Information Security Specialist

Who we are
Mindtickle is the market-leading revenue productivity platform that combines on-the-job learning and deal execution to get more revenue per rep. Mindtickle is recognized as a market leader by top industry analysts and is ranked by G2 as the #1 sales onboarding and training product. This year, Mindtickle was recognized for its outstanding customer support winning a Gold Stevie Award for Sales and Customer Service.
Job Snapshot
You will be joining Mindtickle’s Information Security and Privacy team, responsible for various functions related to the security, privacy, and protection of Mindtickle's growing cloud platform. Your role will involve handling Third-Party Risk Management (TPRM) / Vendor Due Diligence.
As an Information Security Specialist, you will coordinate with the internal teams for the business use case understanding and the vendors to ensure Mindtickle adheres to the highest data security standards. You should have expert knowledge of security controls, cloud infrastructure, and a deep understanding of third-party risk management. A proactive and pragmatic approach to data security and privacy is essential.

What's in it for you?

• Own the third-party risk management process, including planning, scoping, needs analysis, ongoing project management, and stakeholder communication. Categorization of vendors based on security and privacy aspects such as data processing, data residency, availability requirements, systems integration, etc.
• Understand the necessity, business context, criticality, and fitment of the vendor in the organizational context so that the right risks can be identified.
• Define and maintain applicable security and privacy due diligence requirements for each vendor category.
• Perform vendor due diligence based on the applicable requirements, highlight the risks to the business teams, and include necessary clauses in the contract to address the risks.
• Conduct security and privacy due diligence on new third parties, and perform annual reviews of the vendors as required for customer contractual requirements and internal/external audits.
• Conduct sub-processor reviews and related processes for onboarding, communication, and annual review of them.
• Work closely with the procurement team to establish and maintain a vendor due diligence process throughout the procurement cycle.
• Maintain documentation of all sub-processors and vendors to showcase in our privacy audits under Record of Processing Activities.
• Perform vendor offboarding activities such as data deletion and return and tracking them to closure.
• Work flexibly across all organizational teams, driving third-party risk management projects, including sales, customer success, product, and engineering. Undertake any other reasonable and related tasks associated with the role.

We'd love to connect with you, if you:

• Own 4-6 years of experience in information security and compliance, with exposure to cloud software platforms.
• Have extensive experience in handling third-party risk management.
• Are a strong understanding of cloud governance and technology security controls covered in SOC2, ISO 27001, NIST, HIPAA, CSA STAR, CIS, etc. Preferred certifications include CISSP, CISM, CISA, CRISC, CCSP, CEH, ISO 27001, etc. 
• Possess excellent communication, interpersonal, project management, and issue-resolution skills. 
• Have strong analytical and organizational skills, with the ability to work effectively as part of a team. 
• Are experienced in managing third-party risk evaluation and management processes. 
• Have demonstrated ability to learn quickly, take initiative, and drive complex projects.

Our culture & accolades
As an organization, it’s our priority to create a highly engaging and rewarding workplace. We offer tons of awesome perks and many opportunities for growth.
Our culture reflects our employee's globally diverse backgrounds along with our commitment to our customers, and each other, and a passion for excellence. We live up to our values, DAB, Delight your customers, Act as a Founder, and Better Together.
Mindtickle is proud to be an Equal Opportunity Employer.
All qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, disability, protected veteran status, or any other characteristic protected by law.
Your Right to Work - In compliance with applicable laws, all persons hired will be required to verify identity and eligibility to work in the respective work locations and to complete the required employment eligibility verification document form upon hire.