Chat

iimjobs

jobseeker Logo
Now Apply on the Go!
Download iimjobs Jobseeker App and get a seamless experience for your job-hunting
23/09 Pratik
Talent Acquisition at Talent Aura

Views:162 Applications:37 Rec. Actions:Recruiter Actions:0

Manager - Information Security & Compliance - Healthcare/IT (8-20 yrs)

Pune Job Code: 982570

A Leading US Healthcare AI Driven Product Engineering and Consulting Organization is hiring for Offshore - Pune Location .

Job Title : Manager /Senior Manager Information Security and Compliance

Role Expectations in Short :

- Ensuring Information Security Protocols Followed in Products , Projects as per Client norms.

- Onshore Team Responsibilities - Network and Cloud Computing Protocols

Renewal of Certification - Soft2 and HIPAA - Healthcare

Following Compliances - Product

Client Questionnaire - Replying , Everything in place, Clients Compliance Requirements

Should participate with client for meetings, doubts

Soft2,HIPPA Compliance,HiTrust Certification

- Security and Compliance issues related - Product and Process Improvement

- The Client in Healthcare is a health data analytics company with product offerings to healthcare payers and providers in the United States of America. Its clients range from fortune 50 companies to government entities.

- The company has a strong VC backing, excellent management team from best Business schools and brilliant data engineers from top engineering colleges of the world.

Job location- Pune (Temporarily remote working)

Position Summary:

The Information Security and Compliance Manager is responsible for providing leadership on Cyber Security, driving the IT Compliance efforts including Audits .

It's a hands-on position which involves performing, supporting, reporting, and documenting the effectiveness of the programs.

Responsibilities:

- Evangelize and role model Security FIRST mindset with a deeper understanding of our domain

- Develop innovative security & compliance platforms for continuous assessment of threats, vulnerabilities, risk, regulatory and compliance across our products/application and Cloud infrastructure

- Lead cyber security engagements which involves vulnerability assessments and penetration testing, application security testing, configuration review of workstations, servers and network devices, infrastructure and network architecture review, business continuity and disaster recovery review, cyber maturity assessments, cyber framework design and review.

- Lead IT internal audits, IT attestation and assurance which includes client specific as well generic reports for performing diagnostic review, Type 1 and Type 2 examinations of SOC1 and SOC2 engagements.

- Embed threat modeling, solutions architecture, secure code review into product and application teams so they are secure from the start and compliant with risk policies and regulatory obligations.

- Collaborate with engineering and product management teams to solve security and compliance issues with minimal disruption to other business units

- Lead compliance-related activities by planning, driving, and implementing controls and procedures with respect to compliance.

- Interact with Industry experts, vendors, partners, internal staff, and auditors

- Periodic Risk Assessment and mitigation plan including management updates

- Ensure technology risk impacting the business is effectively identified, quantified, communicated, and managed.

- Analyzing existing Org data for continuous product and process improvement

- Operating with scale amid the business and tech growth of the company

Requirements:

- Engineering Graduate in Computer Science, Information Systems, or related field

- 8 to 12 years of IS experience with InfoSec leadership experience

- Thorough knowledge of strategy, security, governance, risk management, and compliance concepts

- Ability to lead and Change the Culture to Security First in every step across the organization

- Working knowledge of compliance frameworks (CIS, NIST, OWASP, PCI)

- Experience applying various OWASP Projects such as Top 10, ASVS, Proactive Controls, SCP, etc. to improve application security posture

- Security & Privacy by design code reviews

- Experience building DevSecOps ensuring code must be secure and trusted before releasing to production

- Experience with SIEM, IPS, IDS, and WAF technologies

- CISSP, CISM, GIAC Certification and/or expertise

- Security and perimeter modelling

- Platform & Cloud Security

- Understanding of various Security technologies

- Proven experience of regularly updating on all relevant vulnerabilities and security bulletins for our key technologies and providing advice on patch and upgrade requirements

- Demonstrated ability to create and successfully execute strategic security and compliance roadmap

- Experience securing various Cloud architectures and deployment strategies such as Software-as-a-service, Infrastructure-as-a-service (AWS), Platform as a service, etc

- Knowledge and understanding of relevant legal and regulatory requirements including PCI-DSS, SOC, HIPAA, GDPR

- Work with 3rd party vendors and provide Product requirements for Security/GRC compliance

- Thorough documentation abilities and process adherence culture

- Practical experience in leading internal and external compliance audits

- Excellent written and verbal communication skills

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.

Women-friendly workplace:

Maternity and Paternity Benefits

Add a note
Something suspicious? Report this job posting.