We at Innovaccer are looking for an Security Engineer - II who will be responsible for Risk Assessment role in our Cyber Security Team for customer & internal activities including proprietary & public data. This role will encompass the use of a broad range of security domains (Security Questionnaires, Vendor Risk Assessment, Internal and External Audits, Writing Policies & Procedures etc.). This role would be a great opportunity to learn and grow as you would be exposed to multiple security domains across multiple cloud platforms at a single time.
A Day in the Life
- Responding to RFPs & Security Questionnaires
- Coordinating with RFP team and Legal team on reviewing security questionnaires/exhibits, BAA/MSA queries and respond to follow-ups and customer queries
- Analyzing and updating existing compliance policies, procedures and related documentations
- Implementing privacy controls & policies
- Drive Vendor Risk Assessment & Risk Management programme
- Maintaining communication and coordinating with corporate, legal and IT teams
- Implement audit controls for external audits like SOC 2 Type 2, HIPAA, HiTrust, ISO 27701, etc.
- Perform third party risk assessments and work on remediation of findings
- Familiar with Regulations in United States Health Care & Middle-East
- Coordinating with internal teams for gathering evidences and presenting it to auditor
- Identify control gaps / weaknesses and formulate action plans to address
What You Need
- Understanding of different Privacy & Compliance controls of Federal & State Regulations
- Bachelor s degree in Information Technology, Computer Science Engineering preferred
- Minimum of 3-5 years of prior experience in Information Security Risk & Compliance
- Hands-on experience on HIPAA, SOC II, ISO 27001:2022, HiTrust etc.
- Familiarity of compliances like GDPR, NIST SP 800-53, HiTech, FedRamp, AzRamp, MARS E, etc
- Vendor Risk Assessment, Respond to RFPs & Legal Review of Security Exhibits
- Work with Corporate compliance Team for Audits
- Good to have CISSP/ CISA or other relevant certifications
- Hands-on skills in Data security controls
- Ready to take up more responsibilities along-with existing role
- Understanding of Security Architecture and proficient in immediately of data security control
- Able to work independently, being a team player, ability to work well under pressure
- Familiarization with cloud like AWS, Azure & GCP
- Able to multi task, prioritize, and manage time effectively
- Collaborates effectively and communicates efficiently
- Readily available to work with teams and clients outside India in USA & Middle-East
