Job Description:
The Information Security and Compliance Manager will be responsible for creating, maintaining, managing and monitoring all information security and compliance requirements and activities of the company. This will include, but will not be limited to the following:
Information Security and Data Privacy Ensure Information Security and Data Privacy compliance, by doing the following: Creation, updating and maintaining documents regarding data privacy and security policies and procedures Facilitate and promotes activities to create information security and data privacy awareness within the organization Perform information security risk assessments and serves as an internal auditor for information security and data privacy issues Implements information security and data privacy policies and procedures for the organization Reviews all system-related security plans throughout the organization's network, acting as a liaison to Information Systems Monitors compliance with information security and data privacy policies and procedures, referring problems to the appropriate department manager Collates current information about information security technologies, data privacy and related regulatory issues Monitors the internal control systems to ensure that appropriate access levels are maintained Prepares the disaster recovery plan and ensure that the BCP documents is updated and that BCP related activities are conducted regularly, as scheduled Spearhead the ISO internal and external audit activities, including: Training ISO audit POCs and internal auditors Coordinate with the ISO certification vendor and internal stakeholders regarding the audit plan, audit schedule, and other relevant activities regarding ISO re-certification Coordinate with the departments and with the auditors (internal and external) regarding the ISO audit findings and ensure that action plans are created, implemented and meets the requirements of the standard Ensure safety and security standards are in place and are being implemented accordingly Create or spearhead process improvement initiatives to make sure that company is in compliance with ISO standards and other regulatory requirements Provide assistance to clients and departments regarding their inquiries, concerns or activities regarding compliance to standards or policies, including HIPAA, PCI-DSS, or other similar organizations. Do tasks that may be assigned from time to timeRFL: decided to apply for a Coach position Minimum Qualifications:
Need to have led or be heavily involved in the certification of an integrated management system for quality (ISO 9001) and information security (ISO 27001) Knows how to implement and activate disaster recovery/business continuity plan Familiar with PCI-DSS, HIPAA, DPA, GDPR and other compliance requirements Proven experience in leading and managing cross-functional teams Relevant experience in BPO industry Need to have experience with internal and external audits Relevant experience demonstrating an aptitude for analyzing systems, processes and operational procedures Should be constantly updated with latest Standards & Framework for Information Security HIPAA and payment systems security controls is an advantage
