Location: Bengaluru,Karnataka,India
Experience: 12 -15 YearsLocation: Bangalore Primary Responsibilities
- Document the ISMS/IMS, FedRAMP and TX-RAMP policies and Delivery Plan documents related to GRC& Secuirty and IMS functions and review and publish within ColorTokens.
- Identify & evaluate necessary compliance and standards to meet the business requirements for the organization location wise.
- Define, Develop RACI charts for GRC& Security function as well as compliance for IMS initiative.
- Establish Internal Audit team to perform Internal audits within the organization as per the predefined plan and frequency.
- Demonstrate a practical approach to the tasks and to promote and implement best practices.
- Co-ordinate in evaluating the External vendors to be involved in compliance related IMS activities.
- Regular interaction with project teams to close dependencies
- Lead training & staff awareness sessions
- Participate and co-ordinate in External Audits and Certifications
- Track the compliance progress and report to management biweekly/monthly.
- Co-ordinate with the other functions to evaluate the vendors for various compliance activities.
- Track regulatory changes or the updates.
- Evangelize IMS & FedRAMP tasks within ColorTokens.
- Conduct Risk Assessment
- Conduct Internal Audits
Skills Required
- Experience in ISO/IEC 27001, SOC2, GDPR, FedRAMP as well as those from NIST, including 800-53 and cybersecurity framework.
- Experience in ISO27001, SOC2 & FedRAMP Internal & external audit.
- Professional security management certification is desirable, such as
- ISO 27001:2013 Lead auditor,
- CISSP - Certified Information Systems Security Professional,
- CISM - Certified Information Security Manager,
- CISA - Certified Information Systems Auditor
- CCSP - Certified Cloud Security Professional or other similar credentials.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences at various hierarchical levels, ranging from Functional Heads to professional specialists.
- 12-15 Years of relevant experience in Information Security, Risk and Compliance.
Apply to this job