Compliance Analyst / Sr. Compliance Analyst

Job Title: Technical Architect Security

Location: Work From Home

Department: Security 

Reports to: Associate Director - Technology

Job Type: Full-Time

Website: https://deliverysolutions.co/

Delivery Solutions is a Retail eCommerce OXM Platform that provides retailers with out-of-the-box solutions to power Same-Day Delivery, Curbside, In-Store Pickup, Shipping, and post-purchase experiences. We are trusted with some of the biggest names in multiple verticals of retail like Sephora, AT&T, Footlocker, Michael's, Office Depot, GameStop, Total Wine, Sally Beauty, Abercrombie & Fitch Co. Belk, Loblaw, Vineyard Vines etc.

Our SAAS-based solution is highly flexible and interacts seamlessly with E-commerce properties, OMS, WMS, and POS systems for a highly scalable experience and a delighted customer base.

Delivery Solutions is a wholly-owned subsidiary of UPS | We are a certified Great Places To Work Company

Job Overview: As a Technical Architect of security, you will be responsible for leading and managing our Information Security Operations team. You will safeguard our organization's information assets by developing, implementing, and maintaining security processes and protocols. Ensure compliance with relevant laws, regulations, and industry standards (e.g., ISO, SOC2, HIPAA, GDPR) i.e. monitor changes in compliance regulations, adjust policies and procedures as necessary, and oversee the development and implementation of privacy policies and procedures to protect personal data. This role demands a blend of technical expertise and leadership skills to ensure the security and integrity of our systems, networks, and data.

Key Responsibilities:

Technical Responsibilities:

Policy Development and Enforcement

• Develop, implement, and enforce comprehensive security and privacy policies.
• Regularly review and update policies to reflect evolving threats and regulatory requirements.
• Audit adherence to these policies across the organization

Security Operations Centre:

• Oversee the daily operations of the information security team, ensuring that all security policies, procedures, and protocols are effectively implemented and maintained.
• Lead the development and implementation of security measures, including firewalls, intrusion detection systems, and encryption protocols.

Incident Response:

• Manage and respond to security incidents, providing timely and effective resolution.
• Conduct thorough investigations of security breaches and take appropriate corrective actions.

Vulnerability Management:

• Conduct regular security assessments and vulnerability scans to identify potential threats.
• Recommend remediation strategies to address identified vulnerabilities.

Compliance and Audits:

• Develop policies based on industry best practices and implement the policies defined.
• Ensure compliance with relevant laws, regulations, and industry standards (e.g., ISO, SOC2, HIPAA, GDPR).
• Coordinate and support internal and external security audits.

Privacy:

• Be updated on the privacy laws where the company and customers operate
• Ensure the company’s processing activities comply with privacy laws

Functional Responsibilities:

Strategic Planning and Development:

• Collaborate with senior management to develop and implement the overall information security strategy.
• Identify and prioritize security initiatives and projects based on risk assessment and business impact.

Team Leadership and Development:

• Resource management, planning and execution, and stakeholder communication.
• Planning execution of various projects in the domain of security and privacy
• Lead, mentor, and develop a team of security professionals, fostering a culture of continuous improvement and professional growth.
• Conduct performance evaluations and provide constructive feedback to team members.

Cross-Department Collaboration:

• Work closely with IT, legal, marketing, and other departments to ensure cohesive security practices across the organization.
• Serve as a key advisor to the Associate Directors and other executives on security and privacy matters.
• Coordination and provide updates to Delivery Solutions' parent organization on security initiatives.

Risk Management:

• Identify, assess, and mitigate information security risks.
• Develop and maintain a risk management program that aligns with the organization’s objectives.

Security Awareness and Training:

• Develop and deliver security awareness training programs to educate employees on security best practices and emerging threats.
• Promote a security-conscious culture throughout the organization.

Qualifications:

• Education: Bachelor’s degree in Computer Science, Information Security, or a related field. Master’s degree or professional certifications (CISSP, CISM, etc.) preferred.
• Experience: Minimum of 7-10 years of experience in information security, governance, and audit processes, with at least 3-5 years in a management or leadership role. Have worked as an auditor for ISO / SOC2 and other frameworks
• Technical Skills: Experience in setting up a framework and conducting privacy and security audits.Conducting training and awareness, proficiency in security technologies and tools (e.g., SIEM, IDS/IPS, firewalls, endpoint protection), strong understanding of network security, cryptography, and risk management frameworks.
• Functional Skills: Strong leadership and team management skills, excellent communication and interpersonal abilities, experience in strategic planning and project management.
• Personal Attributes: Strong analytical and problem-solving skills, high ethical standards, ability to work under pressure and manage multiple priorities.

Experience:- Overall 10 to 12 years of experience of which atleast 5 to 7 years’ experience should be in Information Security. Mandatory is 5 to 7 years’ experience in Information security and with one full end to end implementation experience.

Base location: - Bengaluru - Must

Requirements: -

1. Mandatory - ISO 27001:2013 lead implementor certified
2. Mandatory - ISO 27001:2013 lead auditor certified (but if it is a good candidate, we can still consider)
3. Good to have – CISA, CISM, Risk management certification, Privacy certifications.
4. Mandatory - Atleast one end to end implementation experience of ISO 27001 standard. The candidate should have a good implementation knowledge of ISO 27001, ISO 27002 standards and is required to implement the ISO requirements and run the ISMS program for multiple countries.
5. This immediate requirement is for implementing the ISMS program for our Canadian office location. The candidate should be willing to work from Bengaluru in EST time zone during this implementation phase whenever required.
6. Good documentation skills.
7. Develop, implement, maintain, review and continually improve Information Security policies.
8. Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.
9. Manage and maintain a risk register / risk database along with risk treatment plans.
10. Good understanding of physical and environmental security.
11. Conduct Internal Audits based ISO 27001 standards and Personal Data Protection policies. A good experience in independently conducting Internal and supplier audit with respect to information security.
12. Provide training to the employees on Privacy & Information Security Management System on regular intervals.
13. The greater part of the job involves interacting with people, interviewing them / auditing, Preparing audit reports, discussing / persuading / influencing.
14. Mandatory: Good verbal and written communication skills. Eye for details.
15. Good presentation skills.
16. Since this is a trusted role, candidates must be willing to undergo extensive background checks to verify their identity, character, qualifications, skills and experience.

About Us 

Rezo.ai is an AI-Powered Contact Centre that enables enterprises to enhance customer experience and boost revenue by automating and analyzing customer agent interactions across multiple channels including voice, email, chat/WhatsApp, and social, at the required scale, whilst training agents with minimal costs 

How do we do it 

Rezo’s AI-Powered contact center leverages ground-breaking technologies in AI, ML, ASR, NLP, RPA, and predictive intelligence to transform customer experience and reduce costs by automating, analyzing social media, whilst coaching them.

Overview

Providing leadership in the information security space, helping ensure ISO and GDPR certification, and establishing, maintaining, and enforcing our security policies. Working closely with our business and technology teams to ensure awareness and adherence to the policies and procedures established.

To ensure that the security solutions being designed and delivered are aligned with the enterprise security architecture, supporting the transition of the security architecture from its current to its planned future state.

To lead and provide strategic oversight to ensure and assure the beneficial and cost-effective security change across key accounts, through the evaluation of business strategies and requirements providing advice, guidance and assurance.

Role & Responsibility

• Provide security advice and guidance to business and delivery teams ensuring solutions are consistent with the enterprise security roadmap whilst balancing business values and security risk.
• Recommend changes to IT systems to bring them into compliance with security policy, standards, blueprints and roadmaps.
• Influence stakeholders to adopt architecturally sound approaches to the management of risk.
• Advise on the translation of business requirements into secure IT solutions and migration roadmaps.
• Preparation and documentation of standard security operating procedures and protocols
• Recommend technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Advise on alternate solutions and countermeasures to mitigate identified information risks.
• Provide assurance that identified solutions or countermeasures mitigate identified information risks.
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
• Implements security improvements by assessing the current situation; evaluating trends; anticipating requirements.
• Keeps users and businesses informed by preparing performance reports; communicating system status, and owning security incidents when they arise.

Technical Skills Required

• Proven experience in the design, implementation and operation of scaled IT security services and capabilities, ideally within a large government organization or complex large-scale multi-supplier organization.
• Strong technical aptitude and exposure to ISO 27001 or similar-based security policies and standards.
• Excellent communication skills, with the ability to articulate complex technical issues into business-focused terms and communicate with Stakeholders.
• Knowledge of GDPR, its business implications and the merits of various technical approaches
• Expertise in IT security risk in a business context
• Exposure to web application security and penetration testing.
• Exposure to securing the software development life cycle and to project management disciplines.
• Excellent organizational and technical documentation skills.
• Strong understanding of Information Security including threats, attacks, and vulnerability management.
• Deep understanding of secure development practices, with practical experience of cyber security, privacy protection, cloud security, identity management, situations awareness, protective monitoring, security operations, risk management and reporting.

Excellent understanding of ISO 270001 processes, IT systems infrastructure and best practices.

Working experience in emerging technologies like MS Azure, O365, SharePoint Online, Virtualization. 

Strong hands on experience on Fortinet, Cyberoam Firewall, Vlans, Active Directory & Domain Controller migrations.

Should have prior experience in Server, Network, OS Hardening/fine tuning of Security parameters/Infrastructure audits.

Excellent working knowledge of computer systems, security, network and systems administration, databases, NMS tool, data storage systems, CCTV and phone systems.

Able to configure Group Policies and Printer Management Able to connect machine to the Domain Controller Able to Install through Domain Controller.

Ability to Install and Configure Symantec/ Kaspersky Endpoint Security, Antivirus in Network and Standalone Environment.

Excellent communication and documentation skills.

Worked on SAN & NAS.

Job Brief:

You'll be joining Mindtickle’s InfoSec and Compliance team, which is responsible for various functions related to Security, Privacy, and Compliance around Mindtickle's rapidly growing cloud platform. You'll play a crucial role in all our compliance & information security initiatives, including but not limited to those arising from regulations (e.g., GDPR, CCPA, UK DPA 2018, FINRA), audit requirements (e.g., SOC 2, HIPAA), and customer/ prospects requests (typically large enterprises).

As Data Privacy & Compliance Manager, you will champion the highest data privacy standards and drive forward compliance across all of Mindtickle. Crucial to this role will be an expert knowledge of international data protection laws and a proactive and pragmatic approach towards data privacy and compliance. 

Key Responsibilities:

• Act as the single point of contact for all privacy-related topics, including communication with customers and prospects, including RFPs, emails, or privacy calls

• Closely working with the internal legal team and external legal counsel to support the review of third parties/customer data processing addendums (DPAs), standard contractual clauses, contracts, and other data protection agreements

• Maintain the data protection terms agreed with customers in a contract management software

• Perform due diligence of new third parties and periodic risk review of existing third parties, including processes around sub-processors

• Support in other industry compliance projects such as ADA, Section 508, WCAG, FINRA, 21 CFR Part 11, etc.

• Lead the assessment of new legislation or other regulatory changes (GDPR, CCPA, UK DPA 2018, LGPD, PIPEDA, Swiss FDAP) and make recommendations as necessary to ensure that risks are mitigated as well as ongoing compliance

• To work flexibly and collaboratively across all teams in the organization while driving privacy & compliance-related projects, including sales, customer success, product, and engineering

• Own internal and external privacy audit projects, including planning, scoping, need analysis, ongoing project management, and communications with all relevant stakeholders

• Onboard privacy solutions, design, build and deploy data privacy programs on the solutions to ensure compliance with privacy requirements

• Maintain Records of Processing Activities (ROPA) and ensure Privacy By Design for new features/changes in the platform

• Undertake all other reasonable and related tasks associated with this role
  
  

Desired Qualification:

• 5-10 years of experience in data privacy and compliance, with exposure to cloud software platforms

• Extensive experience in data protection and knowledge of relevant legislation, including GDPR, Standard Contractual Clauses, Transfer Impact Assessment, CCPA, UK DPA 2018, LGPD, PIPEDA, Swiss FDAP, etc.

• Certifications such as CIPP/E, CIPP/US, CIPM, CIPT, etc., are preferred

• Specialist knowledge in a relevant area, e.g., data security and individual rights requests

• Excellent communication, interpersonal, project management, and issue resolution skills

• Excellent analytical skills, organizational skills, ingenuity, and the ability to work as part of a team

• Experience in managing privacy audits and risk management processes

• Demonstrated ability to learn quickly, take the initiative, and drive complex projects

Job description- Information Security(Financial)

Roles and Responsibilities

HTC Global Security Delivery Centre will provide a professional opportunity to work in a dynamic environment where you will have the ability to develop process and Cyber security based skills

Work profile of individual

• As part of the companyC Global cyber security consulting team, individual’s primary role would be to be a part of ISO 27k projects IT audits, ITGC audits, SSAE, SOC audits, IT Process Audit, Systems Audit, Gap assessment TPRM, GDPR, Infosec, GRC , ISMS, Cyber Security, SOX ITGC on customer engagements
• Will address all aspects of security like physical, logical, data, access etc and review Information Security policy and suggest / recommend necessary changes to the same on customer engagements
• Will be an active participant in internal / third party system security reviews and audits on customer engagements.
• Will perform internal audits on all aspects of IT and ensure compliance with the prescribed security norms on customer engagements and will be responsible for tracking the open audit findings and closure of the same
• Will be able to manage document tracking and updating - policies, processes, procedures, templates etc.
• Will assist in developing proposals by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise.
• Will demonstrate ability to clearly and concisely communicate the privacy implications of technology and implementation.

Team work

• Individual would be responsible for contributing to a strong team environment and promoting a positive working relationship with their colleagues.
• Individual would predominately work with off-shore engagement teams and relevant HTC Territory teams on presale and cyber security delivery.
• Communication, written and verbal, with these teams would be expected.
• Team members would be required to apply learning from trainings and on the job experience to work requests and support continuous process improvement.
• Team members would be required to handle multiple tasks at the same time.
• Detailed focus when performing work and good project management skills when managing workload and maintaining timelines will be necessary.

Desired Candidate Profile

• Bachelors
• Certifications (ISO 27001/ ISO 31000/ or equivalent and other relevant qualification/certification
• Experience : 3-5 years
  
  

Knowledge Required:

• Strong knowledge of information security concepts, risk and controls concepts. Strong understanding of security principals: audit, policies, guidelines, and compliance.
• Understanding of infrastructure (data centre, network end user computing) security / cloud security / managed security services / security operations centre / compliance risk management and ITGC controls
• Sound knowledge of Internal financial Controls and Compliance. Must be able to recommend controls around people, process, and technology.
• Sound knowledge of General Leger / Balance Sheet / Journal Entry / Budgeting / Financial fraud
• Sound knowledge on business controls and process controls. Good experience with control assessment, check the effectiveness of the implemented controls and recommend mitigation / improvements.
• Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.),
• Strong verbal and written communication skills Knowledge / experience in fields of ITGC audits, Internal Audit, External Audit / Statutory Audit projects
• Candidates should exhibit good client service skill collateral's with a strong focus on building relationships.

Additional Responsibilities:

• Ability to develop value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability
• Good knowledge on software configuration management systems and license Management systems
• Awareness of latest technologies and Industry trends
• Logical thinking and problem solving skills along with an ability to collaborate
• Understanding of the financial processes for various types of projects and the various pricing models available
• Ability to assess the current processes, identify improvement areas and suggest the technology solutions
• One or two industry domain knowledge
• Client Interfacing skills
• Project and Team management

• Establish, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
• Work directly with the business units to facilitate risk assessment and risk management processes
• Develop and enhance an information security management framework
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
• Provide leadership to the enterprise's information security organization
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
• Conduct regular internal audits in compliance with applicable legal and contractual requirements, ISO 27001 and PCI DSS requirements and companies internal requirements
• Conduct regular Management reviews and update the management on information security aspects. The MRMs shall also focus on drawing Management attentions to the key areas for required management actions.
• CISO is also responsible to ensure customer audits as well as re-certification and surveillance audits and successful.
• Coordinate with relevant stakeholders to address the NC closures.
• CISO shall ensure the information incidents are responded and resolved on time to ensure compliance with legal and contractual requirements.

• Degree in business administration or a technology-related field required.
• Professional security management certification
• Minimum of 5 years of experience in a combination of risk management, information security and IT jobs
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and PCI DSS.
• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Experience with contract and vendor negotiations and management including managed services.
• Specific experience in Agile (scaled) software development or other best in class development practices.
• Experience with Cloud computing/Elastic computing across virtualized environments.