Chief Information Security Officer- CISO

At Upswing, we are committed to building a robust, scalable & secure API platform to power the world of Open Finance.

We are a passionate and self-driven team of thinkers who aspire to build the rails to connect the legacy financial sector with financial innovators through a simple and powerful banking-as-a-service (BaaS) platform.

We are looking for motivated engineers who will be working in a highly creative and cutting-edge technology environment to build a world-class financial services suite.

About the role

As part of the DevSecOps team at Upswing, you will get to work on building state-of-the-art infrastructure for the future. You will also be –

• Managing security aspects of the Cloud Infrastructure 
• Designing and Implementing Security measures, Incident Response guidelines 
• Conducting Security Awareness Training
• Developing SIEM tooling and pipelines end to end for vulnerability/security/incident reporting 
• Developing automation and performing routine VAPT for Network and Applications
• Integrating with 3rd party vendors for the services required to improve security posture 
• Mentoring people across the teams to enable best practices 

What will you do if you join us?

• Engage in a lot of cross-team collaboration to independently drive forward DevSecOps practices across the org 
• Take Ownership of existing, ongoing, and future DevSecOps initiatives 
• Plan and Engage in Architecture discussions to bring in different angles (especially security angles) to the table
• Build Automation stack and tools for security pipeline 
• Integrate different security measures and pipelines with the SIEM tool
• Conducting routine VAPT using manual and automated workflows, generating and maintaining the report for the same
• Introduce and Implement best practices across teams for a great security posture in the org

You should have

• Curiosity for on-the-job learning and experimenting with new technologies and ideas
• A strong background in Linux environment
• Proven experience in Architecting networks with security first implementation
• Experience with VAPT tooling for Networks and Applications is required 
• Strong experience in Cloud technologies, multi-cloud environments, and best practices in Cloud 
• Experience with at least one scripting language (Ruby/Python/Groovy)
• Experience in Terraform is highly desirable but not mandatory
• Some experience with Kubernetes, and Docker is required 
• Understanding Java web applications and monitoring them for security vulnerabilities would be a plus 
• Any other DevSecOps-related experience will be considered

Experience:- Overall 10 to 12 years of experience of which atleast 5 to 7 years’ experience should be in Information Security. Mandatory is 5 to 7 years’ experience in Information security and with one full end to end implementation experience.

Base location: - Bengaluru - Must

Requirements: -

1. Mandatory - ISO 27001:2013 lead implementor certified
2. Mandatory - ISO 27001:2013 lead auditor certified (but if it is a good candidate, we can still consider)
3. Good to have – CISA, CISM, Risk management certification, Privacy certifications.
4. Mandatory - Atleast one end to end implementation experience of ISO 27001 standard. The candidate should have a good implementation knowledge of ISO 27001, ISO 27002 standards and is required to implement the ISO requirements and run the ISMS program for multiple countries.
5. This immediate requirement is for implementing the ISMS program for our Canadian office location. The candidate should be willing to work from Bengaluru in EST time zone during this implementation phase whenever required.
6. Good documentation skills.
7. Develop, implement, maintain, review and continually improve Information Security policies.
8. Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.
9. Manage and maintain a risk register / risk database along with risk treatment plans.
10. Good understanding of physical and environmental security.
11. Conduct Internal Audits based ISO 27001 standards and Personal Data Protection policies. A good experience in independently conducting Internal and supplier audit with respect to information security.
12. Provide training to the employees on Privacy & Information Security Management System on regular intervals.
13. The greater part of the job involves interacting with people, interviewing them / auditing, Preparing audit reports, discussing / persuading / influencing.
14. Mandatory: Good verbal and written communication skills. Eye for details.
15. Good presentation skills.
16. Since this is a trusted role, candidates must be willing to undergo extensive background checks to verify their identity, character, qualifications, skills and experience.

Job Brief:

You'll be joining Mindtickle’s InfoSec and Compliance team, which is responsible for various functions related to Security, Privacy, and Compliance around Mindtickle's rapidly growing cloud platform. You'll play a crucial role in all our compliance & information security initiatives, including but not limited to those arising from regulations (e.g., GDPR, CCPA, UK DPA 2018, FINRA), audit requirements (e.g., SOC 2, HIPAA), and customer/ prospects requests (typically large enterprises).

As Data Privacy & Compliance Manager, you will champion the highest data privacy standards and drive forward compliance across all of Mindtickle. Crucial to this role will be an expert knowledge of international data protection laws and a proactive and pragmatic approach towards data privacy and compliance. 

Key Responsibilities:

• Act as the single point of contact for all privacy-related topics, including communication with customers and prospects, including RFPs, emails, or privacy calls

• Closely working with the internal legal team and external legal counsel to support the review of third parties/customer data processing addendums (DPAs), standard contractual clauses, contracts, and other data protection agreements

• Maintain the data protection terms agreed with customers in a contract management software

• Perform due diligence of new third parties and periodic risk review of existing third parties, including processes around sub-processors

• Support in other industry compliance projects such as ADA, Section 508, WCAG, FINRA, 21 CFR Part 11, etc.

• Lead the assessment of new legislation or other regulatory changes (GDPR, CCPA, UK DPA 2018, LGPD, PIPEDA, Swiss FDAP) and make recommendations as necessary to ensure that risks are mitigated as well as ongoing compliance

• To work flexibly and collaboratively across all teams in the organization while driving privacy & compliance-related projects, including sales, customer success, product, and engineering

• Own internal and external privacy audit projects, including planning, scoping, need analysis, ongoing project management, and communications with all relevant stakeholders

• Onboard privacy solutions, design, build and deploy data privacy programs on the solutions to ensure compliance with privacy requirements

• Maintain Records of Processing Activities (ROPA) and ensure Privacy By Design for new features/changes in the platform

• Undertake all other reasonable and related tasks associated with this role
  
  

Desired Qualification:

• 5-10 years of experience in data privacy and compliance, with exposure to cloud software platforms

• Extensive experience in data protection and knowledge of relevant legislation, including GDPR, Standard Contractual Clauses, Transfer Impact Assessment, CCPA, UK DPA 2018, LGPD, PIPEDA, Swiss FDAP, etc.

• Certifications such as CIPP/E, CIPP/US, CIPM, CIPT, etc., are preferred

• Specialist knowledge in a relevant area, e.g., data security and individual rights requests

• Excellent communication, interpersonal, project management, and issue resolution skills

• Excellent analytical skills, organizational skills, ingenuity, and the ability to work as part of a team

• Experience in managing privacy audits and risk management processes

• Demonstrated ability to learn quickly, take the initiative, and drive complex projects

• Working closely with the external auditors to achieve common goals
• Conducting Enabling Service Audit (HR, Admin, IT) once in 6 months for the verification of ISMS & QMS Standards
• Performing ISMS and Internal Audit
• Being part of the external Audits (ISMS, QMS & CMMI)
• Managing of implementation of ISMS

Desired Candidate Profile

• Strong communication and team building skills with proficiency at grasping new technical concepts quickly and utilizing the same in a productive manner
• Experience in ISO27001, Internal Audits, CMMI    

Responsibilities:

The Senior Information Security Engineer is responsible for the implementation, execution and maintenance of technology solutions to mitigate risk, to protect the IT and Engineering environments by reducing the probability of, and to minimize the effects of, damage caused by malware, malicious activities and security events.

The individual will help protect the company by deploying, tuning, and managing security tools across the computing environment, as well as provide security incident response cycle support. They should have a passion and skills for identifying the latest cyber threats. The individual will:

Basic Qualifications

• Working knowledge of infrastructure-as-code and CI/CD pipelines tools (i.e. Jenkins, Teamcity, CircleCI etc..)
• Lead and participate in major day-to-day operational aspects of the security engineering team including improvement of current security controls while constantly identifying areas of needed improvement
• Deep hands-on security experience with cloud providers, such as AWS, GCP, Azure
• Understanding of automated security testing approaches and tools
• Experience with proactive integration of security into the development process
• Lead continuous improvement efforts of out security tools and systems (Concertation on SIEM, IDS, EDR Tools)
• Work with our customers (Security Operations, Incident Response, and Product teams) to incorporate high quality security alerting into their operational workflows
• Improve overall security practitioner efficiency through process automation
• Foster and promote collaboration among all members of the IT, Infrastructure, and Risk Management Departments.

Minimum Qualifications/Requirements

• BS or MS in Computer Science or related field
• Minimum 7+ years of cybersecurity experience
• Must have previous experience performing threat hunting and incident response duties using SIEM tools, cybersecurity management consoles, and ticketing systems
• Experience in deployment, development, and maintenance of SIEM
• Experience writing and using Ansible server administration scripts, and create simple Python, BASH, or Powershell scripts to automate cybersecurity functions
• Scripting experience to automate security operations, alerting, and compliance checks, CI/CD design, deployment, and management
• Experience with managing endpoint response and detection infrastructure and endpoints at the enterprise level, including performing upgrades to the back end application and deploying new agent versions to endpoints
• Understanding the investigative process and performing triage for cybersecurity incidents
• Experience maintaining industry leading security technologies or infrastructure systems in complex technical IT operations environment
• Must be detail-oriented and organized with ability to handle competing demands while meeting deadlines
• Experience in authentication protocols and frameworks to include OAuth, and AWS IAM
• Proactive and motivated; team player with a positive can-do attitude
• Strong analytical/problem-solving skills and cross-functional knowledge across multiple IT operational and security disciplines
• Ability to communicate technical concepts to a broad range of technical and non-technical staff
• Must possess a high degree of integrity, be trustworthy, and have the ability to lead and inspire change

Information Security Specialist

Notice Period: 45 days / Immediate Joining

Banyan Data Services (BDS) is a US-based data-focused Company that specializes in comprehensive data solutions and services, headquartered in San Jose, California, USA. 

We are looking Information Security Specialist who has the expertise and deep knowledge of Information security regulations, compliance, and SIEM tools, and the ability to develop, describe and implement Security Baselines and Policies.

It's a once-in-a-lifetime opportunity to join our rocket ship startup run by a world-class executive team. We are looking for candidates that aspire to be a part of the cutting-edge solutions and services we offer that address next-gen data evolution challenges. 

Key Qualifications

· Design, deploy, and support Information Security Solutions provided by BDS

· Assist clients to carry out the IT Risk Management assessment on both on-prem and cloud platforms

· Provide subject matter expertise on IT security compliances during the security audits to meet various security governances.

· Research and strategic analysis of existing, and evolving all IT and data security technologies

· Establish baselines to define required security controls for all infrastructure components and application stack

· Follow latest vulnerabilities and threats intelligence updates across a wide range of technologies and make recommendations for improvements in the security baselines.

· Overseeing security event monitoring, understand the impact, and coordinate remediation efforts

· Create and optimize the SIEM rules to adjust the specification of alerts in responding to incident follow up

· Must be able to work a flexible schedule during off-hours

Key Skills & Qualification

· Minimum of 4 years relevant work experience in information/cyber security, audit, and compliance

· Certifications in any of technical security specialty (e.g., CISA, CISSP, CISM)

· Experience in managing SIEM products like Arcsight, Qradar, Sumo Logic, RSA NetWitness Suite, ELK, Splunk

· Exposure of the security audit tools on public cloud platforms

· Solid understanding of the underlying LINUX/UNIX and Windows OS security architecture

· Certified Ethical Hacker would be a plus

· Handling of Security audits is a must

· Proven interpersonal skills while contributing to team effort by accomplishing related results

· Passion for learning new technologies and the ability to do so quickly.

http://www.banyandata.com" target="_blank">www.banyandata.com