Senior Compliance Associate Job in Bangalore at Slice

Slice is hiring for the role of Senior Compliance Associate!

Responsibilities of the Candidate:

• Evaluate and Enhance Security Infrastructure: Assess and document information security policies, processes, and technical controls. Develop, implement, and maintain policies, procedures, and standards based on industry best practices (e.g., ISO 27001, NIST, PCI DSS). Modify existing documentation to align with industry standards, best practices, and regulatory requirements (e.g., RBI, IT Act).
• Risk Assessment and Management: Conduct security risk assessments of information systems, infrastructure, and applications. Perform technology-based gap risk assessments and third-party risk assessments. Identify, document, and maintain an information security risk register.
• Compliance and Enforcement: Ensure rigorous enforcement of security policies and standards. Perform compliance checks for user access management and security hardening standards. Prepare compliance reports and remediation plans based on periodic reviews.
• Vendor Due Diligence and Third-Party Risk Management: Conduct vendor due diligence assessments to identify security weaknesses and gaps. Provide oversight and facilitate continuous improvement of third-party risk management programs and processes.
• Security Awareness and Training: Conduct security training sessions and presentations for company personnel. Drive security awareness initiatives and regular training on security policies and requirements.
• Data Loss Prevention and Compliance Monitoring: Monitor and maintain compliance of Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) solutions. Perform compliance checks during the Software Development Life Cycle (SDLC) and ensure adherence to access control and data sanitization standards.
• Audit Representation and Security Control Automation: Participate in internal and external audits, providing representation of the company's security posture. Influence security control automation efforts to enhance security and compliance scalability.

Requirements:

• 2 to 5 years of technical experience in the Information Security area with specialization in Governance, Risk, and Compliance (GRC) domains.
• A Bachelor’s degree in Information technology or a related discipline, or equivalent work experience
• Proficiency in security policy management and a deep understanding of security standards and frameworks, such as ISO 27001, NIST, PCI DSS, ITIL, and COBIT
• Knowledge of security areas such as Auditing, Policy, Database Security, Firewall Design and Implementation, Risk Analysis, Identity Management, Vulnerability Management, Penetration Testing, Access/Entitlements Management, or Web Services is very desirable
• Possession of information security certifications, such as CISSP, CISM, CRISC, CEH, or ISO 27001, demonstrates expertise and will be an added benefit.
• Maintain awareness about the potential risks based on the business requirements they are operating in.