- Implement security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances business objectives.
- Evaluate risks and develop/review security standards, procedures, and controls to manage risks. Improves Fareportal’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Implement processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develop reporting metrics, dashboards, and evidence artifacts.
- Define and document business process responsibilities and ownership of the controls. Schedule regular assessments and testing of effectiveness and efficiency of controls and create GRC reports.
- Update security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, Payment Card Industry Data Security Standards (PCI DSS), ISO 27001, etc.
- Support vendor due-diligence process and review third-party contracts, SOW, etc
- Support internal and external audit process for relevant compliance
- Document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities.
- Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
Required skills & Qualifications :
- CISSP or CISM certification. Other relevant security certifications will be considered such as GIAC, GCIH, CEH, CSA+ certifications;
- BS/MS/BE/BTech/MBA in technology-related or information security curriculum
- Prior experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management
- Required 6-8 years of relevant experience in information security domain
- Knowledge on
- applicable information security management, governance, and compliance principles, standards, practices, laws, rules and regulations (ISO 27001, PCI DSS, GDPR, CCPA, IT Act, etc)
- cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration;
- Information systems auditing, monitoring, controlling, and assessment process;
- Risk assessment and management methodology
- Detail-oriented, ability to consistently provide high-quality products that are concise, thorough and accurate;
- Strong attention to detail with an analytical mind and outstanding problem-solving skills.
- Good communication and persuasive skills
- Work independently