Information Security Manager

Location: Bengaluru,Karnataka,India

About MediBuddy: 

MediBuddy is India’s #1 end-to-end on-demand digital healthcare platform

• Provides online & offline solutions with comprehensive product offering across Consults, Labs, Medicines and Procedures. Serves 2 Mn users from Retail,
  
• Corporate and Insurance companies, through its platform, who carry out 700k transactions in a month. 
• Has pan-India network with largest base of healthcare providers & partners – 100k+ Doctors, hospitals, diagnostic centers covering over 95% of pin codes in India 

In 2015, DocsApp was founded by 

• Satish Kannan
• Enbasekar D

In 2019, Docsapp acquired MediBuddy, and merged brand came to be known as MediBuddy 

We are leaders in the use of innovative technology to enable 

• Easy discoverability and seamless accessibility of healthcare offerings 
• Zero-friction, end-to-end cashless experience for healthcare needs of our users 

Recent media coverage 

• Economic Times: Amitabh Bachchan becomes the official brand ambassador of MediBuddy • Times Now: MediBuddy on future of Digital Healthcare

Web and app Links 

• Website: https://medibuddy.in/ 
• Play store App
• App store App

Requirements: 

Have 8+ years of experience in information security risk and compliance. 

• Design, implement and execute internal control testing for all areas of IT and Information Security landscape
• Understand observations of technical assessments such as VAPT and App-Sec and liaison with internal and external stakeholders for timely closure
• Have sound understanding of risk management concepts and should be able to articulate operational and technology risk and suggest effective remediation
• Ensure compliance with required local laws, international regulations and standards relating to Information Security and Privacy
• Maintain compliance and improve the information security management system (ISMS)
• Lead Security and Privacy related initiatives in the organization
• Possess in-depth knowledge of information security, governance, compliance, assurance and IT service management related benchmarks such as ISO27001, ISO22301, ITIL, NIST, SSAE 18, ISAE 3402, SOC 2, SOC 3 etc
• Have the ability to comprehend existing and emerging privacy-related regulations and implement the same in the organization. These include the following but may not be limited to ISO27701, GDPR, PDPA, CCPA, HIPPA, HITRUST, PCI DSS, etc
• Understand cloud infrastructure components and spearhead cloud security and monitoring efforts such as ELK
• Conduct internal audit activities and manage external audits
• Upgrade and run the vendor risk management program of the organization and ensure required clauses in contractual documentation with clients and vendors
• Have working knowledge of security technologies such as Firewall, IDS, IPS, SIEM, DLP, Proxy, Web / Email Content Filtering and Anti-Virus & Malware, Encryption, etc
• Demonstrate excellent written and verbal communication and presentation skills, including the ability to interact with senior leadership and provide input to the decision-making process.
• Ideally, be certified with a combination of ISO27001/ ISO27701/ CEH/ CISA/ CRISC/CISM/ CISSP.