Concentrix - Security Governance & Compliance Role

Role Description :

- Experience in actively contributing in establishment and Management of a Risk Management program for Third Parties or Supply Chain to detect and mitigate risks which would include establishing capability to monitor, manage and audit risks and associated actions, establish training & awareness, driving reviews and supporting internal and external audits.

- The candidate should have experience or knowledge of SSAE18, SOC2, HITRUST, PCI DSS Industry Standards.

- IT & Cyber Security technical knowledge (Intermediate level) is needed.

- Ability to think out-of-the-box and maintain balance of security risk Vs solution within the best technical and cost opportunity limits, to meet the company standard, regulatory and the contractual obligations.

- Ability to work in a team and develop strong relationship bond with the Business and Cross-Platform teams while always wearing a "ready on the toes" attitude to support the organization at his best efforts.

- Ability to achieve positive & successful results for Information Security Risk Management activity, apprising the leadership about the specific risks from their vertical, through direct interaction and tactical influence over stakeholders

Responsibilities :

- Drive Information Security Risk Management activity globally for all the third parties or Suppliers of Concentrix

- Maintain and Improve the risk management frameworks at Concentrix

- Work with business teams and support teams to drive Risk Assessments for their respective Suppliers spans

- Deliver training to teams on Risk Management

- Interpret the business contractual requirements (Technology & Information Security) to align Risk Management program

- Develop the documents as required or guiding the team responsible in development of the required documentation

- Support and manage Internal and External risks

- Handle and respond to client audits, reviews and assessments through time-bound and committed methodology

- Communicate effectively the risks, vulnerabilities, threats and findings of the assessments and reviews to senior management and relevant stakeholders and co-ordinate and govern the closure, as required

Experience :

- Experience of Risk Management for security, privacy and Compliance aspects

- Intermediate level technical knowledge of IT Security and Cyber Security for Networks, Applications, Servers, Security Tools

- A solid understanding of Risk Management Program and IT security technologies including network and application security, firewalls, access management, and data protection

- Understanding of risks, threats & vulnerabilities with a keen interest of co-relating them and strategizing remediation and mitigation through unique creative approach

- Experience and knowledge of ITES industry

- Knowledge of Data Privacy and Protection principles and its' application

- Should have good hands-on experience of controls testing like SOC1, SOC2, HITRUST, Supplier Risk Management, etc.

- Working knowledge of Security frameworks and regulations such as NIST, ISO, HITRUST CSF, HIPAA, HITECH, etc.

- Excellent communication skills, both written and verbal

- Good presentations skills and MS Excel

- Detail oriented with excellent analytical and critical thinking capability

- Bonus points for Professional Security and / or Privacy credentials / certifications like CISSP, CISA, CRISC, CISM, HCISPP, CIPP/IT, etc.

- Willingness to travel (both Domestic and International)

Max Salary: 16 LPA