Manager - Compliance and Information Security

Job description 

• Own and manage the contractual certification requirements like SOC1, SOC2, ISO27001, HIPAA, and PCI DSS
• Plan and conduct internal reviews and audits in line with SOC1, SOC2, ISO27001, HIPAA, and PCI-DSS.
• Serve as a subject matter expert on at least 3 of the above standards/frameworks
• Assist internal stakeholders and work with control owners throughout the company on the process and documentation that supports compliance requirements.
• Define, Implement and Manage Policies, Procedures, Processes, and controls.
• Assess design effectiveness and continually monitor operating effectiveness of controls
• Conduct vendor risk assessments (Third Party Risk Management)
• Properly document the audit process, (including evidence gathered), and ensure all the audit issues are tracked to closure

What skills do I need

• Atleast 8+ years of relevant experience in implementing, auditing, and managing certifications like SOC1, SOC2, ISO27001, HIPAA, and PCI-DSS
• Subject Matter expertise on at least 3 of the above-mentioned standards/frameworks
• Work as an Individual Contributor
• Experience and expertise in Vendor Risk Assessments
• Ability to perform Risk Assessments and Business Impact Analysis
• Be Proactive, organized, analytical, detail-oriented and persistent
• Certifications preferred: CISA, CISM, CISSP
• Previous Experience in a Product SaaS company is an advantage