Still Struggling with Tech Hiring? Discover Olibr's Solution Now!

Information Security Specialist|Bangaluru|4+Yrs

  • Mindtickle
  • India, B...
  • 4 - 6 Yrs

Job Closed

Job Description

  • Own 4-6 years of experience in information security and compliance, with exposure to cloud software platforms.
  • Have extensive experience in handling third-party risk management.
  • Are a strong understanding of cloud governance and technology security controls covered in SOC2, ISO 27001, NIST, HIPAA, CSA STAR, CIS, etc. Preferred certifications include CISSP, CISM, CISA, CRISC, CCSP, CEH, ISO 27001, etc.
  • Possess excellent communication, interpersonal, project management, and issue-resolution skills.
  • Have strong analytical and organizational skills, with the ability to work effectively as part of a team.
  • Are experienced in managing third-party risk evaluation and management processes.
  • Have demonstrated ability to learn quickly, take initiative, and drive complex projects.

Job Responsibilities

  • Own the third-party risk management process, including planning, scoping, needs analysis, ongoing project management, and stakeholder communication. Categorization of vendors based on security and privacy aspects such as data processing, data residency, availability requirements, systems integration, etc.
  • Understand the necessity, business context, criticality, and fitment of the vendor in the organizational context so that the right risks can be identified.
  • Define and maintain applicable security and privacy due diligence requirements for each vendor category.
  • Perform vendor due diligence based on the applicable requirements, highlight the risks to the business teams, and include necessary clauses in the contract to address the risks.
  • Conduct security and privacy due diligence on new third parties, and perform annual reviews of the vendors as required for customer contractual requirements and internal/external audits.
  • Conduct sub-processor reviews and related processes for onboarding, communication, and annual review of them.
  • Work closely with the procurement team to establish and maintain a vendor due diligence process throughout the procurement cycle.
  • Maintain documentation of all sub-processors and vendors to showcase in our privacy audits under Record of Processing Activities.
  • Perform vendor offboarding activities such as data deletion and return and tracking them to closure.
  • Work flexibly across all organizational teams, driving third-party risk management projects, including sales, customer success, product, and engineering. Undertake any other reasonable and related tasks associated with the role.

Location

Bengaluru, Karnataka, India