Manager Infosec, Process & Compliance

This role is part of the Information Security Process and Compliance Team of Zeta. The Manager Process & Compliance of InfoSec Audit and compliance is for preparing and supporting PCIDSS, ISO 27001 and SOC external Audits. Actively participate, strengthen and improve Internal Audit process and provide assurance on internal technology and process compliance. Collaborate with the Cloud and Product security team to drive Risk and compliance goals.

Responsibilities

• for entire security of Zeta s Tech stack (Cloud & On-prem)Perform regular VA/PT for Web, Network, Cloud and Mobile applications
• Integrate security testing tools (SAST, DAST) in to CI/CD pipelines
• Regular code reviews, involve in application design discussions
• Maintain audit and compliance (ISO 27001, PCI DSS/3DS, SSAE18,GDPR, UIDAI etc.) of infra and applications
• Perform Threat Modelling of Web/Mobile applications
• Guide the technology organizations security and privacy initiatives by participating in reviews
• Conduct and review data privacy, data governance, cybersecurity and testing standards
• Designs internal auditing procedures and ensures they are followed
• Perform auditing and compliance activities to ensure the established policy is being followed
• Monitors procedures for effectiveness and provides recommendations for improvement
• Plan and Assist in developing strategic direction for information security and compliance initiatives within Cloud and the traditional data center
• Contribute in maintaining ISO 27001, PCI DSS, SSAE18,GDPR, UIDAI etc. Security and Compliance Standards
• Develop and implement processes and controls applicable for privacy and data protection requirements i.e. GDPR, LGPD, CCPA, PDPA etc.
• Perform Privacy Assessment/Privacy Impact Assessment
• Review relevant data privacy laws and provide inputs on product implementation on Privacy as Subject Matter Expert and address various data privacy client questionnaires
• Maintain Risk Assessment framework

Skills

• Hands on experience with Audits and Standards (PCI DSS, PCI 3DS, PCI PA-DSS/SSF, SSAE 18, ISO 27001, GDPR etc)
• Good Understanding of Risk Assessment Frameworks (ISO 31000, NIST Risk framework etc.)
• Experience in Enterprise Risk Assessment and Application risk Assessment
• Experience of Vendor Risk Assessment and respond to client Request for Proposal (RFP)Review configuration and hardening documents and guide teams to be compliant with PCI, ISO 27001, RBI etc. guidelines
• Thorough understanding of various Data privacy regulations and privacy concepts
• Experience of General Data Protection Regulation (GDPR) implementation
• Experience in performing PIA, DPIA and Data mapping etc.
• Good to have Information Security Certifications like CIPP, CIPT, CISM, CISSP etc.
• Continuous improvement of network/infra/cloud security
• Secure configuration and hardening of network/infra/cloud
• Understanding of production operations on public cloud infrastructure
• Excellent written and oral communication and penchant for technical documentation
• Good understanding of agile development practices
• Knowledge of the following terms and technology:
• Knowing AWS Cloud is an added advantage
• Knowledge of anti-malware solutions, IDS/IPS, WAF, DLP, SIEM etc.
• Knowledge of different attacks DoS/DDoS, XSS, Ransomware
• Knowledge of Web Servers, AD/LDAP, Routers, Switches
• Good understanding of Technology
• TLS/SSL, HTTP(S), Cloud Security, Hardware Security Module

Experience and Qualifications

• 7 to 11 years of overall experience as GRC, Audit and Compliance Analyst in medium to large-sized product companies.
• Bachelor of Technology (BE/ B.Tech ), M.Tech or ME in Computer Science, MCA or equivalent.

Equal Opportunity

• Zeta is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We encourage applicants from all backgrounds, cultures, and communities to apply and believe that a diverse workforce is key to our success

Role: Manager Information Security

Industry Type: IT Services & Consulting

Department: IT & Information Security

Employment Type: Full Time, Permanent

Role Category: IT Security

Education

UG: Any Graduate

PG: Any Postgraduate