Job Title

Job Description:The Analyst-Compliance officer's role is to ensure the secure operation of the Sakon information assets in accordance with our internal processes, procedures, and compliance requirements as per the relevant ISO standards, regulatory frameworks applicable to Sakon and industry best practices.Responsibilities: Establish and implement practices for Information Security aligned to Cyber Security Frameworks such as International Organization for Standardization (ISO) 2700X, National Institute of Standards and Technology (NIST) 800-53, Payment Card Industry Data Security Standard (PCI DSS), AICPA Trust Services Principles and Criteria (SOC). • Develop, implement, and maintain the organization’s security architecture to provide an effective platform to protect the organization’s assets. • Perform security reviews and compliance testing to ensure adherence to adopted security and governance frameworks. • Conduct gap assessments against security and privacy frameworks, regulations, and best practices. • Implementation of security and governance controls to address requirements of privacy like GDPR, CCPA and HIPPA. • Third party risk assessment for onboarding new vendors and annual review for existing vendors. • Perform IT Risk Management as per the ISO 31000 Risk Management Framework (RMF) and provide recommendations for applying the RMF to the organizations information systems. • Information Security Policy and Procedure Management: Creating, communicating, and maintaining IT Security policies/procedures. • Lead the development of security and privacy awareness training in conjunction with other members of the Information Security group. • Ensuring Security Awareness Trainings and refreshers are updated to current IT Security Standards. • Perform and maintain IT Risk Management for processes and technological controls as per ISO 27002 guidelines. • Managing internal audits, creating Corrective and Preventive Actions (CAPA) and tracking until closure. • Monitor change management process to ensure compliance.Skills: Complete understanding of Cyber Security compliances like SOC1 (SSAE-18), SOC2, SOC3, ISO27001, PCI- DSS, Cloud Security Alliance (CSA). • Complete understanding of Privacy Compliances and Frameworks like GDPR, CCPA and HIPPA. • Working knowledge and understanding of COBIT and ITIL Framework. • Understanding of Software Development Life Cycle (SDLC). • Integrating security practices within SDLC. • Knowledge of Information Technology trends and impact on related security procedures and processes. • Strong analytical and critical-thinking skills. • Identification and mitigation of gaps within Information Security policies and procedures. • Knowledge of identity management include authentication and authorization across internal and external IT assets of services. • High quality documentation based on relative standards. • At least one industry certification (ISO 27001 LA, CISA, CISM, CRISC, ISAAP) highly desired. • Minimum two to three years’ experience conducting security control assessments or audits. • Minimum two years' experience developing or managing a security awareness program. • High-level of attention to detail and be a self-starter with ability to work independently, multi-task and adjust to shifting priorities.Perks & Benefits: Flexible Holiday Policy (choose your own holidays) • Life & Medical Insurance • Focus on Skill Development, Re-imbursement for Certifications • Wifi-Mobile bill reimbursement • Employee wellbeing activitiesHow to Apply and Interview Process: To apply, kindly share the resume with namrata1.navadgi@.