Osnovne informacije
Referentni broj
Zadnji dan za prijavu
Primarna lokacija
Zemlja
Vrsta posla
Stil rada
Opis i zahtjevi
Audit & Compliance Management:
Lead SOC2, ISO 27001, AI Risk Assessment, and other audits end-to-end.
Act as the single POC for the global audit team, handling documentation, evidence collection, and compliance reports.
Oversee penetration and vulnerability testing, ensuring timely remediation.
Monitor compliance across applications, cloud services, and third-party tools.
Collaborate with legal, IT, engineering, and product teams to fulfill audit requirements.
Establish efficient processes to reduce tech team bandwidth usage while ensuring compliance.
Attend meetings in different timezones to understand audit requirements, clear doubts for the team and the auditor, implement processes, analyze requirements and provide solutions, weekly catchups, etc.
Work on documentations needed by the compliance team from scratch by going through the reference documentation, collaborating with different stakeholders to understand the present flow and its limitations and bringing up a process which suits the team and also meets the audit needs.
Process Automation & Optimization:
Identify manual audit tasks and implement automation solutions.
Automate compliance documentation, audit tracking, and security approvals.
Ensure compliance processes scale as applications and audits increase.
Governance & Risk Mitigation:
Implement data retention, change management, and access control policies.
Collaborate with security, privacy, and compliance teams to onboard new processes.
Conduct periodic risk assessments and implement mitigation strategies.
Application Portfolio Management (APM) Onboarding:
Get onboarded and access applications based on value, performance, cost, and alignment with business goals as per the APM guidelines with respect to privacy, compliance and cyber security.
Take ownership of the APM process and its onboarding for the tech team and the new and old application used.
Dodatni opis posla
Educational & Professional Qualifications:
Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field (B.Tech/B.E. preferred).
Certifications (Preferred but not mandatory): CISA, CISM, CISSP, ISO 27001 Lead Auditor/Implementer, or SOC2-related certifications.
Technical Skills & Knowledge:
Audit & Compliance Expertise:
Strong understanding of SOC2, ISO 27001, AI Risk Assessment, GDPR, and other compliance frameworks.
Experience managing end-to-end audits, documentation, and compliance reports.
Ability to collaborate with auditors, security teams, and global stakeholders.
Security & Risk Management:
Hands-on experience with penetration testing, vulnerability assessment, and remediation tracking.
Familiarity with cloud security compliance (AWS, GCP, Azure).
Knowledge of data retention policies, access control, and risk assessment methodologies.
Process & Automation:
Experience in automating audit workflows, compliance tracking, and documentation.
Strong understanding of APM (Application Portfolio Management) and security best practices.
Soft Skills:
Excellent communication skills to work with cross-functional teams and explain security compliance concepts to non-technical stakeholders.
Ability to handle multiple audits simultaneously, ensuring deadlines are met.
Problem-solving mindset to enhance security processes while optimizing team bandwidth.
Other Requirements:
Willingness to work across global time zones for audit coordination.
Strong analytical skills to interpret security policies, create documentation, and drive compliance initiatives.
This role is ideal for someone who has a blend of security, compliance, and automation expertise, ensuring the organization meets audit and regulatory requirements efficiently.
EEO Statement