Assistant Manager Info security and compliance

Overview

Job Description (JD)

for

Assistant Manager/Sr. Executive (Compliance, Information Security)

Work Location: Manila

Designation/Role: Assistant Manager / Senior Executive

Experience: 6 to 9 years of experience in Compliance, Information Security and BCM Domains

Department: Compliance and Information Security

Work Timing: 9 hours/day; 5 days a week, should work as per US and Manila Ops shift timings

Qualifications: Graduate (any stream)

Professional Certifications: ISO27001 Lead Auditor/PCI DSS/CEH-EC council/CISA.

Budget: 85kth

ISO 27001:2022 (ISMS), HIPAA, SOC 2 Type II, HITRUST, PCI DSS, VAPT and Cyber Security Assessments, Vulnerability Management, and Third-party Risk management

• Mandatory
• Knowledge of latest ISO 27001 standard, PCI DSS, and HIPAA.
• Internal and External audit experience of ISO standards ISO 27001.
• Knowledge and audit experience of HIPAA compliance and HITRUST requirements.
• Should have knowledge/hand on experience on working on SOC 2/ HITRUST/PCI DSS, requirements.
• Should have hands-on experience in VAPT, Vulnerability management, and cyber security management.
• Should have knowledge of the basic ITGC controls/Information Security.
• Certified Lead Auditor for ISMS and Certified PCI DSS implementer.
• Experience in coordinating with vendors and internal stakeholders for different compliance and information security tasks.
• Should have knowledge of BCP/DR and conduct BCP tests.
• Experience in handling Risk Management Audits, Risk Registers, BIA processes.

Knowledge and experience of Risk Management standards

Compliance and Information Security team’s Assistant Manager/Senior Executive will be a part of the core Compliance team and will help drive, manage, implement & evaluate the certifications and compliance standards. He / She should support the organization to get certified and maintain ISO 9001, ISO 27001, HIPAA, SOC2, VAPT, PCI DSS, HITRUST, other Cyber security frameworks and assessments.

• Manage all tasks of the Compliance and Information Security team for all locations in the Philippines (Manila and Ilo Ilo).
• Communicate with internal and external stakeholders regarding all compliance-related activities.
• Participate in compliance audit programs both internally and externally for ISO, HIPAA, SOC2, VAPT, PCI DSS, and HITRUST, as and when needed.
• Develop and review company policies and procedures, handle compliance training programs, and monitor compliance related matters.
• Educate stakeholders to implement corrective actions.
• Ensure that corrective actions are adequate and have been implemented for all identified compliance deficiencies.
• Promote awareness related to information privacy and security and enforce compliance across the enterprise.
• Help implement and manage the compliance program effectively.
• Report to the MR/CISO/management about the status of compliance in the organization through detailed reports.
• Create, manage, and track effective action plans in response to audit observations and compliance violations.
• Manage and perform internal audits to identify possible weaknesses or risks in the company's information security management system.
• Perform additional audits as and when necessary.
• Assess the organization's processes to determine compliance risks and formulate necessary risk mitigation plans.
• Ensure that all employees are aware of their compliance responsibilities.
• Support teams in conducting BIA, documenting and managing risks, managing BCP incidents, and planning and conducting BCP tests.
• Working with vendors and external auditors on all audit and assessment tasks and ensuring to close the loop with them.
• Work with the vendors to perform third-party audits based on the frequency.
• Work with internal stakeholders to fill out the client questionnaires and RFP documents to submit them on time.

• Desired
• Knowledge of Information Security.
• Knowledge of PCI DSS and VAPT assessments.
• Knowledge of SOC 2, HIPAA and HITRUST Audits.
• Hands on experience of managing BCP incidents.