Information Security Officer

Experience: 10+years

Job Location: WFH / Hybrid

Qualifications :  B Tech / M Tech/ MCA or Higher

Work Timings: 1:30 PM IST to 10:30 PM IST

We are looking for an experienced professional with 10+ years of experience in Information Security Management, HIPAA compliance check, supporting ISO27001 certification, HIPAA compliance check certificates, along with experience in supporting SOC2 adoption, SOC2 controls.

Responsibilities :

• Define and improve the Information Security Management System (ISMS)
• Conduct an induction session on the fundamentals of information security for all the new joiners within the time frame defined by the management
• Create awareness across the organization for the preservation of confidentiality, integrity, and availability
• Ensure information security audits are conducted across projects and support functions (e.g., IT Support, DevOps/Cloud Team, HR and Training, Business Development Team, Marketing Team)
• Periodic review of information security risks across the entries  and feedback for improvement in information security risk management
• Improved policies and processes, based on internal audits, implementation of ISMS, and findings from ISO27001 certifications, HIPAA compliance checks
• Define and improve security policies and processes to ensure alignment with best practices and evolving threats
• Perform HIPAA compliance check and provide feedback to the project teams and support functions responsible for implementing the requirements of HIPAA
• Foster security awareness across the organization to promote a culture of vigilance.
• Coordinate during security incidents, ensuring timely and efficient responses.
• Oversee the implementation of information security measures, compliance with established Information Security Management Systems.
• Communicate security policies clearly throughout the organization for awareness and reinforcement across the
• Facilitate adoption of Incident Response Procedures
• Provide updates to management of the organization regarding the status of Non-Compliances to ISMS
• Provide clarity to the management regarding any resource needs for supervision, support related to ISMS
• Periodic policy review and update in case significant changes occur
• Escalate any issues/concerns to the top management
• Prepare a risk and a list of existing controls with reference to ISO27001:2022
• Support adoption of SOC2 controls, and SOC2 certifications
• Participate in Information Security Governance and provide updates, highlight issues, and risks
• Coordinate with the external lead auditors and internal stakeholders during ISO27001:2022 certifications.
• HIPAA compliance checks, etc.