Compliance Engineer - Ii Job in Medibuddy

Job Summary: As an Information and Security Compliance Engineer 2, you will take a lead role in overseeing and implementing information security compliance initiatives within our organization. Working closely with various teams, you will ensure the adherence to industry standards, regulations, and internal policies related to information security. You will be responsible for conducting comprehensive compliance assessments, developing robust security policies, and driving the organization's efforts to maintain a strong security posture. The ideal candidate should possess a solid understanding of information security principles, compliance frameworks, and excellent communication skills to collaborate with stakeholders effectively. Responsibilities: Lead the development, implementation, and maintenance of information security compliance programs, policies, and procedures to align with industry standards and regulatory requirements. Conduct thorough security compliance assessments, risk assessments, and audits to identify vulnerabilities, weaknesses, and potential security risks across the organization's infrastructure, applications, and systems. Collaborate with IT and security teams to ensure that security controls are effectively designed, implemented, and monitored to maintain compliance with relevant information security standards and regulations. Monitor and evaluate the organization's security practices and controls, providing recommendations and driving remediation efforts to address identified vulnerabilities and compliance gaps. Stay informed about evolving information security laws, regulations, and best practices to ensure the organization's practices remain up-to-date and aligned with emerging requirements. Assist in responding to external audits and assessments, providing necessary evidence and documentation to demonstrate compliance with applicable information security standards. Develop and deliver comprehensive security training and awareness programs to enhance the organization's security culture and ensure compliance with security policies. Collaborate with legal and compliance teams to ensure that information security practices and policies are in compliance with applicable data privacy and protection laws. Act as a subject matter expert on information security compliance matters, providing guidance and support to internal teams and stakeholders. Participate in incident response activities, helping to investigate and address security incidents, and contributing to lessons learned and incident response improvement efforts. Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field. Relevant certifications such as CISSP, CISA, CISM, or ISO 27001 Lead Auditor are desirable. Minimum of 4-6 years of experience in information security, compliance, or related fields, with a focus on implementing and managing security controls and compliance initiatives. In-depth knowledge of information security principles, compliance frameworks (e.g., ISO 27001, NIST, GDPR), and best practices. Experience in conducting security compliance assessments, risk assessments, and audits. Familiarity with security controls for network infrastructure, systems, and applications. Strong understanding of data privacy and protection laws and their impact on information security practices. Excellent analytical and problem-solving skills, with a keen eye for detail. Effective communication and interpersonal skills to collaborate with cross-functional teams and stakeholders. Ability to work independently, manage multiple tasks, and prioritize effectively in a fast-paced environment. Strong commitment to maintaining the highest standards of integrity and ethical conduct.