Information Security yst - Compliance
Posted on :
06-09-2024
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Description:
You will play a crucial role in INCREFF s growth journey by making our cloudbased Infrastructure Architecture more secure and compliant.
Responsibilities:
*You should be a security subject matter expert coordinating with other Information Security Product security and Engineering SMEs as needed to respond to security and compliance portions of customer RFPs in an accurate and timely fashion (i.e. within agreed upon internal SLAs) and any internal security requests.
*You should have knowledge of OWASP top 10/mobile PRD Review Threat Modelling Read Teaming Source Code review Devsecops Cloud Security Fraud and Business logic related issues Data Security.
*You should assess technical security risks in terms of impact on systems and service confidentiality integrity and availability and report and escalate results of risk assessments.
*You should support the finalization of security and compliance language in customer contracts
*You should define and update information security criterias and validation procedures.
*You should drive the endtoend policy and standards management function including the management of exceptions to policy.
*Responsible to drive the maturity of the external facing web pages that disseminates security and compliance related announcements and thought leadership to new customers and prospects.
*Responsible to drive the definition development review and ongoing maintenance of information security policies and standards in alignment with industry leading frameworks (e.g. ISO 27001GDPRSOC2).
*Support security and compliance related customer audits and internal audits as requested.
Requirements:
*3 years of related work experience in Information Security Governance Customer Trust and/or Supplier Security in the tech industry.
*Excellent communication skills to proactively communicate with stakeholders to keep them up to speed on any issues.
*Understanding of information security frameworks and compliance requirements such as ISO 27001/2 (including ISO 27017 & 18) SOC 2 Trust Services Criteria GDPR.
*Has advanced knowledge of common security risks vulnerabilities and threats and can escort these issues through triage / risk treatment conversations.
*Have driven several security and/or operational Information security processes within a company.
*Experience reviewing and negotiating contracts as it relates to security and compliance obligations
*Experience with SOC 2 evidence gathering ISO implementation GDPR compliance
Professional certifications in Information Security or Risk Management (e.g. CISA CISM CRISC CGEIT CSXP CISSP CCSK) is a plus.
*Experience working in CloudSaaSPaaSIaaS Data protection solutions Infrastructure and Business Applications architectures
*Experience with vulnerability management and helping prioritize security related work.
*Working knowledge of Windows or Linux systems related threats & incidents DNS Load Balancing SSL TCP/IP networking IDS and IPS rest APis
*Experience with InfoSec compliance / cyber security in a fast paced high growth software product company.
*Ability to collaborate with other teams to solve complex cloud security problems.
*Experience in a high growth business environment is a plus.
*Bachelor s degree in Security Computer Science Management Information Systems or related field preferred.
*Experience with vulnerability management and helping prioritize security related work.
compliance,security,iso,gdpr,soc
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
