Own and manage the contractual certification requirements like SOC1, SOC2, ISO27001, HIPAA, and PCI DSS
Plan and conduct internal reviews and audits in line with SOC1, SOC2, ISO27001, HIPAA, and PCI-DSS.
Serve as a subject matter expert on at least 3 of the above standards/frameworks
Assist internal stakeholders and work with control owners throughout the company on the process and documentation that supports compliance requirements.
Define, Implement and Manage Policies, Procedures, Processes, and controls.
Assess design effectiveness and continually monitor operating effectiveness of controls
Conduct vendor risk assessments (Third Party Risk Management)
Properly document the audit process, (including evidence gathered), and ensure all the audit issues are tracked to closure
What skills do I need
Atleast 8+ years of relevant experience in implementing, auditing, and managing certifications like SOC1, SOC2, ISO27001, HIPAA, and PCI-DSS
Subject Matter expertise on at least 3 of the above-mentioned standards/frameworks
Work as an Individual Contributor
Experience and expertise in Vendor Risk Assessments
Ability to perform Risk Assessments and Business Impact Analysis
Be Proactive, organized, analytical, detail-oriented and persistent
Certifications preferred: CISA, CISM, CISSP
Previous Experience in a Product SaaS company is an advantage
