HR Manager at Rolling Rock Software
Views:854 Applications:86 Rec. Actions:Recruiter Actions:83
Information Security Compliance Manager - CISM/CISSP/CISA (3-5 yrs)
Rolling Rock Software creates digital transformation platform focused on improving customer experience through innovation with offices in US and India.
We enable companies and organizations around the globe to accurately authenticate customers, patients, users, things and employees through our patented technology and suite of products.
With an ever-changing technology landscape, regulatory and interoperability requirements, product companies have to constantly innovate to stay competitive in the marketplace, Rolling Rock Software develops Innovative Software using Disruptive Technology.
Learn more about us at rollingrock.in
Information Security Compliance Manager
Job Location: Bangalore
- The Information Security Compliance Manager(ISCM) reports to the President and is knowledgeable in information security process and policies including HIPAA, ISO, internal and external IT audits, and overall IT security protections and measures.
This position ensures that the security framework and posture of Certify Global systems meets standard regulatory guidelines and policies.
The ISCM provides technical expertise in testing these policies against the Certify Global systems and advises on areas of opportunity.
This position is responsible for maintain the enterprise Information Security Management Systems (ISMS) and drive best practices on risk reduction strategies.
The ISCM will lead a governance program based on standards and policies, monitoring security compliance and regulatory information, and manage risk metrics for reporting and leading the overall management of the Certify Global ISMS.
- Bachelor's degree in Information Systems, Cybersecurity, Computer Science or related field with 5+ years of information security, systems administration, and network administration.
- Bachelor's degree in a relevant field; may substitute degree with another field of study and relevant work experience.
- Industry certifications in information security, networking, and operating system management with the following certifications preferred: CISSP, CISM, CISA, and CEH.
- 4-7 years of experience working with Security Audits including documenting processes, creating flowcharts and assessing the design and operating effectiveness of controls.
- 4-7 years of experience performing risk-based audits including risk assessment, identifying and testing key controls.
- Knowledge/experience working with IT systems and IT networks.
- Experience with ISO, PCI, HIPPA, NIST and/or HITRUST a plus.
- Excellent oral, written, and social communication skills and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
- Prior experience with security auditing, policy development, and diagnostic tools.
- High level of personal integrity, and the ability to professionally handle confidential matters with appropriate judgment and maturity.
- Preferred Language: English.
- Responsible for verifying implementation, and assists Certify Global management in adhering to information security policies and procedures for securing information systems.
- Ensures that all Information Systems are operated and maintained in accordance with security policies and practices outlined in Certify Global's Information Security Management Systems, including adherence to HIPAA, ISO, and other regulatory entities.
- Verifies that system policies, procedures, and security requirements are complied with by all staff and vendors during all phases of the security lifecycle.
- Develop reports and ensure their review, and make them available, as required, to executive management, auditors, and clients.
- Develop, maintain and publish corporate information security standards, procedures and guidelines and contribute to the design, implementation or continual improvement of programs focused on user awareness, compliance monitoring, and information security.
- Works closely with the CTO, development team, project team and leadership to perform the required duties as defined.
- Respond to incidents and manage the relationship with outside security vendors for penetration testing, log management, vulnerability testing, and similar.
- Research and implement internal software or hardware solutions to ensure proper security protection measures are achieved.
- Works with executive management and company directors to determine acceptable levels of information security risk for Certify Global.
- Manages and maintains documents related to risk assessment, asset management, continual improvement scoring, and more.
- Accountable for leading steering committee meetings related to the ISMS and tracking/reporting progress, resource and budget requirements, incident management with action plans, and general improvements direction.
- Write or assist in the development of security test plans and test procedures.
- Well versed in the System Security Life Cycle with strong ability to research technical issues and suggest resolutions.
- Manages all aspects of security related applications and automated tools.
- Analyzes problems and complete detailed technical reports for presentation to management and/or audit.
- Works well in a team environment and independently and exhibits and applies strong leadership skills.
- Adapts to the changing needs of a project.
- Ability to meet project deadlines.
- All other projects and duties as assigned.
- Plan and execute compliance testing, internal audits, and reviews. Document and communicate results of audits including any findings and provide recommendations for remediation and improvement.
- Training of staff on policies and procedures.