Information Security Manager

An enthusiastic individual with the following skills. Please do not hesitate to apply if you do not match all of it. We are open to promising candidates who are passionate about their work and are team players.

• Must have strong experience in Information Security Management system(ISMS), creation of policy, procedures and implementation.
• Operates as a key contributor to the RFP, Third-Party Risk assessment, cloud security assessment etc.
• Lead the strategic and tactical development of information security framework, risk management and new compliance initiatives
• Subject matter expertise in ISO 27001, SOC2, CCPA, CPRA, GDPR, PCI DSS and HIPAA.
• Must have a strong experience in the documentation process and reviewing MSA, SCC, SLA & DPA.
• Good knowledge of BCP/DR, Incident response, VA/PT and Audit methodologies of various compliance frameworks.
• Good knowledge of Access management, Network, Application Security, Encryption, Backup, Physical Security, ISMS Training & Awareness etc..
• Ability to deal with the customers and vendors on Security and privacy matters.
• Knowledge of Core IT processes, SDLC, network infrastructure will be useful.

• Good written, oral, and interpersonal communication skills.
• Ability to conduct research into IT security issues
• Ability to present ideas in business-friendly and user-friendly language.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Highly self-motivated and hardworking.

• Bachelor’s/master's degree in Security, Computer Science, Management Information Systems, Engineering or related field.
• Should be at least ISO 27001 lead auditor or lead implementer. 
• 3+ years of related work experience in information security governance, risk and compliance (GRC) or relevant compliance roles in the SaaS industry.

A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact, and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the benefits of being at Xoxoday.

Xoxoday is a rapidly growing fintech SaaS firm that propels business growth while focusing on human motivation. Backed by Giift and Apis Partners Growth Fund II, Xoxoday offers a suite of three products - Plum, Empuls, and Compass. Xoxoday works with more than 2000 clients across 10+ countries and over 2.5 million users. Headquartered in Bengaluru, Xoxoday is a 300+ strong team with four global offices in San Francisco, Dublin, Singapore, New Delhi.

We look forward to connecting with you. As you may take time to review this opportunity, we will wait for a reasonable time of around 3-5 days before we screen the collected applications and start lining up job discussions with the hiring manager. We however assure you that we will attempt to maintain a reasonable time window for successfully closing this requirement. The candidates will be kept informed and updated on the feedback and application status.

Job Title: QA Associate 

 

Job Description:

1. Responsible for Implementing, controlling and monitoring quality management system documentation (ISO 27001) and data privacy (SOC2).
2. Coordinate improvement in the system through output from audit, management review, and responsible to close NC’s during audits.
3. Knowledge of SAMD (Software as Medical Device) SaaS product, processes and procedures.

 

3-5 years of relevant experience in Medical Devices Industry.

 

 

Area of Expertise:

• To generate, implement and maintain internal quality procedures and systems to comply with ISO 27001, SOC2 standards
• Maintaining and updating various documents like internal docs log, external log, , Obsolete docs log, DCN, ECN, CAPA, SQA/IQA log, product complaint, equipment log
• Maintaining Engineering documents like part specs, Bill of materials, Drawings, Design review documents etc
• Co-ordinate and conduct periodic internal audits of various functional groups of an organization and drive compliance to QMS.
• Manage all documentation related to internal and external audit.
• Manage all the documents related to supplier qualification and coordinate Supplier’s audit and maintain the supplier file.
• Experience in Handling of CAPA (Corrective & Preventive Actions) & Product Complaints
• Co-ordination of Management Review Meetings & its action items implementation

 

Experience Required:

• 3-5 years of relevant experience in Medical Devices Industry.
• Educational Qualification – Diploma/Engineering graduate, preferably Computer Science or related.
• Ability to read and understand standard requirements independently.
• Good teamwork, communication and interpersonal skills. A demonstrated commitment to company values
• Good understanding of design control, and post marketing processes
• Knowledge of FDA / EU / Indian & other national regulations is an added advantage.
• Working knowledge of an e-QMS is an added advantage.

Qualifications & Responsibilities

 

Year of Experience : 3- 8 yrs

 

Location : Bangalore, Delhi, Mumbai, Pune

 

Work on ISO 27001 & NIST based Information Security Management System implementation and sustenance.

-          Responsible for SOX (IT Security Controls) and track the monthly/quarterly/annual control reports and drive effectiveness of SOX controls.

-          Work on Business Continuity Planning, IT Disaster Recovery as per ISO27001 & NIST requirements

-          Assess information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk

-          Conduct Information Systems audits covering IT infrastructure assets

-          Working knowledge in security domains such as: security governance policies and procedures, risk management, compliance, access control, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy and data protection

-          Experience in leveraging industry standards and frameworks such as ISO/IEC 27001, NIST CSF/800-171, etc.

-          Possesses certifications such as ISO27001 LA. CISSP, CISA certification- preferred

 

Why NCG?

 

WHO WE ARE DRIVES WHAT WE DO!

 

We Don't build the organization; we create an everlasting family. Our people express a sense of winning together when times are good and sticking together when times are tough.

 

Are you a Doer or Achiever?

 

Well, at NCG, our doors are Open for Doers and Achievers alike. We are a Cult where we create, innovate, learn and Contribute in a comfortable, transparent, and fair environment.

 

Joining NCG means contributing to a shared ambition for reliable work culture, tackling extraordinary technological challenges in multicultural teams, preserving your work/life balance, and more!

B. Aims & Goals:

You are required to work with all departments at Pelican to implement, enhance and improve ISMS, GDPR and ISAE 3402 processes. You will also be closely working with external auditor as well as top management for status and reporting.

 

C. Key Responsibilities:

Your primary responsibilities include:  Assist in audit planning, including the identification of processes for audit review.   Execute internal audit assignments for all locations in India, US, UK and NL. Review the effectiveness of the controls.   Identify and document audit issues and opportunities for improvement.  Prepare the audit report for internal audit assignments and discuss audit findings with senior management.   Monitor and maintain the CAPA program. Assist with follow up corrective actions and oversee timely completion.  Facilitate independent audit engagements on behalf of the company.  Assist to develop and implement process improvements and best practices across the business unit. Review policies and procedures for all areas of the business.  Develop new policies and procedures as directed or required, to improve and to collect and analyse data for review with internal stakeholders.  Take responsibility for the management and execution of internal audit assignments, production of audit reports and management of follow up actions  Involved with working across all areas of the business to ensure that processes are documented and compliant to the company’s requirements.

 

D. Experience level & Qualification:

a. Experience Level  4 to 5 yrs

 

b. Educational background  B.E / B.Sc / B.com / Bachelor’s Degree  Holds ISO 27001:2013 Certification

 

E. Essential Skills:  Should have participated in ISMS (ISO 27001:2013) implementation and certification process.

• To drive and facilitate process improvement initiatives (LSS, BPR) and facilitate internal & external ISO and ISMS quality audits • Responsible for planning, organizing and managing the overall activities of audits • Conduct audits, including closing out audit findings, creating audits finding reports and determine proper corrective and preventive actions. • Interacting with business stakeholders and assisting in establishing, implementing, maintaining and improving the QMS. • Create and maintain company quality documentation, such as quality manuals, quality procedures, etc. • Develop and conduct training to build quality awareness. • Provide process consultancy to functional managers / project managers / lead. • Structured data collection and preparation of QA reports • Ensure timely resolution of corrective and preventive actions.