ISO AUDITOR

Information Security Manager shall be primarily responsible to :

• Run and manage the BAU security infosec operations
• Create and maintain ISMS Policy and Process documents
• Ensure Infosec compliance with RBI and other regulatory agencies
• Participate in IT / Infosec Audits and ensure closure of observations within given timeliness
• Conduct regular VAPT (Vulnerability Assessments) and track closure of open observations
• Identifying and evaluating new IT security technologies and services and implementing it
• Ensure cyber security related polices and technologies are in place
• Conducting regular Inforsec Awareness within users in the organization
• The person needs to work closely with the CISO and other stakeholders – Risk, IT and Audit teams.

Key Accountability:

• Ensuring adequate security controls are in place & working effectively within the organization for information & cyber security
• Ensuring effectiveness of all IT controls to prevent any unauthorized access or activities at a system administration level
• Identify potential security weaknesses through vulnerability assessments and track them to closure within the timeliness
• Tracking and reporting key risk indicators defined for IT processes
• Create and maintain the documentation for information system audits in accordance with regulatory and compliance requirements
• Create / Review ISMS policy and process
• Implement Strategic IT Infosec projects to strengthen the overall IT Security posture

We are looking for a capable System Administrator to take over all aspects of the configuration and maintenance of computer systems. A System Admin should be able to diagnose and resolve problems quickly and should have the patience to communicate with a variety of interdisciplinary teams and users.

Monitoring and reporting all points mentioned below.

Ensure Security updates are installed:

• Regularly checking whether the Antivirus software is updated for users.
• Regularly monitor platforms like Google to ensure everybody is using up-to-date applications with no security issues.
• Regularly Email users about the security updates that they need to install on their laptops and PCs.

Antivirus

Centrally managed antivirus should be installed on all laptops and mobile devices. 

• Adding a purchase request for any additional licence that we might require.
• Pushing new software updates on users’ laptops.
• Keeping up-to-date with antivirus updates so all our devices are secure.
• Miradore user agent 

Mobile device and access management

• Set rules and configure settings on personal and organisation-owned devices to access data and networks.
• Deploy and authenticate apps on devices -- on-premises and mobile.
• Protect company data by controlling the way users access and share information.
• Make sure devices and apps are compliant with security requirements.
• Only provide user access to laptops (No admin access, excluding developers)
• All new software installation requests will go through the system admin to make sure nothing is installed on work laptops that poses a security risk.

Vanta compliance-related tickets

• Vanta will continue to monitor and create issues to be compliant with ISO 27K over time. The system administrator must resolve all such system-related tickets.

Access management to different user applications

• Access should be restricted to only what is necessary to perform job duties ("principle of least privilege").
• Technical access to all the company’s networks must be formally documented, including the standard role for approver, grantor, and date.
• Only authorised employees and third parties working off a signed contract or statement of work, with a business need, shall be granted access to the company’s production networks.
• The company’s guests may be granted access to guest networks after registering with office staff without a documented request - guest network management.

Removal media encryption

• Research removable media encryption and figure out if removable media should be implemented and make sure it is always encrypted.

MFA reset and debugging

As we are enabling MFA for more and more applications that we have, more people are likely to have issues with it as the business moves forward. 

• Different online applications will have different ways of handling the MFA reset; a system admin should be familiar with all.

Website watcher configuration and email issues

• Software like Website Watcher keeps having email issues, as it sends emails in huge numbers every day. The system administrator must keep an eye on the emails and fix issues promptly as and when they arise.

Office network management

• System admin can help in creating guest networks in the office and making sure that the network is as secure as possible.

Phishing emails

• Finding the optimal solution to prevent phishing emails from getting delivered.
• Verifying emails sent by our staff to check for phishing emails.

Security incidents handling

• System admin must monitor incident and event tickets and assign severity tickets.
• Continuous checks to ensure the security incident policies are being followed and up to date
• A root cause analysis report must be documented and referenced in incident tickets.
• A central "War Room" will be designated for handling security threats. This may be a physical or virtual location  (i.e., Slack channel) and managed by the system admin.
• Conducting recurring Incident Response Meetings until the incident is resolved (as per the company's established norms)

Implement password policy

• Password policy must be in place to ensure that users are using secure passwords that are not easily crackable.

Add-ons:

• Devops is a plus point

1.      Core Responsibilities

·      Review, suggest and implement enhancements/Bug fixes to the ServiceNow platform.

·      Work closely with other IT teams to help implement integrations from other platforms(like Monitoring tools: Nagios, Prometheus, Sematext, Dynatrace etc., )  into the ServiceNow ecosystem.

·      Attend important business meetings to gather information around projects pertaining to ServiceNow.

·      Help to maintain and improve the CMDB by collaborating with key stakeholders to ensure the correct data is being maintained.

·      Help to manage the platform to ensure a reliable seamless user experience.

·      Develop and maintain service catalogue items by collaborating with key stakeholders across the business.

·      Support the banks audit requirements around the ServiceNow platform by helping to provide reports and audits as required.

·      Support audit requirements and compliance to standards

·      Should have knowledge on creating customized Dashboards & Reports

·      Automation using ServiceNow (like Major Incident Management, Incident Reduction, Problem Management etc.,) , if any

·      Should be able to drive Service Improvement Plan’s in optimizing ServiceNow platform on their own

·      Maintain the company’s compliance standards and ensure timely completion of all mandatory on-line training modules and attestations.

2.      Experience Requirements

Essential:

·      4 to 6 years previous experience in ServiceNow administration OR Technical work on ServiceNow design and implementation is essential

·      4 to 6 years previous experience in delivering ServiceNow projects (new modules, improvements, enhancements etc.) is essential

·      4 to 6 years previous experience or equivalent qualification in Service Now ITSM & ITOM is essential

·      8 to 10 years overall experience in IT is essential

Desirable

·      3 to 5 years’ experience in orchestration, service mapping is desirable

3.      Knowledge Requirements

Essential

·      Very good knowledge of Incident Management, Request Fulfilment, Change Management, Problem Management processes

·      Very good knowledge of ITSM and ITOM practices is essential

·      Detailed knowledge of the ITIL/ITSM Best practices is essential

Desirable

·      Good understanding of CSDM is desirable

·      Good knowledge of the ISO 20K, 27K, 9K is desirable

·      Basic knowledge of IT Infrastructure technologies used in a banking domain in desirable

An enthusiastic individual with the following skills. Please do not hesitate to apply if you do not match all of it. We are open to promising candidates who are passionate about their work and are team players.

• Must have strong experience in Information Security Management system(ISMS), creation of policy, procedures and implementation.
• Operates as a key contributor to the RFP, Third-Party Risk assessment, cloud security assessment etc.
• Lead the strategic and tactical development of information security framework, risk management and new compliance initiatives
• Subject matter expertise in ISO 27001, SOC2, CCPA, CPRA, GDPR, PCI DSS and HIPAA.
• Must have a strong experience in the documentation process and reviewing MSA, SCC, SLA & DPA.
• Good knowledge of BCP/DR, Incident response, VA/PT and Audit methodologies of various compliance frameworks.
• Good knowledge of Access management, Network, Application Security, Encryption, Backup, Physical Security, ISMS Training & Awareness etc..
• Ability to deal with the customers and vendors on Security and privacy matters.
• Knowledge of Core IT processes, SDLC, network infrastructure will be useful.

• Good written, oral, and interpersonal communication skills.
• Ability to conduct research into IT security issues
• Ability to present ideas in business-friendly and user-friendly language.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Highly self-motivated and hardworking.

• Bachelor’s/master's degree in Security, Computer Science, Management Information Systems, Engineering or related field.
• Should be at least ISO 27001 lead auditor or lead implementer. 
• 3+ years of related work experience in information security governance, risk and compliance (GRC) or relevant compliance roles in the SaaS industry.

A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact, and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the benefits of being at Xoxoday.

Xoxoday is a rapidly growing fintech SaaS firm that propels business growth while focusing on human motivation. Backed by Giift and Apis Partners Growth Fund II, Xoxoday offers a suite of three products - Plum, Empuls, and Compass. Xoxoday works with more than 2000 clients across 10+ countries and over 2.5 million users. Headquartered in Bengaluru, Xoxoday is a 300+ strong team with four global offices in San Francisco, Dublin, Singapore, New Delhi.

We look forward to connecting with you. As you may take time to review this opportunity, we will wait for a reasonable time of around 3-5 days before we screen the collected applications and start lining up job discussions with the hiring manager. We however assure you that we will attempt to maintain a reasonable time window for successfully closing this requirement. The candidates will be kept informed and updated on the feedback and application status.

Network Admin

What is the role?

As the IT/System administrator, you will oversee and maintain all aspects of the company’s computer infrastructure including desktop support, maintaining network, servers and security programs and systems. Your goal will be to ensure that our technology infrastructure runs smoothly and efficiently.

Key responsibilities

• From servers to security programs, review all computer systems to ensure that all aspects are operating efficiently.
• Troubleshoot problems, configure hardware and software, implement back up processes including disaster recovery and failover procedures and assess systems for upgrades or replacement.
• Install new systems, assess, and implement upgrades as needed, create passwords, and run checks for viruses and spyware.
• Provide desktop support to the employees and manage the IT helpdesk.
• Build an internal wiki with technical documentation, manuals, and IT policies.
• Responsible for capacity, storage planning, and database performance.
• Diagnosing, verifying, recording, and reporting downtime and providing immediate notification for all incidents.
• Represent the IT department during various internal and external ISMS and Quality audits.
• Maintaining the register of all the IT Assets, Including hardware's and Software's.
• Familiar with the mail security, web browsing protection, Endpoint security, data recovery, backup and Active Directory.
• Maintain procedures and reports that provide technical support to the entire organization.
• Support the implementation of new solutions or applications for the organization. 
• Knowledge about Incident management, access control, Log monitoring, VPN, VAPT and Password management.

What are we looking for?

• 5+ years of database, network administration, or system administration experience.
• Strong communication, organizational, problem-solving and time management skills.
• Ability to work independently and apply analytical skills.
• Familiarity with various operating systems and platforms.
• BSc/BA in Information Technology, Computer Science, or a related discipline.
• Professional System administration / IT certifications in Linux, Microsoft, or other network related fields are a plus.
• A proven track record of developing and implementing IT strategy and plans.
• Strong knowledge of implementing and effectively developing helpdesk and IT operations best practices, including expert knowledge of security, storage, data protection, and disaster recovery protocols.
• Prior experience of working on ISMS, GDPR & SOC guidelines of IT Infra and security.

Whom will you work with?

This is an individual contributor role and you will be reporting to the Head – HR & Admin.

What can you look for?

A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain quality on content, interact and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the benefits of being at Xoxoday.

We are

A fast-growing SaaS commerce company based in Bangalore with offices in Delhi, Mumbai, SF, Dubai, Singapore, and Dublin. We have three products in our portfolio: Plum, Empuls and Compass. Xoxoday works with over 1000 global clients. We help our clients in engaging and motivating their employees, sales teams, channel partners or consumers for better business results.

Way forward

We look forward to connecting with you. As you may take time to review this opportunity, we will wait for a reasonable time of around 3-5 days before we screen the collected applications and start lining up job discussions with the hiring manager. We however assure you that we will attempt to maintain a reasonable time window for successfully closing this requirement. The candidates will be kept informed and updated on the feedback and application status.

Job Title: QA Associate 

Job Description:

1. Responsible for Implementing, controlling and monitoring quality management system documentation (ISO 27001) and data privacy (SOC2).
2. Coordinate improvement in the system through output from audit, management review, and responsible to close NC’s during audits.
3. Knowledge of SAMD (Software as Medical Device) SaaS product, processes and procedures.

3-5 years of relevant experience in Medical Devices Industry.

Area of Expertise:

• To generate, implement and maintain internal quality procedures and systems to comply with ISO 27001, SOC2 standards
• Maintaining and updating various documents like internal docs log, external log, , Obsolete docs log, DCN, ECN, CAPA, SQA/IQA log, product complaint, equipment log
• Maintaining Engineering documents like part specs, Bill of materials, Drawings, Design review documents etc
• Co-ordinate and conduct periodic internal audits of various functional groups of an organization and drive compliance to QMS.
• Manage all documentation related to internal and external audit.
• Manage all the documents related to supplier qualification and coordinate Supplier’s audit and maintain the supplier file.
• Experience in Handling of CAPA (Corrective & Preventive Actions) & Product Complaints
• Co-ordination of Management Review Meetings & its action items implementation

Experience Required:

• 3-5 years of relevant experience in Medical Devices Industry.
• Educational Qualification – Diploma/Engineering graduate, preferably Computer Science or related.
• Ability to read and understand standard requirements independently.
• Good teamwork, communication and interpersonal skills. A demonstrated commitment to company values
• Good understanding of design control, and post marketing processes
• Knowledge of FDA / EU / Indian & other national regulations is an added advantage.
• Working knowledge of an e-QMS is an added advantage.

Qualifications & Responsibilities

Year of Experience : 3- 8 yrs

Location : Bangalore, Delhi, Mumbai, Pune

Work on ISO 27001 & NIST based Information Security Management System implementation and sustenance.

-          Responsible for SOX (IT Security Controls) and track the monthly/quarterly/annual control reports and drive effectiveness of SOX controls.

-          Work on Business Continuity Planning, IT Disaster Recovery as per ISO27001 & NIST requirements

-          Assess information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk

-          Conduct Information Systems audits covering IT infrastructure assets

-          Working knowledge in security domains such as: security governance policies and procedures, risk management, compliance, access control, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy and data protection

-          Experience in leveraging industry standards and frameworks such as ISO/IEC 27001, NIST CSF/800-171, etc.

-          Possesses certifications such as ISO27001 LA. CISSP, CISA certification- preferred

Why NCG?

WHO WE ARE DRIVES WHAT WE DO!

We Don't build the organization; we create an everlasting family. Our people express a sense of winning together when times are good and sticking together when times are tough.

Are you a Doer or Achiever?

Well, at NCG, our doors are Open for Doers and Achievers alike. We are a Cult where we create, innovate, learn and Contribute in a comfortable, transparent, and fair environment.

Joining NCG means contributing to a shared ambition for reliable work culture, tackling extraordinary technological challenges in multicultural teams, preserving your work/life balance, and more!