Indusface

Indusface

Manager- Risk & Compliance

Full-Time
In Office • Bangalore
4 - 9 years of work experience
Compliance Specialist
ISO 27001
PCI DSS
TPRM
SOC type2
GDPR
DPDPA

Overview: As a Manager- Risk & Compliance based in Bangalore, you will be instrumental in implementing, maintaining, and managing robust security compliance frameworks. This role involves acting as a key liaison between internal teams, product vendors, and customer audit teams, ensuring adherence to regulatory standards and organizational policies. You will be a versatile player in security compliance, contributing to risk assessments, internal audits, and the development of security documentation.

Key Responsibilities: • Assist to Implement, maintain, and manage security compliance frameworks, including ISO 27001, PCI DSS, SOC2 Type2, GDPR, DPDPA and other regulatory standards. • Act as a liaison with product vendors, conduct Proof of Concepts (POC), and generate reports on findings. Be the conduit between Customer Audit teams and Indusface internal teams. Represent the organization for 2nd party audits by customers. For e.g. Third-party risk management audits. • Assist in conducting internal security audits to identify risks and ensure compliance with organizational policies. • Assist in performing risk assessment and management, identifying vulnerabilities, and recommending mitigation strategies. • Be a versatile player for security compliance, addressing queries and ensuring adherence to best practices. • Assist in preparing and deliver internal presentations on the organization’s security posture and compliance status. • Assist in developing, review, and update security policies and procedure documents to align with industry standards. • Manage and maintain the security review and audit charter, ensuring all compliance activities are well-documented.

Required Qualifications: • Bachelor’s degree in information security, Cybersecurity, IT, or a related field. • 4+ years of experience in security compliance, risk assessment, or IT security audits. • Knowledge of ISO 27001, PCI DSS, and other compliance frameworks. • Experience conducting risk assessments and internal audits. • Ability to analyze security risks and recommend mitigation strategies. • Documentation and policy-writing skills. • Excellent communication and presentation skills. • Ability to work independently and collaborate with cross-functional teams. • Exposure to GRC tools is needed • Certifications such as CISSP, CISA, CISM, or ISO 27001 Lead Auditor. • Hands-on experience with security tools and technologies.

Powered by