Information Security & Data Privacy Specialist

About SirionLabs:

SirionLabs is a leading SaaS company focused on developing leading edge AI-led solutions for the legal and contract management space. Our product is trusted by Fortune 500s and major global enterprises such as Schneider, Morgan Stanley, Qantas, Unilever, IBM, Vodafone, Alstom, and Novartis, to create, negotiate, and manage +5 million contracts worth more than US$300bn across 100+ countries around the world. As a result, SirionLabs has been recognized by major industry analyst groups such as Gartner, Forrester, Spend Matters, and IDC as a leader in the contract lifecycle management (CLM) domain.

SirionLabs recently closed a US$85 million Series D funding round, which was led by Partners Group, a leading global private markets firm, along with existing investors Avatar Growth Capital, Sequoia Capital India and Tiger Global. This fresh capital infusion will help us fuel AI R&D and expand our global footprint even further.

With over 700 people working across 10+ offices in North America, Europe, and India, SirionLabs is constantly growing and expanding its global footprint.

Requirements

Job Role: Information Security & Data Privacy Specialist

Years of Experience required: 7-10 years.

Work Location: Gurgaon

Job Profile

• Implement and Maintain compliance with data protection standards, regulations & legal requirements, including General Data Protection Regulation (GDPR), ISO 27701 - Privacy Information Management System (PIMS) and other regulations relevant for SirionLabs.
• Ensure that the organization processes the personal data of its staff, customers, providers or any other individuals in compliance with the applicable data protection rules.
• Perform periodic Privacy Impact Assessments to identify and manage privacy risks. Implement appropriate controls to mitigate unacceptable risks.
• Define, assess and review the contracts/agreements of customers and vendors for information security and data privacy related clauses/ requirements
• Respond to RFx of prospects and customers of SirionLabs and lead customer presentations and discussions on information security and data privacy topics
• Respond to information security assessments/audits performed by SirionLabs customers, external and internal auditors
• Implementation and Maintain customer contractual (MSA) information security and data privacy obligations
• Build and Maintain RFx response library
• Implement and sustain NIST compliance program.
• Plan and co-ordinate Business Impact Analysis, ongoing BCP and DR tests
• Work with internal stakeholders such as Engineering, DevOps, Customer Success, IT, Product, Finance, HR etc. for implementing controls for the respective functions and ensuring the continuous operating effectiveness of the controls.
• Prepare metrics based periodic reports and dashboards with support from the stakeholder functions for management review
• Support Information Security Governance, Operations, Compliance Programs
• Support periodic Risk Assessments based on organization information security policies, industry standards and regulations applicable to the company and its customers including, GDPR, ISO 27701, NIST 800-53, NIST 800-171, NIST CSF, FedRAMP, HIPAA, ISO 27001, SOC 2, CSA CCM.
• Support in conducting Information Security awareness and training programs for the employees as part of their induction and regular awareness
• Support information security incident management process for incident reporting, containment, resolution, and root cause analysis.

Educational qualifications and certifications:

• BE / B. Tech / BSc Computer Science. CISA, CISM, CISSP, CIPP/E preferred
• Must have - Certified Information Privacy Manager (CIPM)

Requirements

Expertise/experience

• Direct hands-on experience in implementing, and managing GDPR, ISO 27701 - Privacy Information Management System (PIMS), ISO 22301 - Business continuity management systems
• Full ITGC lifecycle (implementation, sustenance, monitoring, reporting, remediating, continuous improvement)
• Facing audits - customer, regulatory, independent third party
• Managing ISMS and compliance to Privacy Regulations
• Experience of implementing/auditing Cloud Security Controls. (Preferably, AWS)

Organizational skills:

• Self-driven and initiator
• Ability to multi-task effectively and work under pressure
• Relationship and trust-based information security program (not authority based)
• Task finisher

SirionLabs is an Equal Opportunity Employer

We value diversity in our workforce, we are an equal opportunity employer and do not discriminate based on race, colour, gender, religion, national origin, ancestry, age, disability, medical condition, genetic information, military & veteran status, marital status, pregnancy, gender identity, sexual orientation, or any other characteristics protected by local laws, regulations, and ordinance.

We also make reasonable accommodations for disabled employees and applicants as required by law.

We follow these principles in all areas of employment including recruitment, training, promotions, compensation, benefits, transfer, and social and recreational programs