Assistant Manager - Information Security - 090622

About SirionLabs:

SirionLabs, a global SaaS company, is looking for people who are driven to make a difference.

Bringing together leading innovation, unrivaled Contract Lifecycle Management expertise, and a deep commitment to customer success, SirionLabs helps the world’s leading businesses contract smarter. SirionLabs’ AI-powered Smarter Contracting Platform brings legal, procurement, and business teams together to author stronger agreements, manage risk and strengthen counterparty relationships.

Today, analyst firms such as Forrester, Spend Matters, IDC and G2 agree that SirionLabs is a leader in CLM and world-leading businesses including Vodafone, Unilever, DHL, and BNY Mellon trust SirionLabs to create, control, and manage over 5m contracts worth more than $450b, in 80+ countries around the world. SirionLabs is backed by leading VC firms and has gone through a Series D round. SirionLabs is a 700+ people company with 9 offices globally.

Job Role: Assistant Manager – Information Security

Years of Experience required: 7-10 Years

Work Location: Gurgaon

Responsibilities:

• Implement and sustain the NIST compliance program (NIST CSF, NIST 800-53, NIST 800-171, NIST 800-53, NIST 800-37 etc)
• Implement and sustain the FedRAMP, DOD-IL5/IL6, TISAX, FAR/DFAR, CMMC compliance programs
• Update and maintain the Unified Controls Framework (UCF) that aligns with organization information security policies, industry standards and regulations applicable to the company and its customers including, HIPAA, NIST 800-53, NIST 800-171, NIST CSF, FedRAMP, ISO 27701, GDPR, ISO 27001, SOC 2, CSA CCM. Routinely monitor standard and regulatory changes and keep UCF up to date
• Assist in implementing, maintaining, and monitoring ISMS policies and procedures, including but not limited to security logging and monitoring, security incident management, data leakage prevention, IT system security hardening baseline, access control, change management, backup management, patch management, vulnerability management, etc.
• Perform Privacy Impact Assessments to identify and evaluate the risks of privacy. Implement appropriate privacy controls to mitigate unacceptable risks.
• Collaborate with internal stakeholders such as Engineering, DevOps, Product, Finance, HR, Admin, IT to ensure effective implementation of UCF controls and to support remediation efforts.
• Coordinate the Information Security audits/assessments/remediation of Sirion third-party vendors/suppliers and present key risks to the management.
• Support periodic risk assessments based on ISO 27001 and ISO 31000 based Risk Assessment and Enterprise Risk Assessment (ERM).
• Co-ordinate Business Impact Analysis, ongoing BCP and DR tests.
• Maintain good knowledge of current technology trends, evaluate new technologies and undertake training to strengthen IT skills as required

Educational qualifications and certifications:

• B.E / B.Tech (IT/ CS) / MSc (CS/ (CS/IT)
• Certifications: CISSP, CISA, NSCP (at least one)

Experience:

• Have experience in the implementation of various NIST frameworks/standards (NIST CSF, NIST 800-53, NIST 800-171, NIST 800-53, NIST 800-37 etc), SOC2 Type 2, ISO 27001
• Have a good understanding of FedRAMP, GovCloud, CMMC, FAR/DFAR & CSA CSM

Organizational skills:

• Self-driven and initiator
• Ability to multi-task effectively and work under pressure
• Ability to perform general mathematical calculations (advanced excel)
• Ability to conduct research on the latest security standards as required.
• Excellent organizational skills to assess needs, organize solutions and achieve results as planned.
• Clarity and conciseness in oral and written communications.
• Ability to communicate and coordinate with internal departments and external stakeholders/auditors.