Senior Manager - Compliance - with a leading authentication company (Hybrid)
Purpose of the Role
- Help organizations manage risks and avoid lawsuits by ensuring business operations are performed in compliance with state and central laws.
- Tasked with everything from developing company policies, creating metrics to help track compliance and performing compliance audits.
- Studying laws related to our industry and ensure that the company conducts business according to new regulations that arise.
- Responsible for analyzing the gaps, designing and implementing the strategies to maintain internal and external compliances, security and privacy both, as per the overall business requirements
- Manage the client/ prospective client queries/ requirements to understand the IT security and privacy framework of the organization and head the audits conducted by the clients or external organizations
- Enabling organization in setting up global footprint while complying with policies and procedures governed by the local law.
Qualification - Minimum Bachelor's degree in Computer science, Law, Information Security or a related field or equivalent experience.
Prior Work Experience- Min. 10-12 years' experience in Security, Privacy and Regulatory Compliances
- Experience in global standards for IT security and privacy compliances.
- Experience in Quality Management
Job Description - Experience in implementing controls for ISO 27001, 9001, 27701, 22301, NIST, GDPR, CCPA, HIPPA etc.
- Experience in documenting policies and procedures, templates, flow diagrams.
- Experience in Risk Management, business continuity management and related audits.
- Exposure to Anti-Bribery, Anti Money laundering and Anti-Corruption compliance.
Key Responsibilities- Work at a rapid pace with Strategy, Product and Business Teams in multiple areas to making and ensuring all services and products are compliance to security, privacy, and applicable regulatory compliance such as RBI, SEBI, IRDA and UIDAI guideline for video KYC etc.
- Work with documenting, reviewing, and updating various policies and procedures for Information Security, Privacy, and other applicable compliance.
- Maintain a sound understanding of the business activities and applicable laws and regulations.
- Work on Risk Assessment, risk mitigation, for Security, Business Continuity and Privacy.
- Implementation and management of BCMS Policy, Process, BIA, Periodic Testing activities documentation, update, and control implementation.
- Implementing, monitoring, and enforcing best practices and controls promoting enterprise-level security strategy and conducting internal audits in these areas and facing external audits.
- Conduct/support risk assessment, plans to enforce compliance requirements, address identified risks for business, work with CISO to improve the enterprise-wide security architecture
- Conduct ongoing reviews and prioritize gaps to ensure they are addressed appropriately.
- Researching on potential impact of the various international legal, privacy, and regulatory framework pertaining to strategic plan of the organization and take timely action to address the requirement.
- Ensure and improve compliance level of all products and services.
- Reporting Compliance Metrics for all service and products to CISO and Management as defined.
- Work on assigned projects related to Product and processes as per priority and management decisions.
- Co-ordinating and advising the internal stakeholders in security and privacy compliance related issues for new Products, Tools and internal processes
Key Skills- Knowledge of different industry regulations, privacy /GDPR and associated technical controls
- Knowledge of Business Continuity Management System, Privacy controls, Internal/External Audits
- Keen and adept for research related to various regulations as per requirement and documentation of policy & procedures, process flows.
- Excellent communication and presentation skills