Job description
Responding to Information Security and Data Privacy Request for
Proposals/Information (RFx s) and related questionnaires (Cloud security, NIST, CAIQ, SIG, custom, OneTrust, etc) of SirionLabs prospective customers
Responsible for building and maintaining and up-to-date RFx response library and supporting artefacts in central repository
- Perform Review of SirionLabs Customer and Vendor/Supplier contractual documents (MSA, SOW, DPA, SCC) to verify the compatibility compliance with SirionLabs Information security
privacy requirements - Highlight and articulate the non-compliances and related risk to the wider forum
- Respond to all information security assessments/audits performed by SirionLabs customers, external and internal auditors
- Aligns customer and internal information security objectives to the
ISMS (Information Security Management System) and PIMS (Privacy Information Management System) - Prepare metrics based periodic reports and dashboards
with support from the stakeholder functions for management review - Work with internal stakeholders such as Engineering, DevOps, Customer Success, IT to gather and collate response artifact for security risk questionnaires required for business proposals and for existing client and organizational data requests
- Build, maintain, monitor and fulfil customers contractual
obligations related to information security and data privacy - Understand key infosec obligations from SirionLabs customers and collaborate with other teams to ensure complete implementation of the security controls related to those obligations
- Support in periodic Risk Assessments based on organization
information security policies, industry standards and regulations applicable to the company and its customers including, GDPR, ISO 27701, NIST 800-53, NIST 800-171, NIST CSF, FedRAMP, HIPAA, ISO 27001, SOC 2, CSA CCM - Assist in performing appropriate due diligence and Information Security and Privacy Risk Assessment of IT systems, applications, new technologies, third parties etc and implement mitigation controls Conducting Privacy Impact Assessments, Data Transfer Impact Assessment, developing Data Flow Diagrams, Privacy related
policies and procedures etc - Additional responsibilities include risk, controls, and compliance management, supporting BC/DR audit and examination activities, and development maintenance of policies, standards procedures that are aligned with the best practices
Educational qualifications and certifications:
- BE / BTech / BSc Computer Science with active CISSP / CISA
/ CIPP / CRISC
Expertise/experience
- Strong knowledge and experience cloud security (AWS, Azure, etc) and modern technologies like microservices, containers, multi-cloud architecture
- Knowledge of security technologies and technology platforms security risks - LINUX/Ubuntu, Microsoft Technologies,
infrastructure, and application security (secure SDLC, shift left) - 3- 7 years of relevant experience in a SaaS product company, in Customer facing roles in Information security RFX, Third Party Security Assessments, Audits, Security and Privacy focussed discussions
- Exceptional communication skills, both verbally and in writing, to technical and non-technical audiences of various levels within SirionLabs or outside the organization (executives, regulators, clients, etc)
- Deft Understanding and implementation of Information security standards, compliance such as ISO 27001, SOC 2, NIST 800-53, FedRAMP, IRAP etc and Privacy regulations like GDPR, CCPA, etc
Experience in managing implementing privacy controls related to GDPR, conducting Privacy Impact Assessments (PIA), developing privacy policies and procedures - Ability to articulate, understand and map the client information
security requirements with the Organisational policies and procedures
Organizational skills:
- High focus on Quality, Timeliness Customer Delight
- Self-driven and initiator
- Highly effective cross functional (Pre-Sales, Sales, Legal, etc) collaborator
- Ability to multi-task effectively and work under pressure and odd hours
- Task finisher
Role: IT & Information Security - Other
Industry Type: Software Product
Department: IT & Information Security
Employment Type: Full Time, Permanent
Role Category: IT & Information Security - Other
Education
UG: B.Sc in Any Specialization
PG: Any Postgraduate