Job Title

About SearceSearce means ‘a fine sieve’ & indicates ‘to refine, to analyze, to improve’.It signifies our way of working: To improve to the finest degree of excellence, ‘solving for better’ every time.Searcians are passionate improvers & solvers who love to question the status quo.The primary purpose of all of us, at Searce, is driving intelligent, impactful & futuristic business outcomes using new-age technology.This purpose is driven passionately by HAPPIER people who aim to become better, everyday.Job Responsibilities:Compliance Program Management:Design, implement, and continuously monitor information security compliance programs aligned with industry standards and regulatory requirements (ISO 27001, GDPR, SOC 2, NIST, PCI DSS, HIPAA, etc.).Ensure all security policies and controls are regularly reviewed and updated in line with changing regulations.Risk Assessment and Mitigation:Conduct comprehensive risk assessments to identify potential vulnerabilities, threats, and non-compliance risks.Recommend and implement risk mitigation strategies and corrective actions to minimize risks and ensure ongoing compliance.Audit and Compliance Reporting:Coordinate and lead internal and external security audits, ensuring preparation and adherence to audit schedules.Create detailed audit reports, documenting findings, risks, and remediation actions for senior leadership.Ensure that audit findings are addressed in a timely manner.Policy and Procedure Development:Create, enforce, and update information security policies, standards, and procedures to ensure compliance with applicable regulations.Regularly assess the effectiveness of policies and update them as required to improve security and compliance posture.Training and Awareness:Develop and execute ongoing employee training programs on security awareness, compliance obligations, and best practices.Foster a security-first culture by educating staff on regulatory requirements, risk factors, and their role in maintaining security.Additional ResponsibilitiesIncident Management and Response:Collaborate with the incident response team to ensure security incidents are appropriately managed, reported, and documented in compliance with applicable regulations.Contribute to post-incident analysis to identify compliance gaps and recommend improvements.Vendor and Third-Party Compliance:Oversee the security compliance of third-party vendors, ensuring they meet security requirements as per contractual agreements.Conduct assessments to ensure vendors’ adherence to data protection and security policies.Stakeholder Engagement and Communication:Serve as the main point of contact for all information security compliance-related queries and concerns.Collaborate with cross-functional teams, including Legal, IT, and HR, to ensure that compliance requirements are met and to promote a cohesive approach to security and risk management.Continuous Monitoring and Improvement:Stay updated on new regulatory requirements and cybersecurity threats, ensuring compliance strategies are proactive and effective.Implement continuous improvement initiatives to maintain the organization's security compliance posture.Required SkillsTechnical Skills:Deep understanding of information security frameworks, standards, and regulations (ISO 27001, SOC 2, PCI DSS, NIST, HIPAA, GDPR, etc.).Knowledge of security tools and technologies, such as SIEM, firewalls, intrusion detection systems, DLP, encryption, IAM, and vulnerability management tools and relevant 7+ Years of experience. Familiarity with cloud security environments and associated compliance challenges.Experience with GRC (Governance, Risk, and Compliance) tools is a plus.Analytical Skills:Strong ability to conduct comprehensive risk assessments and identify potential security threats and vulnerabilities.Proficient in analyzing audit reports and security logs to identify non-compliance issues.