Business Analyst Job in Peoplestrong Technologies Pvt Ltd

Job Description Key Responsibilities: Risk Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored. Internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for PeopleStrong s information and technology systems. Policy/Compliance Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations. Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation. Execute strategy for dealing with an increasing number of audits, compliance checks, and external assessment processes for internal/external auditors, SOC1, SOC2, GDPR, ISO 27001, and PDPA. Audit Conduct Internal Audits, and work with outside consultants as appropriate on required security assessments and audits Coordinate and track all information technology and security-related audits including the scope of audits, timelines, auditing agencies, and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities, and provide a consistent perspective that continually puts PeopleStrong in its best light. Provide guidance, evaluation, and advocacy on audit responses. Skill and Experience Levels 2 years of advanced IT skills with a high level of information security experience and expertise Knowledge of information security risk management frameworks and compliance practices Knowledge of securing network technologies, client, and server operating systems. Ability to develop security standards and guidelines based on best practices and industry standards Excellent interpersonal, communication, and presentation skills, including formal report-writing experience Understanding of common security and privacy standards, regulations, and laws relating to a cloud software development company (e.g., SOC 2, ISO 27001, GDPR, PDPA) Security awareness training BCP development and testing Preferred Qualifications Bachelor s degree in information technology or related field Skills in documenting risk and compliance activities Experience performing information security audits or risk assessments Familiarity with security auditing processes An understanding of policy development and dissemination