Quality and Risk Management

About The Position

Requirements

• Minimum of a bachelor's degree or foreign equivalent required from an accredited institution.
• Will also consider three years of progressive experience in the specialty in lieu of every year of education.
• At least 7 years of experience related to the job description.
• Applicants for employment in the U.S. must possess work authorization which does not require sponsorship by the employer for a visa (H1B or otherwise).
• The job entails sitting as well as working at a computer for extended periods of time.
• Should be able to communicate by telephone, email or face to face.

Nice To Haves

• Implementation knowledge of Information Security, Business Continuity, Data Privacy, Cloud Security Management Models and guidelines like ISO 27001, ISO 27701, ISO 27017, ISO 27018, ISO 22301, NIST, CISA, SOC 1, SOC 2 etc. is preferable.

Responsibilities

• Security Controls implementation
• Overall Program management
• Conduct Risk Assessment
• Help stakeholder in closing the assessment gaps
• Aligning the policies and procedures with respect to Risk / Information security
• Co-ordination between delivery / functional teams
• Implementation of control objectives
• Define and implement change initiatives
• Auditing IT vendors periodically in terms of their compliance to Information security standards as per MSA/contract
• Auditing the IT infrastructure components, say, servers, networks, applications (both internal and third party), scanning the vulnerabilities, define appropriate controls and certify them to use it in our business
• Conduct Internal Audits on process compliance (Risk audits-confidentiality, Integrity and Availability, IP audits, Information Security audits)
• Facilitate external audits with certifying bodies and ensure certification / Recertification (ISO 27001, SSAE 16 – SOC1, etc.,)
• Facilitate Client risk audits on Information security, vulnerabilities etc., by coordinating with all internal / client stakeholders
• Handling all Security Incidents, Audit Non-conformities, Process deviations, Complaints pertaining to Risk and ensure that the process owners are defining and implementing the relevant corrective / preventive actions and close the same
• Facilitating Periodical Risk review meetings with leadership team
• Risk reporting
• Co-ordination between different BPO client managers / Engagement Managers / Functional teams to get the right information and publish metrics, status reports and initiatives dashboard to all internal and external stakeholders
• Identify continuous process improvement opportunities, define, and implement best practices, driving improvement culture across the organization