Information Security and Compliance Manager, Noida

RESPONSIBILITIES

• The primary responsibilities of this role are:


• Client assurance: lead, coordinate and liaise with internal teams and Lab49 clients to respond to client security questionnaires and audit requests, as part of RFP processes or otherwise. This includes, for example:
• Meet with Lab49 clients to understand and address their requirements for information security and compliance.
• Review client contractual agreements prior to signature to ensure Lab49 can execute on security requirements. 
• Create client-facing documents (e.g. whitepapers) to address security topics of common interest or concern for Lab49 clients.
• Maintain database of standard, approved responses to client questions.
• Liaise with internal teams to gather, review and finalize approved responses to client questions and audit requests.


• Compliance: work with internal teams to ensure awareness and compliance with client contractual obligations, internal policy, external audit controls, industry best practices (e.g. ISO27001 and SOC 2), and relevant laws and regulations (e.g. GDPR).
• External audits: coordinate and manage Lab49 external audits (e.g. SOC 2, ISO27001, etc.) including preparation, execution and delivery of audit reports each year.
• Internal audits: coordinate and perform internal reviews of compliance with controls required by internal policy, external audits, client contractual obligations, industry best practices (e.g. ISO27001 and SOC 2) and relevant laws and regulations (e.g. GDPR).


Other important responsibilities include:
• Governance: Define Lab49 policies, standards, and processes, in line with Lab49 information security requirements.
• Risk management: Perform risk assessments and related risk management activities in line with ION and Lab49 risk management framework.
• Third­-party risk management:  coordinate and execute risk assessments and audits of Lab49 key suppliers and partners to identify and manage risks, and to ensure compliance with Lab49 policies, audit controls and contractual obligations. This includes review of supplier agreements to ensure security topics are adequately addressed.
• Awareness training: provide security awareness training, as necessary, for Lab49 employees, based on specific Lab49 requirements and risks.
• Application security: work with Lab49 development teams to define, policies, standards, and processes to ensure that information security requirements are considered and addressed through the entire software development lifecycle.
• BCP/DR: ensure business continuity and disaster recovery plans are in place for Lab49 and that regular testing of the plans occurs, and updates are made as a result of such testing.
• Other: and execute other tasks as required by Lab49 Head of Operations


       In addition, it is also expected that the person in this role will:
• Execute ongoing, operational business-as-usual (BAU) tasks to meet management-defined KPIs and SLAs, and deliver security projects in line with management-defined priorities and deadlines
• Stay current with the latest security news, threats, intelligence, tactics, techniques, and vulnerabilities. Research and analyze new threats and vulnerabilities to determine exposure.
• Assist and/or lead efforts to isolate, contain, respond to, and recover from security incidents
• Identify, review, prioritize, plan, coordinate, and follow-up on the remediation of vulnerabilities
• Define, document, and follow approved processes for all the responsibilities includes in this job description. Create and maintain documentation for systems, including design and operation.
• Respond to information security-related inquiries and requests.
• This role has the potential to include overnight, weekend, and 24x7 on-call activities (e.g. in the event of a security incident).

REQUIREMENTS

• 10+ years of experience in information security, compliance, IT audit, general audit, or HR audit roles
• Prefer experience performing or complying with SOC 1, SOC 2, and ISO27001 audits and certifications
• The following general characteristics are required:
• o   Excellent written and verbal communication skills, including the ability to communicate with clients in a clear, concise, and professional manner
• o   A team player with the ability to work with and across multiple teams and to work independently and unsupervised
• o   Ability to manage projects, own delegated tasks and see them through to completion and meet deadlines
• o   Ability to manage time and prioritize work to maximize productivity
• o   Excellent communication skills (both written and verbal)
• o   Exceptional attention to detail and quality
• o   Excellent problem-solving techniques and trouble analysis skills
• 
  
• Familiarity and experience with industry standards, certifications and audit control frameworks, such as ISO 27001, AICPA Trust Services Criteria (e.g. SOC 2), Shared Assessments Standard Information Gathering Questionnaire (SIG), Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM or CAIQ), including the following control topics:
• o   Information Security Policies
• o   Organization of Information Security
• o   Human Resource Security
• o   Asset Management
• o   Access Control
• o   Cryptography
• o   Physical and Environmental Security
• o   Operations Security
• o   Communications Security
• o   System Acquisition and Maintenance
• o   Supplier Relationships
• o   Security Incident Management
• o   Business Continuity Management
• o   Compliance
• Experience with application security and secure coding best practices and frameworks such as OWASP SAMM, BSIMM and SDL for Agile
• The ideal candidate will have one or more of the following certifications:
• o   ISACA certifications (e.g. CRISC, CGEIT, CISM, CISA)
• o   CISSP (Certified Information Systems Security Professional)
• o   ISO 27001 Lead Implementer or Lead Auditor
• o   PMI-RMP (Project Management Institute-Risk Management Professional)
• o   CRMA (Certification in Risk Management Assurance)
• o   GRCP (Governance, Risk and Compliance Professional)
• THIS ROLE IS REQUIRED TO WORK US ET BUSINESS HOURS (NIGHT SHIFT INDIA)