14+ ISO/IEC 27001:2005 Jobs in India

Information Security Manager shall be primarily responsible to :

• Run and manage the BAU security infosec operations
• Create and maintain ISMS Policy and Process documents
• Ensure Infosec compliance with RBI and other regulatory agencies
• Participate in IT / Infosec Audits and ensure closure of observations within given timeliness
• Conduct regular VAPT (Vulnerability Assessments) and track closure of open observations
• Identifying and evaluating new IT security technologies and services and implementing it
• Ensure cyber security related polices and technologies are in place
• Conducting regular Inforsec Awareness within users in the organization
• The person needs to work closely with the CISO and other stakeholders – Risk, IT and Audit teams.

Key Accountability:

• Ensuring adequate security controls are in place & working effectively within the organization for information & cyber security
• Ensuring effectiveness of all IT controls to prevent any unauthorized access or activities at a system administration level
• Identify potential security weaknesses through vulnerability assessments and track them to closure within the timeliness
• Tracking and reporting key risk indicators defined for IT processes
• Create and maintain the documentation for information system audits in accordance with regulatory and compliance requirements
• Create / Review ISMS policy and process
• Implement Strategic IT Infosec projects to strengthen the overall IT Security posture

Experience:- Overall 10 to 12 years of experience of which atleast 5 to 7 years’ experience should be in Information Security. Mandatory is 5 to 7 years’ experience in Information security and with one full end to end implementation experience.

Base location: - Bengaluru - Must

Requirements: -

1. Mandatory - ISO 27001:2013 lead implementor certified
2. Mandatory - ISO 27001:2013 lead auditor certified (but if it is a good candidate, we can still consider)
3. Good to have – CISA, CISM, Risk management certification, Privacy certifications.
4. Mandatory - Atleast one end to end implementation experience of ISO 27001 standard. The candidate should have a good implementation knowledge of ISO 27001, ISO 27002 standards and is required to implement the ISO requirements and run the ISMS program for multiple countries.
5. This immediate requirement is for implementing the ISMS program for our Canadian office location. The candidate should be willing to work from Bengaluru in EST time zone during this implementation phase whenever required.
6. Good documentation skills.
7. Develop, implement, maintain, review and continually improve Information Security policies.
8. Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.
9. Manage and maintain a risk register / risk database along with risk treatment plans.
10. Good understanding of physical and environmental security.
11. Conduct Internal Audits based ISO 27001 standards and Personal Data Protection policies. A good experience in independently conducting Internal and supplier audit with respect to information security.
12. Provide training to the employees on Privacy & Information Security Management System on regular intervals.
13. The greater part of the job involves interacting with people, interviewing them / auditing, Preparing audit reports, discussing / persuading / influencing.
14. Mandatory: Good verbal and written communication skills. Eye for details.
15. Good presentation skills.
16. Since this is a trusted role, candidates must be willing to undergo extensive background checks to verify their identity, character, qualifications, skills and experience.

Experience:- Overall 10 to 12 years of experience of which atleast 5 to 7 years’ experience should be in Information Security. Mandatory is 5 to 7 years’ experience in Information security and with one full end to end implementation experience.

Base location: - Bengaluru - Must

Joining requirement: - Not later than second week of June 2023.

Requirements: -

1.      Mandatory - ISO 27001:2013 lead implementor certified

2.      Mandatory - ISO 27001:2013 lead auditor certified (but if it is a good candidate, we can still consider)

3.      Good to have – CISA, CISM, Risk management certification, Privacy certifications.

4.      Mandatory - Atleast one end to end implementation experience of ISO 27001 standard. The candidate should have a good implementation knowledge of ISO 27001, ISO 27002 standards and is required to implement the ISO requirements and run the ISMS program for multiple countries.

5.      This immediate requirement is for implementing the ISMS program for our Canadian office location. The candidate should be willing to work from Bengaluru in EST time zone during this implementation phase whenever required.

6.      Good documentation skills.

7.      Develop, implement, maintain, review and continually improve Information Security policies.

8.      Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.

9.      Manage and maintain a risk register / risk database along with risk treatment plans.

10.  Good understanding of physical and environmental security.

11.  Conduct Internal Audits based ISO 27001 standards and Personal Data Protection policies. A good experience in independently conducting Internal and supplier audit with respect to information security.

12.  Provide training to the employees on Privacy & Information Security Management System on regular intervals.

13.  The greater part of the job involves interacting with people, interviewing them / auditing, Preparing audit reports, discussing / persuading / influencing.

14.  Mandatory: Good verbal and written communication skills. Eye for details.

15.  Good presentation skills.

16.  Since this is a trusted role, candidates must be willing to undergo extensive background checks to verify their identity, character, qualifications, skills and experience.

1) Determine client needs and expectations and participate in the development of the overall client service plan. Analyse, develop, and implement information security programs, including organizational design and key processes for our clients as per plans

2)Design and develop cyber security strategies and programs for large and complex organizations

3)Define and implement cyber risk management structures, governance models, organizational transformations in the areas of cyber security

4)Develop security policies, processes, procedures. Map controls and compliance requirements. Responsible for risk assessments, gap analysis (against standards and benchmarks), risk mitigation strategy development.

4)Roll out the GRC Cybersecurity controls framework while balancing the approach with end user experience and compliance

5)Develop and tailor approaches, methods and tools to support clients cyber risk programs and initiatives

6)Provide strategic and operational advice in the areas of safeguarding critical information. Identify areas requiring improvement in the client's business processes to enable preparation of recommendations. 7)Evaluate, implement and operationalize security controls, define metrics for measure performance and establish a framework for continuous monitoring and improvement and Play substantive role in internal and external client relationship and communication

8)Interact with CxOs to define the roadmap for GRC strategy.

9Help build Cyber Transformation practice by getting involved in areas beyond engagement delivery such as pre-sales, RFP response, solution designing, competency development and Go to market strategies

10)Create or help create though leadership content in the emerging areas of Cyber Strategy and Risk Transformation .

Immediate Joiners

About Us 

Rezo.ai is an AI-Powered Contact Centre that enables enterprises to enhance customer experience and boost revenue by automating and analyzing customer agent interactions across multiple channels including voice, email, chat/WhatsApp, and social, at the required scale, whilst training agents with minimal costs 

How do we do it 

Rezo’s AI-Powered contact center leverages ground-breaking technologies in AI, ML, ASR, NLP, RPA, and predictive intelligence to transform customer experience and reduce costs by automating, analyzing social media, whilst coaching them.

Overview

Providing leadership in the information security space, helping ensure ISO and GDPR certification, and establishing, maintaining, and enforcing our security policies. Working closely with our business and technology teams to ensure awareness and adherence to the policies and procedures established.

To ensure that the security solutions being designed and delivered are aligned with the enterprise security architecture, supporting the transition of the security architecture from its current to its planned future state.

To lead and provide strategic oversight to ensure and assure the beneficial and cost-effective security change across key accounts, through the evaluation of business strategies and requirements providing advice, guidance and assurance.

Role & Responsibility

• Provide security advice and guidance to business and delivery teams ensuring solutions are consistent with the enterprise security roadmap whilst balancing business values and security risk.
• Recommend changes to IT systems to bring them into compliance with security policy, standards, blueprints and roadmaps.
• Influence stakeholders to adopt architecturally sound approaches to the management of risk.
• Advise on the translation of business requirements into secure IT solutions and migration roadmaps.
• Preparation and documentation of standard security operating procedures and protocols
• Recommend technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Advise on alternate solutions and countermeasures to mitigate identified information risks.
• Provide assurance that identified solutions or countermeasures mitigate identified information risks.
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
• Implements security improvements by assessing the current situation; evaluating trends; anticipating requirements.
• Keeps users and businesses informed by preparing performance reports; communicating system status, and owning security incidents when they arise.

Technical Skills Required

• Proven experience in the design, implementation and operation of scaled IT security services and capabilities, ideally within a large government organization or complex large-scale multi-supplier organization.
• Strong technical aptitude and exposure to ISO 27001 or similar-based security policies and standards.
• Excellent communication skills, with the ability to articulate complex technical issues into business-focused terms and communicate with Stakeholders.
• Knowledge of GDPR, its business implications and the merits of various technical approaches
• Expertise in IT security risk in a business context
• Exposure to web application security and penetration testing.
• Exposure to securing the software development life cycle and to project management disciplines.
• Excellent organizational and technical documentation skills.
• Strong understanding of Information Security including threats, attacks, and vulnerability management.
• Deep understanding of secure development practices, with practical experience of cyber security, privacy protection, cloud security, identity management, situations awareness, protective monitoring, security operations, risk management and reporting.

An enthusiastic individual with the following skills. Please do not hesitate to apply if you do not match all of it. We are open to promising candidates who are passionate about their work and are team players.

• Must have strong experience in Information Security Management system(ISMS), creation of policy, procedures and implementation.
• Operates as a key contributor to the RFP, Third-Party Risk assessment, cloud security assessment etc.
• Lead the strategic and tactical development of information security framework, risk management and new compliance initiatives
• Subject matter expertise in ISO 27001, SOC2, CCPA, CPRA, GDPR, PCI DSS and HIPAA.
• Must have a strong experience in the documentation process and reviewing MSA, SCC, SLA & DPA.
• Good knowledge of BCP/DR, Incident response, VA/PT and Audit methodologies of various compliance frameworks.
• Good knowledge of Access management, Network, Application Security, Encryption, Backup, Physical Security, ISMS Training & Awareness etc..
• Ability to deal with the customers and vendors on Security and privacy matters.
• Knowledge of Core IT processes, SDLC, network infrastructure will be useful.

• Good written, oral, and interpersonal communication skills.
• Ability to conduct research into IT security issues
• Ability to present ideas in business-friendly and user-friendly language.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Highly self-motivated and hardworking.

• Bachelor’s/master's degree in Security, Computer Science, Management Information Systems, Engineering or related field.
• Should be at least ISO 27001 lead auditor or lead implementer. 
• 3+ years of related work experience in information security governance, risk and compliance (GRC) or relevant compliance roles in the SaaS industry.

A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact, and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the benefits of being at Xoxoday.

Xoxoday is a rapidly growing fintech SaaS firm that propels business growth while focusing on human motivation. Backed by Giift and Apis Partners Growth Fund II, Xoxoday offers a suite of three products - Plum, Empuls, and Compass. Xoxoday works with more than 2000 clients across 10+ countries and over 2.5 million users. Headquartered in Bengaluru, Xoxoday is a 300+ strong team with four global offices in San Francisco, Dublin, Singapore, New Delhi.

We look forward to connecting with you. As you may take time to review this opportunity, we will wait for a reasonable time of around 3-5 days before we screen the collected applications and start lining up job discussions with the hiring manager. We however assure you that we will attempt to maintain a reasonable time window for successfully closing this requirement. The candidates will be kept informed and updated on the feedback and application status.

Qualifications & Responsibilities

Year of Experience : 3- 8 yrs

Location : Bangalore, Delhi, Mumbai, Pune

Work on ISO 27001 & NIST based Information Security Management System implementation and sustenance.

-          Responsible for SOX (IT Security Controls) and track the monthly/quarterly/annual control reports and drive effectiveness of SOX controls.

-          Work on Business Continuity Planning, IT Disaster Recovery as per ISO27001 & NIST requirements

-          Assess information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk

-          Conduct Information Systems audits covering IT infrastructure assets

-          Working knowledge in security domains such as: security governance policies and procedures, risk management, compliance, access control, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy and data protection

-          Experience in leveraging industry standards and frameworks such as ISO/IEC 27001, NIST CSF/800-171, etc.

-          Possesses certifications such as ISO27001 LA. CISSP, CISA certification- preferred

Why NCG?

WHO WE ARE DRIVES WHAT WE DO!

We Don't build the organization; we create an everlasting family. Our people express a sense of winning together when times are good and sticking together when times are tough.

Are you a Doer or Achiever?

Well, at NCG, our doors are Open for Doers and Achievers alike. We are a Cult where we create, innovate, learn and Contribute in a comfortable, transparent, and fair environment.

Joining NCG means contributing to a shared ambition for reliable work culture, tackling extraordinary technological challenges in multicultural teams, preserving your work/life balance, and more!

The Role

We are looking foran Information Security Analyst – Compliance to primarily strengthen our practice towards compliances such as HIPAA, HITRUST,etc. and ensure highest levels of security around sensitive data.

• Identifying new risks and performing risk assessments.
• Performing continuous gap analysis.
• Auditing the applications, configurations, and internal practices against standards such as HIPAA, HITRUST etc.
• Providing advice and implementing forward-thinking information security policies, procedures, and standards.
• Assisting several teams (internal and external) with best practicesand security consultations.
• Supporting with other information security activities as assigned.
• Ensuring the organizational compliance during audits and certification efforts.

Requirements:

• Demonstrated experience in implementing and maintaining security standards such as HIPAA, HITRUST, SOC2, ISO 27001 etc.
• Ability to understand and interpret legal, regulatory, and contractual compliance requirements.
• Experience in InfoSec policy creation and documentation.
• Ability to understand technology and pertaining risks.
• Knowledge on IT, Servers, SDLC, Database, etc.
• Experience working with / securing cloud-based applications is an add-on.
• 2+ years of experience.
• Excellent written and verbal communication skills.
• Relevant Security Certifications will be a good add-on.

Job Title: QA Associate 

Job Description:

1. Responsible for Implementing, controlling and monitoring quality management system documentation (ISO 27001) and data privacy (SOC2).
2. Coordinate improvement in the system through output from audit, management review, and responsible to close NC’s during audits.
3. Knowledge of SAMD (Software as Medical Device) SaaS product, processes and procedures.

3-5 years of relevant experience in Medical Devices Industry.

Area of Expertise:

• To generate, implement and maintain internal quality procedures and systems to comply with ISO 27001, SOC2 standards
• Maintaining and updating various documents like internal docs log, external log, , Obsolete docs log, DCN, ECN, CAPA, SQA/IQA log, product complaint, equipment log
• Maintaining Engineering documents like part specs, Bill of materials, Drawings, Design review documents etc
• Co-ordinate and conduct periodic internal audits of various functional groups of an organization and drive compliance to QMS.
• Manage all documentation related to internal and external audit.
• Manage all the documents related to supplier qualification and coordinate Supplier’s audit and maintain the supplier file.
• Experience in Handling of CAPA (Corrective & Preventive Actions) & Product Complaints
• Co-ordination of Management Review Meetings & its action items implementation

Experience Required:

• 3-5 years of relevant experience in Medical Devices Industry.
• Educational Qualification – Diploma/Engineering graduate, preferably Computer Science or related.
• Ability to read and understand standard requirements independently.
• Good teamwork, communication and interpersonal skills. A demonstrated commitment to company values
• Good understanding of design control, and post marketing processes
• Knowledge of FDA / EU / Indian & other national regulations is an added advantage.
• Working knowledge of an e-QMS is an added advantage.

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).

• Establish, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
• Work directly with the business units to facilitate risk assessment and risk management processes
• Develop and enhance an information security management framework
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
• Provide leadership to the enterprise's information security organization
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
• Conduct regular internal audits in compliance with applicable legal and contractual requirements, ISO 27001 and PCI DSS requirements and companies internal requirements
• Conduct regular Management reviews and update the management on information security aspects. The MRMs shall also focus on drawing Management attentions to the key areas for required management actions.
• CISO is also responsible to ensure customer audits as well as re-certification and surveillance audits and successful.
• Coordinate with relevant stakeholders to address the NC closures.
• CISO shall ensure the information incidents are responded and resolved on time to ensure compliance with legal and contractual requirements.

• Degree in business administration or a technology-related field required.
• Professional security management certification
• Minimum of 5 years of experience in a combination of risk management, information security and IT jobs
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and PCI DSS.
• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Experience with contract and vendor negotiations and management including managed services.
• Specific experience in Agile (scaled) software development or other best in class development practices.
• Experience with Cloud computing/Elastic computing across virtualized environments.

B. Aims & Goals:

You are required to work with all departments at Pelican to implement, enhance and improve ISMS, GDPR and ISAE 3402 processes. You will also be closely working with external auditor as well as top management for status and reporting.

C. Key Responsibilities:

Your primary responsibilities include:  Assist in audit planning, including the identification of processes for audit review.   Execute internal audit assignments for all locations in India, US, UK and NL. Review the effectiveness of the controls.   Identify and document audit issues and opportunities for improvement.  Prepare the audit report for internal audit assignments and discuss audit findings with senior management.   Monitor and maintain the CAPA program. Assist with follow up corrective actions and oversee timely completion.  Facilitate independent audit engagements on behalf of the company.  Assist to develop and implement process improvements and best practices across the business unit. Review policies and procedures for all areas of the business.  Develop new policies and procedures as directed or required, to improve and to collect and analyse data for review with internal stakeholders.  Take responsibility for the management and execution of internal audit assignments, production of audit reports and management of follow up actions  Involved with working across all areas of the business to ensure that processes are documented and compliant to the company’s requirements.

D. Experience level & Qualification:

a. Experience Level  4 to 5 yrs

b. Educational background  B.E / B.Sc / B.com / Bachelor’s Degree  Holds ISO 27001:2013 Certification

E. Essential Skills:  Should have participated in ISMS (ISO 27001:2013) implementation and certification process.