Job Title

Quantiphi is an award-winning AI-first digital engineering company driven by the desire to reimagine & realize transformational opportunities at the heart of the business. We are passionate about our customers & obsessed with problem-solving to make products smarter, customer experiences frictionless, processes autonomous & businesses safer. We put together a wide array of solutions that help businesses build AI products, find & retain high-value customers, improve operating efficiency & reduce risk across several industries including but not limited to Healthcare, Insurance, Media, Retail, Manufacturing, & Consumer Products & are in partnership with Nvidia, Google Cloud, AWS, Looker, Snowflake, SAP & Tensorflow.Job Description: Manage ISMS and lead technology risk and compliance initiatives within the GRC domain.Key Responsibilities: ● Experience in IT audits, cybersecurity, or risk assessments is highly advantageous. ● Strong understanding of information security. ● Perform vendor/supplier InfoSec audit and third party vendor risk assessments. ● Address regulatory compliance needs in technology risk. ● Draft compliance reports, summarize findings, and coordinate remediation. ● Comfortable identifying issues, assessing risks, and developing practical remediation plans. ● Developing and refining GRC policies, procedures, and frameworks to ensure alignment with organizational goals, regulatory requirements, and industry standards. ● Monitoring regulatory requirements and ensuring the organization's activities comply with applicable laws, regulations, and standards. This includes overseeing compliance audits and assessments. ● In-depth knowledge of cybersecurity GRC frameworks, regulations, and industry best practices (e.g., ISO 27001, NIST Cybersecurity Framework, etc). ● Good communication and presentation skills, enabling you to articulate complex cybersecurity concepts to both technical and non-technical stakeholders. ● Extensive experience in risk assessment, compliance management, governance support. ● Proficiency in utilizing industry-standard GRC security tools, technologies, and methodologies. ● Information and privacy trainings and awareness across the organization thru conventional, online trainings and phishing simulations ● Outstanding problem-solving skills and a strategic, analytical mindset, and be able to decipher the complex GRC landscapes. ● Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degrees or certifications (e.g., CISSP, CISM, CISA, and ISO) are highly desirable. ● 4 years of Information security and/or privacy experience