Roles & Responsibilities
- Support security compliance audits like SOC-2, ISO 27001 and HITRUST.
- Conduct readiness assessments, coordination with stakeholders, document and controls implementations for the external audits on a regular basis.
- Perform security and technology risk assessment, and provide recommendations on risk mitigation /remediation strategies under the guidance.
- Work with the business & other stakeholders in creating and roll out security policies, processes and controls to manage technology risk and ensure effective risk governance.
- Perform routine internal audits and follow up on action items for effective compliance management.
- Regularly review, update and align the current security policies with the control infra.
- Support, participate and monitor BCP/DR plan and drills under the guidance.
- Work with team or independently manage security projects and tools.
- Assist in mapping various compliance frameworks, certifications, etc.
- Support on vendor security assessments e.g. initial kick off, follow up, remediation plans and follow ups, etc. under the guidance.
Requirements
- 7 years of relevant experience or a previous role into security technology with few years into risk, compliance and audit activities.
- Excellent implementation knowledge of various security audits like SOC 2 and ISO 27001, their expectatioins and requirements.
- Experienced in working with external auditors, as an auditor and auditee.
- Good conceptual and analytical skills on implementing security controls to protect organizational assets.
- Capable of participating in multiple projects simultaneously in an evolving and fast growing organizational culture.
- Excellent interpersonal skills, good at coordination and a team player.
- Any of the certification/s – CISA, CRISC, etc.
Preferred Qualifications/Skills
- Past experience with healthcare industry is a plus.
- Experince with medical devices, IoT devices, etc. related compliance to support regulatory requirements (FDA, etc.) and third party security audits like SOC 2, ISO 27001, MDSAP, ISO 13485, etc. is a plus.
- Good to have knowledge of cloud security.
Skills:- Medical devices, Cyber Security, Risk Management, ISO/IEC 27000-series, Stakeholder management, Documentation, Audit, BCP and Internet of Things (IOT)