and provide supplier data security advice
Maintain third party information security control framework, report statuses and escalate issues
Publish vendor security assurance dashboard reports to provide situational awareness and communicate compliance risks to management.
Assist documenting and updating as appropriate, the vendor assurance policy, standards and processes ensuring these and the risk register are up to date and regularly reviewed.
Contribute to procedures and processes to standardize and enhance compliance management.
Educational qualifications and certifications:
Be / bTech / bsc iso 27001 la, cisa, cism, cissp (any one preferred)
Direct hands-on experience in implementing, and managing iso 27001, gdpr, iso 27701.
Facing audits - customer, regulatory, independent third party
Managing isms and compliance to privacy regulations
Conducting internal audits
Experience of creating documentation of policy and procedures
Experience of implementing/auditing cloud security controls(preferably, aws)
Posted 30+ days ago