Information Security Manager shall be primarily responsible to :
- Run and manage the BAU security infosec operations
- Create and maintain ISMS Policy and Process documents
- Ensure Infosec compliance with RBI and other regulatory agencies
- Participate in IT / Infosec Audits and ensure closure of observations within given timeliness
- Conduct regular VAPT (Vulnerability Assessments) and track closure of open observations
- Identifying and evaluating new IT security technologies and services and implementing it
- Ensure cyber security related polices and technologies are in place
- Conducting regular Inforsec Awareness within users in the organization
- The person needs to work closely with the CISO and other stakeholders – Risk, IT and Audit teams.
Key Accountability:
- Ensuring adequate security controls are in place & working effectively within the organization for information & cyber security
- Ensuring effectiveness of all IT controls to prevent any unauthorized access or activities at a system administration level
- Identify potential security weaknesses through vulnerability assessments and track them to closure within the timeliness
- Tracking and reporting key risk indicators defined for IT processes
- Create and maintain the documentation for information system audits in accordance with regulatory and compliance requirements
- Create / Review ISMS policy and process
- Implement Strategic IT Infosec projects to strengthen the overall IT Security posture
About CyberNX Technologies
Similar jobs
What are we looking for?
An enthusiastic individual with the following skills. Please do not hesitate to apply if you do not match all of it. We are open to promising candidates who are passionate about their work and are team players.
Key Responsibilities & expectations from the candidate
- Must have strong experience in Information Security Management system(ISMS), creation of policy, procedures and implementation.
- Operates as a key contributor to the RFP, Third-Party Risk assessment, cloud security assessment etc.
- Lead the strategic and tactical development of information security framework, risk management and new compliance initiatives
- Subject matter expertise in ISO 27001, SOC2, CCPA, CPRA, GDPR, PCI DSS and HIPAA.
- Must have a strong experience in the documentation process and reviewing MSA, SCC, SLA & DPA.
- Good knowledge of BCP/DR, Incident response, VA/PT and Audit methodologies of various compliance frameworks.
- Good knowledge of Access management, Network, Application Security, Encryption, Backup, Physical Security, ISMS Training & Awareness etc..
- Ability to deal with the customers and vendors on Security and privacy matters.
- Knowledge of Core IT processes, SDLC, network infrastructure will be useful.
Personal Attributes
- Good written, oral, and interpersonal communication skills.
- Ability to conduct research into IT security issues
- Ability to present ideas in business-friendly and user-friendly language.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Highly self-motivated and hardworking.
Qualification and certification
- Bachelor’s/master's degree in Security, Computer Science, Management Information Systems, Engineering or related field.
- Should be at least ISO 27001 lead auditor or lead implementer.
- 3+ years of related work experience in information security governance, risk and compliance (GRC) or relevant compliance roles in the SaaS industry.
What can you look for?
A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact, and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the benefits of being at Xoxoday.
We are
Xoxoday is a rapidly growing fintech SaaS firm that propels business growth while focusing on human motivation. Backed by Giift and Apis Partners Growth Fund II, Xoxoday offers a suite of three products - Plum, Empuls, and Compass. Xoxoday works with more than 2000 clients across 10+ countries and over 2.5 million users. Headquartered in Bengaluru, Xoxoday is a 300+ strong team with four global offices in San Francisco, Dublin, Singapore, New Delhi.
Way forward
We look forward to connecting with you. As you may take time to review this opportunity, we will wait for a reasonable time of around 3-5 days before we screen the collected applications and start lining up job discussions with the hiring manager. We however assure you that we will attempt to maintain a reasonable time window for successfully closing this requirement. The candidates will be kept informed and updated on the feedback and application status.
Job Title: QA Associate
Job Description:
- Responsible for Implementing, controlling and monitoring quality management system documentation (ISO 27001) and data privacy (SOC2).
- Coordinate improvement in the system through output from audit, management review, and responsible to close NC’s during audits.
- Knowledge of SAMD (Software as Medical Device) SaaS product, processes and procedures.
3-5 years of relevant experience in Medical Devices Industry.
Area of Expertise:
- To generate, implement and maintain internal quality procedures and systems to comply with ISO 27001, SOC2 standards
- Maintaining and updating various documents like internal docs log, external log, , Obsolete docs log, DCN, ECN, CAPA, SQA/IQA log, product complaint, equipment log
- Maintaining Engineering documents like part specs, Bill of materials, Drawings, Design review documents etc
- Co-ordinate and conduct periodic internal audits of various functional groups of an organization and drive compliance to QMS.
- Manage all documentation related to internal and external audit.
- Manage all the documents related to supplier qualification and coordinate Supplier’s audit and maintain the supplier file.
- Experience in Handling of CAPA (Corrective & Preventive Actions) & Product Complaints
- Co-ordination of Management Review Meetings & its action items implementation
Experience Required:
- 3-5 years of relevant experience in Medical Devices Industry.
- Educational Qualification – Diploma/Engineering graduate, preferably Computer Science or related.
- Ability to read and understand standard requirements independently.
- Good teamwork, communication and interpersonal skills. A demonstrated commitment to company values
- Good understanding of design control, and post marketing processes
- Knowledge of FDA / EU / Indian & other national regulations is an added advantage.
- Working knowledge of an e-QMS is an added advantage.
Qualifications & Responsibilities
Year of Experience : 3- 8 yrs
Location : Bangalore, Delhi, Mumbai, Pune
Work on ISO 27001 & NIST based Information Security Management System implementation and sustenance.
- Responsible for SOX (IT Security Controls) and track the monthly/quarterly/annual control reports and drive effectiveness of SOX controls.
- Work on Business Continuity Planning, IT Disaster Recovery as per ISO27001 & NIST requirements
- Assess information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk
- Conduct Information Systems audits covering IT infrastructure assets
- Working knowledge in security domains such as: security governance policies and procedures, risk management, compliance, access control, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy and data protection
- Experience in leveraging industry standards and frameworks such as ISO/IEC 27001, NIST CSF/800-171, etc.
- Possesses certifications such as ISO27001 LA. CISSP, CISA certification- preferred
Why NCG?
WHO WE ARE DRIVES WHAT WE DO!
We Don't build the organization; we create an everlasting family. Our people express a sense of winning together when times are good and sticking together when times are tough.
Are you a Doer or Achiever?
Well, at NCG, our doors are Open for Doers and Achievers alike. We are a Cult where we create, innovate, learn and Contribute in a comfortable, transparent, and fair environment.
Joining NCG means contributing to a shared ambition for reliable work culture, tackling extraordinary technological challenges in multicultural teams, preserving your work/life balance, and more!
B. Aims & Goals:
You are required to work with all departments at Pelican to implement, enhance and improve ISMS, GDPR and ISAE 3402 processes. You will also be closely working with external auditor as well as top management for status and reporting.
C. Key Responsibilities:
Your primary responsibilities include: Assist in audit planning, including the identification of processes for audit review. Execute internal audit assignments for all locations in India, US, UK and NL. Review the effectiveness of the controls. Identify and document audit issues and opportunities for improvement. Prepare the audit report for internal audit assignments and discuss audit findings with senior management. Monitor and maintain the CAPA program. Assist with follow up corrective actions and oversee timely completion. Facilitate independent audit engagements on behalf of the company. Assist to develop and implement process improvements and best practices across the business unit. Review policies and procedures for all areas of the business. Develop new policies and procedures as directed or required, to improve and to collect and analyse data for review with internal stakeholders. Take responsibility for the management and execution of internal audit assignments, production of audit reports and management of follow up actions Involved with working across all areas of the business to ensure that processes are documented and compliant to the company’s requirements.
D. Experience level & Qualification:
a. Experience Level 4 to 5 yrs
b. Educational background B.E / B.Sc / B.com / Bachelor’s Degree Holds ISO 27001:2013 Certification
E. Essential Skills: Should have participated in ISMS (ISO 27001:2013) implementation and certification process.