Information Security and Compliance Manager

Bengaluru, Karnataka, India | SignEasy | Full-time

Apply

About SignEasy:
SignEasy is a cloud-based, mobile-first solution to electronically sign and fill documents from smartphones, tablets and web. People across industries such as real estate, legal, accounting, sales, insurance, human resources, logistics and more from over 180 countries use SignEasy to reduce business turnaround times, close deals faster, cut costs and delight customers by eliminating the cycle of printing, scanning and faxing of paperwork. Our latest offering, the SignEasy API suite, enables other businesses to seamlessly integrate our electronic signature platform into their workflows.
We have been a customer-first company since our roots, while caring about a team that prides in supporting each other and solving problems they feel passionate about. We have created an environment that challenges them to be creative while they work on products that have received multiple accolades at the global stage from the biggest technology platforms, of the likes of Apple, Google and Microsoft. Take a peek into our culture here

Role overview:

The prime responsibilities of the Information Security and Compliance Manager role is to identify, quantify and proactively address security issues and changes in the businesses risk profile. The  Information Security and Compliance Manager will be responsible for the overall security of data, systems and applications. The  Information Security and Compliance Manager will focus on improving the end-to-end risk posture, and ensure appropriate controls are implemented across the technology landscape to operate within risk appetite. This includes a threat driven approach to enable secure from the start adoption of emerging technology and application development. The Information Security and Compliance Manager will be expected to drive effective risk & controls management and support the business through identification of control weaknesses and recommendations for improved security, articulation of the business impact and associated risk, and educate the business on proactive measures to remediate. 

Responsibilities: 

  • Governance, risk and compliance. Be responsible for these three areas in the company.
  • Lead compliance related activities by planning, driving and implementing controls and procedures with respect to compliance.
  • Work with teams in various departments and get adherence to compliance and manage risks.
  • Ensure technology risk impacting the business is effectively identified, quantified, communicated and managed, including recommendations for resolution and identifying the root cause/key themes.
  • Embed threat modelling, solutions architecture, secure code review into product and application teams so they are secure from the start and compliant with risk policies and regulatory obligations.
  • Serve as a point of escalation and subject matter expert for IT Risk and Cyber domains, including vulnerability management, data protection, cloud and application security.
  • Partner with Third Party Oversight teams to ensure effective technology risk management of vendors with a focus on Cloud computing / emerging technologies.
  • Interface with Lead ISMs,  Technology Leadership and Application Development teams on an on-going basis for business as usual risk activities, reporting and project initiatives.

Preferred Experience: 

  • 5+ years of experience in Security and /or Risk Management and / or Corporate Technology with an aptitude in application and platform security. 
  • Strong written and verbal communication skills with ability to effectively communicate and present security risk concepts with business and technology partners. 
  • Knowledge of regulations like GDPR and HIPAA, certifications like SOC2, ISO and CFR 11
  • Strong personal leadership, collaboration, bias for action and experience working within fast paced, complex and high performing Digital/Agile/Scaled teams 
  • Strong analytical skills including solving and communicating complex problems, data analytics, measurement and reporting needed to drive continuous improvement. 
  • Applicable working experience designing and implementing cloud services (e.g., IaaS, PaaS, SaaS, etc.) offered from public cloud service providers (e.g., AWS, Google Cloud) 
  • Applicable working experience in multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security) 
  • Preferable Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect) 
  • Preferable experience in multiple modern development practices (e.g. microservices, containers, orchestration, continuous integration & delivery pipelines, API first, service delivery & integration) 
  • Preferable experience of Secure Software Development Life Cycle (SSDLC) (e.g. code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning) 
  • Background in Quality Assurance is preferred.
  • Preferable experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC) 

SignEasy's unique benefits: 
MacBooks for all - YES, even for interns and temps | Forfronters in the remote working culture. We understand the need for you to avoid your daily killer commutes and the need to stay safe during pandemics | SignEasy is at all costs an Equal Opportunity Provider: Diversity hiring and building a truly inclusive international team is our pinnacle interest to drive innovation, growth and a global outlook. (Yes, we have individuals on the team who come from interesting backgrounds and experiences, including a scuba instructor) | Generous ill day leaves and an open door culture | Fully paid annual international company offsites | *100% Home office set-up assistance [assistance is capped] | Medical insurance benefits for self and family | Sponsorship to Career Enrichment programs | 100 percent paperless employee lifecycle experience guaranteed | Regular office treats and perks on the house. 

Our Frontend expert on SignEasy turning ‘10’: https://www.youtube.com/watch?v=oCY-rCTODbw
Meet SignEasy's leadership and core team: https://rb.gy/ftyfkw
Our impressive story: https://rb.gy/azsda0
Take a peek at SignEasy's culture: https://rb.gy/nvra6o/ 
SignEasy's Timeline & Journey: https://signeasy.com/journey/
More about Careers at SignEasy: https://signeasy.com/jobs/