23+ ISO/IEC 27001:2005 Jobs in India

What will you do?

Governance and Policy Development   

·         Develop, implement, and maintain governance policies, SOPs, and related documentation. 

·         Ensure all policies align with industry standards (e.g., FedRAMP, NIST SP 800-53, ISO 27001 family, and HIPAA). 

·         Monitor policy effectiveness and recommend updates based on organizational changes or regulatory updates. 

Risk Management   

·  Conduct risk assessments to identify vulnerabilities, threats, and compliance gaps. 

·  Collaborate with cross-functional teams to design and implement remediation strategies. 

·  Maintain risk registers and monitor mitigation efforts. 

Compliance Oversight   

·  Support the organization in achieving and maintaining FedRAMP certification. 

·  Manage periodic audits, security assessments, and readiness activities for compliance frameworks. 

·  Track and report on compliance metrics, audit findings, and resolution status. 

Training and Awareness   

·  Develop and deliver training programs to enhance employee understanding of compliance policies and procedures. 

·  Act as a point of contact for compliance-related queries within the organization. 

Incident Response and Reporting   

·  Support incident response processes to ensure effective investigation and reporting of compliance-related incidents. 

·  Collaborate with stakeholders to implement corrective actions and prevent recurrence. 

Vendor and Third-Party Risk Management   

·  Assess third-party vendors for compliance with organizational policies and standards. 

·  Ensure contracts include appropriate compliance requirements. 

What do you bring to the table?

Education & Experience   

·  Overall 12- 15 years of relevant experience

·  Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or related field (Master’s preferred). 

·  3+ years of experience in governance, risk, and compliance roles, with specific experience in FedRAMP compliance.  

Knowledge & Skills   

·  Strong understanding of FedRAMP, NIST SP 800-53, ISO 27001, and other relevant frameworks. 

·  Experience in drafting policies, procedures, and SOPs. 

·  Familiarity with GRC tools and platforms (e.g., Archer, ServiceNow GRC). 

·  Excellent communication and documentation skills. 

·  Analytical mindset with attention to detail. 

Certifications (Preferred)   

·  Certified Information Systems Security Professional (CISSP) 

·  Certified Information Systems Auditor (CISA) 

·  Certified Information Security Manager (CISM) 

·  ISO 27001 Lead or Internal auditor

🚀 Hiring: Director – Head of Information Security

We are seeking a visionary leader to drive our global information security strategy and safeguard digital assets in a fast-growing blockchain & fintech environment. This is a senior leadership role with high visibility and impact.

🔑 Key Responsibilities

*Define & lead information security, risk & governance programs

*Oversee product & platform security, DevSecOps & SSDLC practices

*Build & mature threat, vulnerability & incident response functions

*Ensure compliance, audit readiness & executive stakeholder engagement

🎯 Requirements

*8+ years in security/risk/operations (2+ years in leadership)

*Proven executive stakeholder management

*Strong knowledge of frameworks (NIST, CIS, OWASP, MITRE)

*Certifications (CISSP, CISM, CCSP) a plus

📍 Hybrid role | Delhi

Job Title: Manager Information Security – IT

Job Purpose: Acting in a key technical management & execution capacity to provide a conduit between IT teams and key business stakeholders in your functional area of IT Security to ensure MSR information technology needs are managed consistently, following professional IT and global standards, and delivered with a high level of quality and customer satisfaction.

Reward level: Middle Management

Job Location Gurgaon

Experience 10+ years

Relevant Experience 7+ years

Reporting to: General Manager

Qualification: Bachelor’s degree in IT

Key Deliverables:

·        Provide support as Lead auditor towards ISMS and PIMS policies, procedures, and guidelines and perform regular review and update.

·        Perform deep assessment to gather evidence of continuous compliance with ISO 27001:2022 and ISO 27701:2019, DPDPA, IT Act and Cert In Regulation including audit logs, records of reviews, timely closure of open audit and risks and sharing the report with management.

·        Conduct regular, documented information security and privacy risk assessments identifying assets, threats, vulnerabilities, likelihood, and impact with stakeholders.

·        Prioritize identified vulnerabilities, detailed findings, remediation recommendations, trending reports on vulnerability posture towards closure with stakeholders.

·        Development and implementation of a comprehensive, ongoing security awareness and training program for all employees.

·        Encourage secure behaviours among colleagues and reinforce the importance of information security and privacy in daily operations.

·        Prepare regular report on overall information security posture, GRC maturity, and risk landscape to relevant stakeholders

·        Ability to collect lessons learned from incidents, audits, and assessments to drive continuous improvement in ISMS/PIMS and security processes.

Key Relationships:

·        Internal IT and business customers in MSR.

·        Global IT Vendor, market and global (HQ) colleagues, Local vendor partners

·        Internal staff - direct reports (where applicable)

·        IT vendors, contractors (where applicable)

Knowledge Skills and Abilities:

·        Must possess and demonstrate ISO 27001 Lead Implementer/Auditor and ISO 27701 Lead Implementer/Auditor certifications and knowledge.

·        In depth understanding of IT Act, DPDPA, Cert In regulations, CIS Controls as well as UK DPA and ISO 31000

·        Good to have certification on CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional) and Cloud Security certifications (e.g., CCSK, CCSP, vendor-specific like AWS Security Specialty)

·        Familiarity with common vulnerability scanning tools like Qualys (features, reporting, agent-based vs. network scans) and Cloud Security Posture Management (CSPM) tools like Wiz (cloud service provider configurations, misconfigurations, compliance checks in AWS, Azure, GCP).

·        Understanding of various penetration testing types (e.g., network, web application, API, mobile, cloud) and methodologies

·        Knowledge of common attack vectors and exploitation techniques like MITRE ATTACK and DEFEND framework.

·        Basic to intermediate knowledge of common security controls and technologies (e.g., firewalls, EDR, Cloud Security, VAPT tools, SIEM, WAF, DLP, encryption).

·        Understanding of network protocols, operating systems (Windows, Linux), and common application architectures.

·        Knowledge of audit principles and practices (internal and external audits).

·        Understanding of corrective action planning and non-conformity management.

·        Understanding of third-party risk management principles and vendor due diligence processes.

·        Excellent technical writing skills for creating clear, concise, and comprehensive security policies, standards, and procedures.

·        Ability to analyse complex risk data and present actionable insights.

·        Hands-on experience with Qualys for configuring scans, analysing reports, and managing vulnerabilities.

·        Hands-on experience with Wiz CSPM for monitoring cloud environments, identifying misconfigurations, and generating compliance reports.

·        Proficiency with GRC platforms or tools for managing policies, risks, and controls

·        Exceptional verbal and written communication skills to articulate complex security concepts to technical and non-technical stakeholders

·        Ability to build strong relationships and collaborate effectively with diverse teams (IT, Legal, HR, Development, Business Units).

·        Skills in influencing behaviour and driving change across the organization to improve security posture.

·        Strong analytical skills to diagnose security issues, identify root causes, and develop effective solutions.

·        Ability to critically evaluate security controls and identify gaps.

·        Contract review and negotiation skills specifically for security-related services.

·        Ability to effectively manage vendor relationships and performance.

·        Ability to develop and deliver engaging security training sessions and awareness campaigns.

·        Ability to stay updated with the latest security threats, vulnerabilities, technologies, and regulatory changes.

·        Capacity to quickly learn and adapt to new tools and methodologies.

·        Meticulous attention to detail in policy creation, audit documentation, and vulnerability analysis.

·        Ability to act calmly and effectively during security incidents and contribute to incident response efforts.

mail updated resume- etalenthire[at]gmail[dot]com

satish: 88O 27 49 743

Skills Requirement: Skills:

. Prior work experience in application security is mandatory.

Should have solid experience in Penetration testing.

Candidates should be familiar with Azure WAF.

Candidates must have excellent verbal and written communication skills.

Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.

6. Familiarity with a variety of development and testing tools

7. Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience and discuss effective defensive techniques.

8. Familiarity with industry standards and regulations including PCI, FFIEC, SOX, and ISO27001 is desired.

9. linux Experienced in tools like Snyk, Tenable WAS, Invicti, Burp suite, Postman, kali

10. Experience in conducting Threat Modelling using STRIDE, PASTA etc

Key Responsibilities:

Conduct internal audits for PCI DSS, ISO 27001/9001, SOC 2, GDPR, HIPAA

Plan & manage audit schedules

Evaluate systems, processes & controls

Prepare audit reports & maintain documentation

Collaborate with IT, Security, Legal & Ops on remediation

Provide compliance training & support

Liaise with external auditors & ensure audit readiness

Improve audit tools & stay updated on compliance changes

Skills & Qualifications:

Strong knowledge of PCI DSS, ISO standards, SOC 2

Familiar with audit tools, risk assessments & IT basics

2–5 years in audit/compliance roles

Experience with internal & external audits

Excellent analytical & communication skills

Preferred Certifications (Optional):

CISA | CISM | ISO 27001 Lead Auditor | CRISC

Why Join Us?

Supportive, collaborative environment

Growth opportunities & certifications

Work on high-impact compliance projects.

Job Title: Audit Specialist

Location: Noida 63

Experience Required: 2-5 years

Employment Type: Full-Time

We are seeking a detail-oriented Audit Specialist to join our compliance team. The ideal candidate will have experience in auditing and ensuring compliance with PCI DSS, ISO 27001, ISO 9001, SOC 2, and other regulatory frameworks. You will conduct internal audits, manage compliance processes, and collaborate with teams to ensure alignment with regulations.

Key Responsibilities:

• Conduct internal audits for PCI DSS, ISO 27001, ISO 9001, and other compliance frameworks.
• Develop and implement audit plans and ensure regular assessments.
• Identify compliance gaps, document findings, and recommend corrective actions.
• Prepare detailed audit reports and track remediation progress.
• Assist with external audits and liaise with regulatory bodies.
• Provide training on compliance best practices.
• 
  

Required Skills & Qualifications:

• Strong knowledge of compliance standards (PCI DSS, ISO 27001, ISO 9001, SOC 2, etc.).
• Experience in internal and external auditing, risk assessment, and compliance processes.
• Strong analytical, problem-solving, and communication skills.
• Preferred certifications: CISA, CISM, ISO 27001 Lead Auditor, CRISC (not mandatory).

Network Security Engineer – 10+ Years of Experience

(Males & Immediate Joiners only)

Mandatory Skills:

- 10+ years of experience in network security with a strong focus on data center security, cloud security, and container security.

- In-depth knowledge of firewalls, intrusion detection/prevention systems (IDS/IPS), and other security tools like anti-virus and endpoint protection.

- Experience with cloud security solutions and securing cloud-native applications.

- Strong experience with vulnerability management, penetration testing, and disaster recovery planning.

- Advanced knowledge of network protocols, network security design, and defense against common attack vectors (e.g., DDoS, SQL injection, phishing).

- Familiarity with security frameworks such as NIST, ISO 27001, and other relevant security standards.

- Excellent analytical, problem-solving, and critical thinking skills, with a strong attention to detail.

- Strong communication and interpersonal skills, with the ability to train staff and consult with management on security matters.

We are looking for an experienced Network Security Engineer with 8+ years of experience in managing and securing network infrastructures, including data center and cloud security solutions, as well as container security. If you have a strong background in firewall solutions, vulnerability management, and a passion for securing modern IT environments, this role is for you!

---

 Role Purpose:

As a Network Security Engineer, you will be responsible for ensuring the security, integrity, and confidentiality of the organization's network and systems. You will focus on installing, administering, and troubleshooting network security solutions, working with a variety of security tools and platforms, including firewalls, cloud security, containers, and endpoint protection. 

---

 Key Responsibilities:

 Security Solutions Management:

- Install, configure, and administer network security solutions, including firewalls and cloud security tools.

- Update software and firmware for network security systems with the latest security patches, ensuring defenses are up-to-date.

- Configure and support security systems such as firewalls, anti-virus software, and intrusion detection/prevention systems.

- Implement container security solutions to secure applications and services in cloud environments.

 Vulnerability & Penetration Testing:

- Conduct vulnerability assessments and penetration testing to identify potential threats and vulnerabilities.

- Develop and implement disaster recovery plans to mitigate the impact of potential security breaches.

- Monitor network traffic for signs of suspicious activity, perform threat analysis, and recommend improvements to reduce risk.

 Security Policy & Access Control:

- Create and enforce network security policies, including access controls, authorization roles, and defenses against unauthorized access, modifications, and data destruction.

- Ensure network resources are properly configured to defend against unauthorized or malicious activities.

- Provide expert advice and support to staff, managers, and executives on security best practices.

 Security Monitoring & Incident Response:

- Actively monitor network and application traffic for suspicious behavior and respond to potential security incidents.

- Identify, analyze, and respond to security breaches, providing clear documentation and resolution strategies.

- Ensure the effectiveness of security controls and defenses by reviewing security alerts and incidents.

 Training & Consultation:

- Train staff and end-users on security protocols and best practices to raise awareness and reduce human error.

- Provide technical consultations and guidance on improving security measures across all departments.

- Offer continuous education on new threats and security solutions to enhance overall organizational security posture.

---

IAM -Security Engineer

About the Role:

We are seeking an Identity and Access Management (IAM) Security Engineer with Business Analyst exposure to join our team. In this role, you will combine your technical expertise in IAM security with business analysis skills to strengthen our security landscape and enhance alignment between technology solutions and business objectives. You'll work on designing, implementing, and managing security controls while collaborating across business and technology teams to deliver value-driven solutions.

Key Responsibilities:

Stay updated on IAM security best practices and integrate approved patterns into development operations and continuous delivery/improvement processes.

Design and implement security controls to protect systems while ensuring alignment with business objectives and requirements.

Manage existing IAM and Data Protection platforms and build new capabilities to support internal and external customer needs.

Develop automated security solutions tailored to business requirements, ensuring scalability and efficiency.

Collaborate with operations teams to ensure seamless handoff, proper documentation, and full acceptance of work.

Design and consult on enterprise security control architectures to meet both technical and business goals.

Partner with business and technology teams to maintain and improve the security technology stack, including identity solutions, cloud capabilities, and audit tools.

Conduct detailed business analysis to understand stakeholder needs and translate them into technical security requirements.

Act as a liaison between business units and technology teams to ensure security solutions meet organizational goals.

Minimum Qualifications:

Experience:

Minimum 5+ years of experience in IT Security or security engineering roles, with a focus on IAM practices (e.g., Active Directory, Azure Entra, AWS IAM).

Hands-on experience in Cloud Security environments.

Expertise in developing and implementing security standards, specifications, and procedures.

Experience with security frameworks such as ISO27001 and NIST CSF.

Knowledge of regulatory requirements (e.g., SOX, PCI-DSS).

Proven ability to provide technical security guidance to diverse audiences.

Experience in business analysis, including requirements gathering, stakeholder management, and process improvement.

Strong analytical and problem-solving skills to bridge the gap between business needs and technical solutions.

Other Requirements:

Excellent communication and interpersonal skills to effectively collaborate across business and technical teams.

Flexibility to work in rotational shifts.

Proficiency in documentation and reporting tools to communicate security findings and solutions effectively.

Position: Deputy Manager / Assistant Manager & Below

Location: Gurgaon (Onsite)

Employment Type: Full-Time Employee (FTE)

Function: TMT-CST-EE – Cybersecurity Strategy & Third-Party Risk

Minimum Qualification & Requirements:

• BE / BTech (Engineering or equivalent field)
• 6–10 years of relevant experience in one or more of the following:
• SOC Reporting
• Third-Party Risk Management (TPRM)
• ITDR / ITGC
• Cloud Security
• Governance, Risk & Compliance (GRC)
• Prior experience with a Big 4 or similar consulting firm is highly desirable
• Strong verbal and written communication skills

Share Cv to

Thirega@ vysystems dot com - WhatsApp - 91Five0033Five2Three

Information Security Manager shall be primarily responsible to :

• Run and manage the BAU security infosec operations
• Create and maintain ISMS Policy and Process documents
• Ensure Infosec compliance with RBI and other regulatory agencies
• Participate in IT / Infosec Audits and ensure closure of observations within given timeliness
• Conduct regular VAPT (Vulnerability Assessments) and track closure of open observations
• Identifying and evaluating new IT security technologies and services and implementing it
• Ensure cyber security related polices and technologies are in place
• Conducting regular Inforsec Awareness within users in the organization
• The person needs to work closely with the CISO and other stakeholders – Risk, IT and Audit teams.

Key Accountability:

• Ensuring adequate security controls are in place & working effectively within the organization for information & cyber security
• Ensuring effectiveness of all IT controls to prevent any unauthorized access or activities at a system administration level
• Identify potential security weaknesses through vulnerability assessments and track them to closure within the timeliness
• Tracking and reporting key risk indicators defined for IT processes
• Create and maintain the documentation for information system audits in accordance with regulatory and compliance requirements
• Create / Review ISMS policy and process
• Implement Strategic IT Infosec projects to strengthen the overall IT Security posture

Experience:- Overall 10 to 12 years of experience of which atleast 5 to 7 years’ experience should be in Information Security. Mandatory is 5 to 7 years’ experience in Information security and with one full end to end implementation experience.

Base location: - Bengaluru - Must

Requirements: -

1. Mandatory - ISO 27001:2013 lead implementor certified
2. Mandatory - ISO 27001:2013 lead auditor certified (but if it is a good candidate, we can still consider)
3. Good to have – CISA, CISM, Risk management certification, Privacy certifications.
4. Mandatory - Atleast one end to end implementation experience of ISO 27001 standard. The candidate should have a good implementation knowledge of ISO 27001, ISO 27002 standards and is required to implement the ISO requirements and run the ISMS program for multiple countries.
5. This immediate requirement is for implementing the ISMS program for our Canadian office location. The candidate should be willing to work from Bengaluru in EST time zone during this implementation phase whenever required.
6. Good documentation skills.
7. Develop, implement, maintain, review and continually improve Information Security policies.
8. Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.
9. Manage and maintain a risk register / risk database along with risk treatment plans.
10. Good understanding of physical and environmental security.
11. Conduct Internal Audits based ISO 27001 standards and Personal Data Protection policies. A good experience in independently conducting Internal and supplier audit with respect to information security.
12. Provide training to the employees on Privacy & Information Security Management System on regular intervals.
13. The greater part of the job involves interacting with people, interviewing them / auditing, Preparing audit reports, discussing / persuading / influencing.
14. Mandatory: Good verbal and written communication skills. Eye for details.
15. Good presentation skills.
16. Since this is a trusted role, candidates must be willing to undergo extensive background checks to verify their identity, character, qualifications, skills and experience.

Experience:- Overall 10 to 12 years of experience of which atleast 5 to 7 years’ experience should be in Information Security. Mandatory is 5 to 7 years’ experience in Information security and with one full end to end implementation experience.

Base location: - Bengaluru - Must

Joining requirement: - Not later than second week of June 2023.

Requirements: -

1.      Mandatory - ISO 27001:2013 lead implementor certified

2.      Mandatory - ISO 27001:2013 lead auditor certified (but if it is a good candidate, we can still consider)

3.      Good to have – CISA, CISM, Risk management certification, Privacy certifications.

4.      Mandatory - Atleast one end to end implementation experience of ISO 27001 standard. The candidate should have a good implementation knowledge of ISO 27001, ISO 27002 standards and is required to implement the ISO requirements and run the ISMS program for multiple countries.

5.      This immediate requirement is for implementing the ISMS program for our Canadian office location. The candidate should be willing to work from Bengaluru in EST time zone during this implementation phase whenever required.

6.      Good documentation skills.

7.      Develop, implement, maintain, review and continually improve Information Security policies.

8.      Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.

9.      Manage and maintain a risk register / risk database along with risk treatment plans.

10.  Good understanding of physical and environmental security.

11.  Conduct Internal Audits based ISO 27001 standards and Personal Data Protection policies. A good experience in independently conducting Internal and supplier audit with respect to information security.

12.  Provide training to the employees on Privacy & Information Security Management System on regular intervals.

13.  The greater part of the job involves interacting with people, interviewing them / auditing, Preparing audit reports, discussing / persuading / influencing.

14.  Mandatory: Good verbal and written communication skills. Eye for details.

15.  Good presentation skills.

16.  Since this is a trusted role, candidates must be willing to undergo extensive background checks to verify their identity, character, qualifications, skills and experience.

1) Determine client needs and expectations and participate in the development of the overall client service plan. Analyse, develop, and implement information security programs, including organizational design and key processes for our clients as per plans

2)Design and develop cyber security strategies and programs for large and complex organizations

3)Define and implement cyber risk management structures, governance models, organizational transformations in the areas of cyber security

4)Develop security policies, processes, procedures. Map controls and compliance requirements. Responsible for risk assessments, gap analysis (against standards and benchmarks), risk mitigation strategy development.

4)Roll out the GRC Cybersecurity controls framework while balancing the approach with end user experience and compliance

5)Develop and tailor approaches, methods and tools to support clients cyber risk programs and initiatives

6)Provide strategic and operational advice in the areas of safeguarding critical information. Identify areas requiring improvement in the client's business processes to enable preparation of recommendations. 7)Evaluate, implement and operationalize security controls, define metrics for measure performance and establish a framework for continuous monitoring and improvement and Play substantive role in internal and external client relationship and communication

8)Interact with CxOs to define the roadmap for GRC strategy.

9Help build Cyber Transformation practice by getting involved in areas beyond engagement delivery such as pre-sales, RFP response, solution designing, competency development and Go to market strategies

10)Create or help create though leadership content in the emerging areas of Cyber Strategy and Risk Transformation .

Immediate Joiners

About Us 

Rezo.ai is an AI-Powered Contact Centre that enables enterprises to enhance customer experience and boost revenue by automating and analyzing customer agent interactions across multiple channels including voice, email, chat/WhatsApp, and social, at the required scale, whilst training agents with minimal costs 

How do we do it 

Rezo’s AI-Powered contact center leverages ground-breaking technologies in AI, ML, ASR, NLP, RPA, and predictive intelligence to transform customer experience and reduce costs by automating, analyzing social media, whilst coaching them.

Overview

Providing leadership in the information security space, helping ensure ISO and GDPR certification, and establishing, maintaining, and enforcing our security policies. Working closely with our business and technology teams to ensure awareness and adherence to the policies and procedures established.

To ensure that the security solutions being designed and delivered are aligned with the enterprise security architecture, supporting the transition of the security architecture from its current to its planned future state.

To lead and provide strategic oversight to ensure and assure the beneficial and cost-effective security change across key accounts, through the evaluation of business strategies and requirements providing advice, guidance and assurance.

Role & Responsibility

• Provide security advice and guidance to business and delivery teams ensuring solutions are consistent with the enterprise security roadmap whilst balancing business values and security risk.
• Recommend changes to IT systems to bring them into compliance with security policy, standards, blueprints and roadmaps.
• Influence stakeholders to adopt architecturally sound approaches to the management of risk.
• Advise on the translation of business requirements into secure IT solutions and migration roadmaps.
• Preparation and documentation of standard security operating procedures and protocols
• Recommend technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Advise on alternate solutions and countermeasures to mitigate identified information risks.
• Provide assurance that identified solutions or countermeasures mitigate identified information risks.
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
• Implements security improvements by assessing the current situation; evaluating trends; anticipating requirements.
• Keeps users and businesses informed by preparing performance reports; communicating system status, and owning security incidents when they arise.

Technical Skills Required

• Proven experience in the design, implementation and operation of scaled IT security services and capabilities, ideally within a large government organization or complex large-scale multi-supplier organization.
• Strong technical aptitude and exposure to ISO 27001 or similar-based security policies and standards.
• Excellent communication skills, with the ability to articulate complex technical issues into business-focused terms and communicate with Stakeholders.
• Knowledge of GDPR, its business implications and the merits of various technical approaches
• Expertise in IT security risk in a business context
• Exposure to web application security and penetration testing.
• Exposure to securing the software development life cycle and to project management disciplines.
• Excellent organizational and technical documentation skills.
• Strong understanding of Information Security including threats, attacks, and vulnerability management.
• Deep understanding of secure development practices, with practical experience of cyber security, privacy protection, cloud security, identity management, situations awareness, protective monitoring, security operations, risk management and reporting.

An enthusiastic individual with the following skills. Please do not hesitate to apply if you do not match all of it. We are open to promising candidates who are passionate about their work and are team players.

• Must have strong experience in Information Security Management system(ISMS), creation of policy, procedures and implementation.
• Operates as a key contributor to the RFP, Third-Party Risk assessment, cloud security assessment etc.
• Lead the strategic and tactical development of information security framework, risk management and new compliance initiatives
• Subject matter expertise in ISO 27001, SOC2, CCPA, CPRA, GDPR, PCI DSS and HIPAA.
• Must have a strong experience in the documentation process and reviewing MSA, SCC, SLA & DPA.
• Good knowledge of BCP/DR, Incident response, VA/PT and Audit methodologies of various compliance frameworks.
• Good knowledge of Access management, Network, Application Security, Encryption, Backup, Physical Security, ISMS Training & Awareness etc..
• Ability to deal with the customers and vendors on Security and privacy matters.
• Knowledge of Core IT processes, SDLC, network infrastructure will be useful.

• Good written, oral, and interpersonal communication skills.
• Ability to conduct research into IT security issues
• Ability to present ideas in business-friendly and user-friendly language.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Highly self-motivated and hardworking.

• Bachelor’s/master's degree in Security, Computer Science, Management Information Systems, Engineering or related field.
• Should be at least ISO 27001 lead auditor or lead implementer. 
• 3+ years of related work experience in information security governance, risk and compliance (GRC) or relevant compliance roles in the SaaS industry.

A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact, and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the benefits of being at Xoxoday.

Xoxoday is a rapidly growing fintech SaaS firm that propels business growth while focusing on human motivation. Backed by Giift and Apis Partners Growth Fund II, Xoxoday offers a suite of three products - Plum, Empuls, and Compass. Xoxoday works with more than 2000 clients across 10+ countries and over 2.5 million users. Headquartered in Bengaluru, Xoxoday is a 300+ strong team with four global offices in San Francisco, Dublin, Singapore, New Delhi.

We look forward to connecting with you. As you may take time to review this opportunity, we will wait for a reasonable time of around 3-5 days before we screen the collected applications and start lining up job discussions with the hiring manager. We however assure you that we will attempt to maintain a reasonable time window for successfully closing this requirement. The candidates will be kept informed and updated on the feedback and application status.

Qualifications & Responsibilities

Year of Experience : 3- 8 yrs

Location : Bangalore, Delhi, Mumbai, Pune

Work on ISO 27001 & NIST based Information Security Management System implementation and sustenance.

-          Responsible for SOX (IT Security Controls) and track the monthly/quarterly/annual control reports and drive effectiveness of SOX controls.

-          Work on Business Continuity Planning, IT Disaster Recovery as per ISO27001 & NIST requirements

-          Assess information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk

-          Conduct Information Systems audits covering IT infrastructure assets

-          Working knowledge in security domains such as: security governance policies and procedures, risk management, compliance, access control, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy and data protection

-          Experience in leveraging industry standards and frameworks such as ISO/IEC 27001, NIST CSF/800-171, etc.

-          Possesses certifications such as ISO27001 LA. CISSP, CISA certification- preferred

Why NCG?

WHO WE ARE DRIVES WHAT WE DO!

We Don't build the organization; we create an everlasting family. Our people express a sense of winning together when times are good and sticking together when times are tough.

Are you a Doer or Achiever?

Well, at NCG, our doors are Open for Doers and Achievers alike. We are a Cult where we create, innovate, learn and Contribute in a comfortable, transparent, and fair environment.

Joining NCG means contributing to a shared ambition for reliable work culture, tackling extraordinary technological challenges in multicultural teams, preserving your work/life balance, and more!

The Role

We are looking foran Information Security Analyst – Compliance to primarily strengthen our practice towards compliances such as HIPAA, HITRUST,etc. and ensure highest levels of security around sensitive data.

• Identifying new risks and performing risk assessments.
• Performing continuous gap analysis.
• Auditing the applications, configurations, and internal practices against standards such as HIPAA, HITRUST etc.
• Providing advice and implementing forward-thinking information security policies, procedures, and standards.
• Assisting several teams (internal and external) with best practicesand security consultations.
• Supporting with other information security activities as assigned.
• Ensuring the organizational compliance during audits and certification efforts.

Requirements:

• Demonstrated experience in implementing and maintaining security standards such as HIPAA, HITRUST, SOC2, ISO 27001 etc.
• Ability to understand and interpret legal, regulatory, and contractual compliance requirements.
• Experience in InfoSec policy creation and documentation.
• Ability to understand technology and pertaining risks.
• Knowledge on IT, Servers, SDLC, Database, etc.
• Experience working with / securing cloud-based applications is an add-on.
• 2+ years of experience.
• Excellent written and verbal communication skills.
• Relevant Security Certifications will be a good add-on.

Job Title: QA Associate 

Job Description:

1. Responsible for Implementing, controlling and monitoring quality management system documentation (ISO 27001) and data privacy (SOC2).
2. Coordinate improvement in the system through output from audit, management review, and responsible to close NC’s during audits.
3. Knowledge of SAMD (Software as Medical Device) SaaS product, processes and procedures.

3-5 years of relevant experience in Medical Devices Industry.

Area of Expertise:

• To generate, implement and maintain internal quality procedures and systems to comply with ISO 27001, SOC2 standards
• Maintaining and updating various documents like internal docs log, external log, , Obsolete docs log, DCN, ECN, CAPA, SQA/IQA log, product complaint, equipment log
• Maintaining Engineering documents like part specs, Bill of materials, Drawings, Design review documents etc
• Co-ordinate and conduct periodic internal audits of various functional groups of an organization and drive compliance to QMS.
• Manage all documentation related to internal and external audit.
• Manage all the documents related to supplier qualification and coordinate Supplier’s audit and maintain the supplier file.
• Experience in Handling of CAPA (Corrective & Preventive Actions) & Product Complaints
• Co-ordination of Management Review Meetings & its action items implementation

Experience Required:

• 3-5 years of relevant experience in Medical Devices Industry.
• Educational Qualification – Diploma/Engineering graduate, preferably Computer Science or related.
• Ability to read and understand standard requirements independently.
• Good teamwork, communication and interpersonal skills. A demonstrated commitment to company values
• Good understanding of design control, and post marketing processes
• Knowledge of FDA / EU / Indian & other national regulations is an added advantage.
• Working knowledge of an e-QMS is an added advantage.

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).

• Establish, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
• Work directly with the business units to facilitate risk assessment and risk management processes
• Develop and enhance an information security management framework
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
• Provide leadership to the enterprise's information security organization
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
• Conduct regular internal audits in compliance with applicable legal and contractual requirements, ISO 27001 and PCI DSS requirements and companies internal requirements
• Conduct regular Management reviews and update the management on information security aspects. The MRMs shall also focus on drawing Management attentions to the key areas for required management actions.
• CISO is also responsible to ensure customer audits as well as re-certification and surveillance audits and successful.
• Coordinate with relevant stakeholders to address the NC closures.
• CISO shall ensure the information incidents are responded and resolved on time to ensure compliance with legal and contractual requirements.

• Degree in business administration or a technology-related field required.
• Professional security management certification
• Minimum of 5 years of experience in a combination of risk management, information security and IT jobs
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and PCI DSS.
• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Experience with contract and vendor negotiations and management including managed services.
• Specific experience in Agile (scaled) software development or other best in class development practices.
• Experience with Cloud computing/Elastic computing across virtualized environments.

B. Aims & Goals:

You are required to work with all departments at Pelican to implement, enhance and improve ISMS, GDPR and ISAE 3402 processes. You will also be closely working with external auditor as well as top management for status and reporting.

C. Key Responsibilities:

Your primary responsibilities include:  Assist in audit planning, including the identification of processes for audit review.   Execute internal audit assignments for all locations in India, US, UK and NL. Review the effectiveness of the controls.   Identify and document audit issues and opportunities for improvement.  Prepare the audit report for internal audit assignments and discuss audit findings with senior management.   Monitor and maintain the CAPA program. Assist with follow up corrective actions and oversee timely completion.  Facilitate independent audit engagements on behalf of the company.  Assist to develop and implement process improvements and best practices across the business unit. Review policies and procedures for all areas of the business.  Develop new policies and procedures as directed or required, to improve and to collect and analyse data for review with internal stakeholders.  Take responsibility for the management and execution of internal audit assignments, production of audit reports and management of follow up actions  Involved with working across all areas of the business to ensure that processes are documented and compliant to the company’s requirements.

D. Experience level & Qualification:

a. Experience Level  4 to 5 yrs

b. Educational background  B.E / B.Sc / B.com / Bachelor’s Degree  Holds ISO 27001:2013 Certification

E. Essential Skills:  Should have participated in ISMS (ISO 27001:2013) implementation and certification process.