Company Description:
Sutherland is seeking a reliable and detail-oriented person to join us as Associate Manager - Information Security, Technology Risk Management. This individual will be a self starter who will lead critical projects for Information Security globally while directly managing a 3rd Party supplier and partnering with InfoSec peers, across the globe, with the execution of select Control Audits and Risk Assessments from various Complaince like ISO27001, PCI DSS, HIPAA, HiTrust,etc
Job Description:
Key Responsibilities Areas will be as follows -
- Control Audits goal/purpose is to Identify security controls gaps, remediate and drive compliance for all accounts/programs across Sutherland.
- ALL deviations MUST be remediated or have an APPROVED Exception Request. ALL non-compliance findings will be worked with peers across InfoSec Risk and Compliance and create a remediation plan by working with respective stakeholders.
- Results are tracked, trended and reported. Meetings are hosted with Senior InfoSec Leadership: results reviewed, gaps address, risks identified, remediation progress confirmed
- Audits are performed internally and via a 3rd party audit team that this leader oversees in tandem with Regional Risk and Compliance.
- Risk Assessments to be conducted and implemented as per various Complaince requirements to protects and prevents the misuse of Sensitive Customer Information (SCI) handled in client programs, in order to:
- Proactively identify risks and vulnerabilities
- Address potential data leakage areas
- Assess Sutherland’s implementation of standards
- Identify Sensitive Customer Information (SCIN) belonging to clients.
- Remediates by tightening or establishing controls. Implements security best practices that minimize the risk & avoid incident / data breaches.
2. In addition to the above, the candidate will be asked to look beyond the task at hand and to question how can we do this better, how can we automate and improve upon business as usual, challenge the status quo so that we work smarter (not harder)
3. Demonstrate control effectiveness to the Infosec Leadership
Qualifications:
Core Infosec exp 4 yrs or IT domain exp of 5 yrs above
Infosec certifications will be added advantage
IT certification can also add value
Additional Information:
Our most successful candidates will have: - Be able to proficiently work on Excel and Powerpoint including MS Office suite - Be able to work in a fast-paced environment - Be pro-active in developing trust and professional rapport with employees and team members; work as a team-player - Have strong analytical skills; be able to interpret data, identify trends, and make suggestions for improvements - Have strong verbal and written communication skills; be able to communicate in a clear, constructive, and professional manner
