Information Security & Data Privacy Specialist Job in Sirionlabs

Job Role: Information Security & Data Privacy Specialist

Years of Experience required: 7-10 years.

Work Location: Gurgaon

Job Profile

• Implement and Maintain compliance with data protection standards, regulations & legal requirements, including General Data Protection Regulation (GDPR), ISO 27701 - Privacy Information Management System (PIMS) and other regulations relevant for SirionLabs.
  
• Ensure that the organization processes the personal data of its staff, customers, providers or any other individuals in compliance with the applicable data protection rules.
• Perform periodic Privacy Impact Assessments to identify and manage privacy risks. Implement appropriate controls to mitigate unacceptable risks.
  
• Define, assess and review the contracts/agreements of customers and vendors for information security and data privacy related clauses/ requirements
• Respond to RFx of prospects and customers of SirionLabs and lead customer presentations and discussions on information security and data privacy topics
  
• Respond to information security assessments/audits performed by SirionLabs customers, external and internal auditors
• Implementation and Maintain customer contractual (MSA) information security and data privacy obligations
• Build and Maintain RFx response library
• Implement and sustain NIST compliance program.
  
• Plan and co-ordinate Business Impact Analysis, ongoing BCP and DR tests
• Work with internal stakeholders such as Engineering, DevOps, Customer Success, IT, Product, Finance, HR etc. for implementing controls for the respective functions and ensuring the continuous operating effectiveness of the controls.
• Prepare metrics based periodic reports and dashboards with support from the stakeholder functions for management review
• Support Information Security Governance, Operations, Compliance Programs
• Support periodic Risk Assessments based on organization information security policies, industry standards and regulations applicable to the company and its customers including, GDPR, ISO 27701, NIST 800-53, NIST 800-171, NIST CSF, FedRAMP, HIPAA, ISO 27001, SOC 2, CSA CCM.
• Support in conducting Information Security awareness and training programs for the employees as part of their induction and regular awareness
• Support information security incident management process for incident reporting, containment, resolution, and root cause analysis.

Educational qualifications and certifications:

• BE / B. Tech / BSc Computer Science. CISA, CISM, CISSP, CIPP/E preferred
• Must have - Certified Information Privacy Manager (CIPM)