compliance manager in bengaluru / bangalore

posted
contact
randstad india
position type
permanent
apply now

posted
location
bengaluru / bangalore
function
ITeS & BPO
position type
permanent
experience
10-12
reference number
62565
contact
randstad india

job description

compliance manager in bengaluru / bangalore

Field

Description

Position

Risk and Compliance (Managerial position)

Location

Bangalore

Reporting to

Senior Director- Risk and Compliance

 

 

 

 

 

 

 

Responsibility Areas

 

Role Description Overview:

This person will be responsible for the all activities required for managing, monitoring and maintenance of ISO 27001, ISO9001, HITRUST, HIPAA, SOC1 and SOC2 Type-2 Certification and audit process across the organization.

 

Key Responsibility Areas:

 

  • Identify and evaluate risks; understand business context and prepare reports and recommendations
  • Perform annual Risk assessments and conduct related ongoing organisational compliance monitoring activities
  • Identifying cloud-related risks and related business impact
  • Identifying risk mitigation approaches (actions, phases, manual efforts, etc.)
  • Communicating risks in business terms for prioritization
  • Work with all functional business areas to develop and maintain a corporate wide BCP program that addresses business recovery and emergency response management
  • Define, establish and implement organizational information security processes, to ensure business, regulatory, legislative and contractual requirements and obligations are met.
  • Implement internal and external ISMS audit processes, audit plan, monitor effectiveness of controls and corrective actions in cooperation with the stakeholders across the organization.
  • Manage gap analysis, compliance readiness, and compliance monitoring activities for ISO/IEC 27001,9001, SOC1, SOC2, HIPAA ,HITRUST and other regulatory security audits.
  • Coordinate external security audits, assessments and testing as well as remediation plans development and implementation.
  • Identify, assess and monitor information security risks and recommend mitigation measures.
  • Develop content, coordinate and facilitate a comprehensive organizational information security awareness training program.
  • Manage security requirements with third parties, including due diligence of products and services providers and information security requirements clauses in service provision agreements and contracts.
  • Develop, coordinate and maintain information security policies, procedures and other security related documents.
  • Analyze, map and communicate information security requirements, that derive from legislative and regulatory obligations in various jurisdictions.
  • Partner with Legal team to ensure compliance with regulatory security requirements.
  • Continually improve and update knowledge to accommodate changes to the company's regulatory environment and needs.
  • Excellent written, verbal communication and presentation skills

 

Formal Education/ Certification

  • Bachelors Degree in Information Security, Information Assurance, Computer Science, Cybersecurity, Risk Management or equivalent work experience.
  • Certifications: ISO27001 & ISO9001 Lead auditor, CISA /CISM/CISSP and/or product related certification
  • HITRUST Certified CSF Practitioner (CCSFP) will have higher weightage

 

Work Experience

  • Total 10-12 years of Experience
  • At least 8 years of experience in GRC domain
  • At least 3 years previous experience in managerial roles.

 

 

 

 

 

 

Desired Profile

  • Extensive Information security governance, risk management and compliance leadership experience in a large complex business organization.
  • Experience developing policies and standards.
  • Experience identifying, evaluating and managing risk in a complex and changing global environment.
  • Experience in risk management processes and associated reporting models.
  • Experience in third-party risk management frameworks and processes.
  • Experience discerning and designing an organizations protection needs (i.e. security controls) for information systems and networks.
  • Experience with the interpretation of regulatory requirements and guidance with support from Legal.
  • Experience developing impactful cyber security awareness materials and campaigns at a global level.
  • Experience working on a US Healthcare is preferred.
  • Experience in effectively communicating business risks related to cyber security threats.

 

 

 

Skills Required

 

  • Excellent communication skills
  • Good analytical Skills.
  • Presentation skills
  • Good knowledge of MS Excel & Power point.
  • Strong English language skills; excellent writing, presentation, interpersonal, and communication skills are required
  • Flexibility on assigned work – some work may be outside of scope listed in job function
  • Capable of working collaboratively across multiple departments
  • Desire to participate in initiatives that positively impact the teams around you
  • Strong judgment and analytical ability
  • Ability to communicate and gain support for initiatives
  • • Ability to understand and integrate cultural differences and motives and to lead cross cultural teams.

 

 

skills

compliance, Risk, GRC, HITRUST, HIPPA, Governance

qualification

B.E/B.Tech