About the role
The Senior Compliance Associate will be responsible for supporting the Head of Cyber Security and Compliance in planning and coordinating the implementation of compliance requirements such as ISO 27001, PCI DSS, RBI master directions, and Vendor Security assessments. The ideal candidate is a motivated individual who has exceptional interpersonal skills and the ability to interact proactively with employees and leadership at all levels. The person in this role will need to be highly organized and able to thrive in a fast-paced environment.
What You will do
- Evaluate and Enhance Security Infrastructure: Assess and document information security policies, processes, and technical controls. Develop, implement, and maintain policies, procedures, and standards based on industry best practices (e.g., ISO 27001, NIST, PCI DSS). Modify existing documentation to align with industry standards, best practices, and regulatory requirements (e.g., RBI, IT Act).
- Risk Assessment and Management: Conduct security risk assessments of information systems, infrastructure, and applications. Perform technology-based gap risk assessments and third-party risk assessments. Identify, document, and maintain an information security risk register.
- Compliance and Enforcement: Ensure rigorous enforcement of security policies and standards. Perform compliance checks for user access management and security hardening standards. Prepare compliance reports and remediation plans based on periodic reviews.
- Vendor Due Diligence and Third-Party Risk Management: Conduct vendor due diligence assessments to identify security weaknesses and gaps. Provide oversight and facilitate continuous improvement of third-party risk management programs and processes.
- Security Awareness and Training: Conduct security training sessions and presentations for company personnel. Drive security awareness initiatives and regular training on security policies and requirements.
- Data Loss Prevention and Compliance Monitoring: Monitor and maintain compliance of Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) solutions. Perform compliance checks during the Software Development Life Cycle (SDLC) and ensure adherence to access control and data sanitization standards.
- Audit Representation and Security Control Automation: Participate in internal and external audits, providing representation of the company's security posture. Influence security control automation efforts to enhance security and compliance scalability.
- 2 to 5 years of technical experience in the Information Security area with specialization in Governance, Risk, and Compliance (GRC) domains.
- A Bachelor’s degree in Information technology or a related discipline, or equivalent work experience
- Exceptional written and interpersonal communication skills
- Proficiency in security policy management and a deep understanding of security standards and frameworks, such as ISO 27001, NIST, PCI DSS, ITIL and COBIT
- Knowledge of security areas such as Auditing, Policy, Database Security, Firewall Design and Implementation, Risk Analysis, Identity Management, Vulnerability Management, Penetration testing, Access/Entitlements Management, or Web Services is very desirable
- Strong knowledge of core security principles such as least privilege access, defense in depth, preventative vs. detective controls, network security, cloud security, application security, endpoint security, data protection, and incident response.
- Possession of information security certifications, such as CISSP, CISM, CRISC, CEH, or ISO 27001, demonstrates expertise and will be an added benefit.
- Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
- Remain vigilant while continuing to maintain and enhance the overall security of slice and the clients receiving our services.
- Maintain awareness about the potential risks based on the business requirements they are operating in.
Life at slice
Life so good, you’d think we’re kidding:
- Competitive salaries. Period.
- An extensive medical insurance that looks out for our employees & their dependants. We’ll love you and take care of you, our promise.
- Flexible working hours. Just don’t call us at 3AM, we like our sleep schedule.
- Tailored vacation & leave policies so that you enjoy every important moment in your life.
- A reward system that celebrates hard work and milestones throughout the year. Expect a gift coming your way anytime you kill it here.
- Learning and upskilling opportunities. Seriously, not kidding.
- Good food, games, and a cool office to make you feel like home. An environment so good, you’ll forget the term “colleagues can’t be your friends”.