GRC Consultant

Information Security Manager shall be primarily responsible to :

• Run and manage the BAU security infosec operations
• Create and maintain ISMS Policy and Process documents
• Ensure Infosec compliance with RBI and other regulatory agencies
• Participate in IT / Infosec Audits and ensure closure of observations within given timeliness
• Conduct regular VAPT (Vulnerability Assessments) and track closure of open observations
• Identifying and evaluating new IT security technologies and services and implementing it
• Ensure cyber security related polices and technologies are in place
• Conducting regular Inforsec Awareness within users in the organization
• The person needs to work closely with the CISO and other stakeholders – Risk, IT and Audit teams.

Key Accountability:

• Ensuring adequate security controls are in place & working effectively within the organization for information & cyber security
• Ensuring effectiveness of all IT controls to prevent any unauthorized access or activities at a system administration level
• Identify potential security weaknesses through vulnerability assessments and track them to closure within the timeliness
• Tracking and reporting key risk indicators defined for IT processes
• Create and maintain the documentation for information system audits in accordance with regulatory and compliance requirements
• Create / Review ISMS policy and process
• Implement Strategic IT Infosec projects to strengthen the overall IT Security posture

Compliance Officer the Senior/ Compliance Manager, Auditing, Monitoring and Investigations is responsible for the compliance monitoring and auditing activities in APAC. This position will also team with Chief Compliance Officer and APAC Compliance Officer to assist with compliance and ethics-related investigations within the APAC region.

PRINCIPAL RESPONSIBILITIES: · Create, manage, and oversee the annual APAC Compliance Program monitoring plan in coordination with local and regional commercial, CMA, legal, regulatory, and compliance personnel.

• Collect, maintain, and analyze data related to compliance trends identified through the execution of the annual compliance auditing and monitoring plan.
• Assist the APAC Compliance Officer in the execution of Corrective Action Plans (CAPs) and Prevention Plans (PPs), put in place based on trends identified in compiled compliance data.
• Report on an ad hoc periodic basis to the APAC Ethics and Compliance Commitee on the compliance monitoring and auditing systems, cases and trends.
• Assist the Compliance Officer with periodically measuring the effectiveness of the Client APAC Anticorruption compliance program and to develop as well as implement appropriate recommendations.
• Conducting auditing and monitoring activities, including transactional testing, Congresses/Tradeshows, Product Training and Education events and “ride along” monitoring in the field in support of the Local/Regional Compliance Officers.
• Assist with compliance and ethics related investigations, inspections and audits. Follow up on compliance and ethics related investigations to ensure timely implementation of recommendations.
• Coordinate and complete report activities to the APAC Compliance Officer on a periodic basis regarding compliance monitoring, auditing, tracking, and reporting obligations.
• Perform other duties as assigned or required to help ensure an effective Client Anticorruption Compliance Program in the APAC region.
• EDUCATION / EXPERIENCE REQUIREMENTS:
• A Bachelor’s degree is required, with a degree in Healthcare, Business, Accounting, Finance or related field being a plus.
• At least five to seven years of industry experience, preferably with a multinational organization similar to Client. Familiarity with laws and regulations associated with the above risks and related controls is required

An enthusiastic individual with the following skills. Please do not hesitate to apply if you do not match all of it. We are open to promising candidates who are passionate about their work and are team players.

• Must have strong experience in Information Security Management system(ISMS), creation of policy, procedures and implementation.
• Operates as a key contributor to the RFP, Third-Party Risk assessment, cloud security assessment etc.
• Lead the strategic and tactical development of information security framework, risk management and new compliance initiatives
• Subject matter expertise in ISO 27001, SOC2, CCPA, CPRA, GDPR, PCI DSS and HIPAA.
• Must have a strong experience in the documentation process and reviewing MSA, SCC, SLA & DPA.
• Good knowledge of BCP/DR, Incident response, VA/PT and Audit methodologies of various compliance frameworks.
• Good knowledge of Access management, Network, Application Security, Encryption, Backup, Physical Security, ISMS Training & Awareness etc..
• Ability to deal with the customers and vendors on Security and privacy matters.
• Knowledge of Core IT processes, SDLC, network infrastructure will be useful.

• Good written, oral, and interpersonal communication skills.
• Ability to conduct research into IT security issues
• Ability to present ideas in business-friendly and user-friendly language.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Highly self-motivated and hardworking.

• Bachelor’s/master's degree in Security, Computer Science, Management Information Systems, Engineering or related field.
• Should be at least ISO 27001 lead auditor or lead implementer. 
• 3+ years of related work experience in information security governance, risk and compliance (GRC) or relevant compliance roles in the SaaS industry.

A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact, and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the benefits of being at Xoxoday.

Xoxoday is a rapidly growing fintech SaaS firm that propels business growth while focusing on human motivation. Backed by Giift and Apis Partners Growth Fund II, Xoxoday offers a suite of three products - Plum, Empuls, and Compass. Xoxoday works with more than 2000 clients across 10+ countries and over 2.5 million users. Headquartered in Bengaluru, Xoxoday is a 300+ strong team with four global offices in San Francisco, Dublin, Singapore, New Delhi.

We look forward to connecting with you. As you may take time to review this opportunity, we will wait for a reasonable time of around 3-5 days before we screen the collected applications and start lining up job discussions with the hiring manager. We however assure you that we will attempt to maintain a reasonable time window for successfully closing this requirement. The candidates will be kept informed and updated on the feedback and application status.

What you need to have:

Job Title: QA Associate 

Job Description:

1. Responsible for Implementing, controlling and monitoring quality management system documentation (ISO 27001) and data privacy (SOC2).
2. Coordinate improvement in the system through output from audit, management review, and responsible to close NC’s during audits.
3. Knowledge of SAMD (Software as Medical Device) SaaS product, processes and procedures.

3-5 years of relevant experience in Medical Devices Industry.

Area of Expertise:

• To generate, implement and maintain internal quality procedures and systems to comply with ISO 27001, SOC2 standards
• Maintaining and updating various documents like internal docs log, external log, , Obsolete docs log, DCN, ECN, CAPA, SQA/IQA log, product complaint, equipment log
• Maintaining Engineering documents like part specs, Bill of materials, Drawings, Design review documents etc
• Co-ordinate and conduct periodic internal audits of various functional groups of an organization and drive compliance to QMS.
• Manage all documentation related to internal and external audit.
• Manage all the documents related to supplier qualification and coordinate Supplier’s audit and maintain the supplier file.
• Experience in Handling of CAPA (Corrective & Preventive Actions) & Product Complaints
• Co-ordination of Management Review Meetings & its action items implementation

Experience Required:

• 3-5 years of relevant experience in Medical Devices Industry.
• Educational Qualification – Diploma/Engineering graduate, preferably Computer Science or related.
• Ability to read and understand standard requirements independently.
• Good teamwork, communication and interpersonal skills. A demonstrated commitment to company values
• Good understanding of design control, and post marketing processes
• Knowledge of FDA / EU / Indian & other national regulations is an added advantage.
• Working knowledge of an e-QMS is an added advantage.

Urgent Hiring Senior Manager Internal audit 

Location - Mumbai

Qualifications- CA/ ICWAI/ MBA in Finance.

Key Responsibilities -

• Contribute to the Internal Audit function by identifying risks associated with business objectives and evaluating the controls in place to mitigate those risks in order to improve the effectiveness of risk management, control, and governance processes.
• Conduct audit discussions with business management to identify the root cause to obtain sustainable management action plans.
• Preparation of a concise and informative audit report to effectively communicate the findings.
• Develop a risk-based test plan by selecting appropriate audit approach, test procedures and sampling criteria based on professional judgment and departmentally defined internal audit methodology.
• Perform audit tests and prepare board reports as may be required from time to time.
• Identification of Audit universe, risk assessment of audit entities development of the annual Internal Audit plan.
• Keep abreast on the change in risk environment within / outside the organization.

Desired Candidate - 

• Work experience of 4-5 years in internal audit department in banking/ financial services industry is mandatory.
• Ability to take ownership of the task assigned and work successfully under minimum supervision
• Possess a good eye for detail and ability to work effectively under pressure
• Candidate must be aware about data management via use of MIS, certain software
• Should be well versed in MS Excel & other office suite of products
• Excellent communication skills - verbal, and written (including report writing)

Interested candidates can apply asap.

thanks & regards 

Neetu Dhiman 

Qualifications & Responsibilities

Year of Experience : 3- 8 yrs

Location : Bangalore, Delhi, Mumbai, Pune

Work on ISO 27001 & NIST based Information Security Management System implementation and sustenance.

-          Responsible for SOX (IT Security Controls) and track the monthly/quarterly/annual control reports and drive effectiveness of SOX controls.

-          Work on Business Continuity Planning, IT Disaster Recovery as per ISO27001 & NIST requirements

-          Assess information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk

-          Conduct Information Systems audits covering IT infrastructure assets

-          Working knowledge in security domains such as: security governance policies and procedures, risk management, compliance, access control, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy and data protection

-          Experience in leveraging industry standards and frameworks such as ISO/IEC 27001, NIST CSF/800-171, etc.

-          Possesses certifications such as ISO27001 LA. CISSP, CISA certification- preferred

Why NCG?

WHO WE ARE DRIVES WHAT WE DO!

We Don't build the organization; we create an everlasting family. Our people express a sense of winning together when times are good and sticking together when times are tough.

Are you a Doer or Achiever?

Well, at NCG, our doors are Open for Doers and Achievers alike. We are a Cult where we create, innovate, learn and Contribute in a comfortable, transparent, and fair environment.

Joining NCG means contributing to a shared ambition for reliable work culture, tackling extraordinary technological challenges in multicultural teams, preserving your work/life balance, and more!

B. Aims & Goals:

You are required to work with all departments at Pelican to implement, enhance and improve ISMS, GDPR and ISAE 3402 processes. You will also be closely working with external auditor as well as top management for status and reporting.

C. Key Responsibilities:

Your primary responsibilities include:  Assist in audit planning, including the identification of processes for audit review.   Execute internal audit assignments for all locations in India, US, UK and NL. Review the effectiveness of the controls.   Identify and document audit issues and opportunities for improvement.  Prepare the audit report for internal audit assignments and discuss audit findings with senior management.   Monitor and maintain the CAPA program. Assist with follow up corrective actions and oversee timely completion.  Facilitate independent audit engagements on behalf of the company.  Assist to develop and implement process improvements and best practices across the business unit. Review policies and procedures for all areas of the business.  Develop new policies and procedures as directed or required, to improve and to collect and analyse data for review with internal stakeholders.  Take responsibility for the management and execution of internal audit assignments, production of audit reports and management of follow up actions  Involved with working across all areas of the business to ensure that processes are documented and compliant to the company’s requirements.

D. Experience level & Qualification:

a. Experience Level  4 to 5 yrs

b. Educational background  B.E / B.Sc / B.com / Bachelor’s Degree  Holds ISO 27001:2013 Certification

E. Essential Skills:  Should have participated in ISMS (ISO 27001:2013) implementation and certification process.