Manager - Information Security & Privacy RFx & Contracts - 300522

Gurugram, Haryana, India

Applications have closed

About SirionLabs:

SirionLabs - SaaS Product firm | is looking for people who are driven to make a difference.

Bringing together leading innovation, unrivalled Contract Lifecycle Management expertise and a deep commitment to customer success, SirionLabs helps the world’s leading businesses contract smarter. Powered by intelligence uniquely connected across the complete contract lifecycle.

SirionLabs’ easy-to-use, highly configurable Smarter Contracting Platform brings legal, procurement and business teams together to author stronger agreements, manage risk and strengthen counterparty relationships.

Today, analyst firms such as Forrester, Spend Matters and IDC agree that SirionLabs is a leader in CLM whilst world leading businesses including Vodafone, Unilever, DHL, and Morgan Stanley trust SirionLabs to create, control and manage over 5m contracts worth more than $300bn, in 100+ countries around the world. SirionLabs is backed by leading VC firms and gone through series D round. SirionLabs is a 700+ people company with 7 offices globally.


Job Role: Manager - Information Security & Privacy RFx & Contracts

Experience: 10 – 15 years

Location: Gurgaon

Responsibilities:

  • Accountability for delivery, quality, timeliness, and continuous improvement of program for Information Security and Data Privacy RFx’s and related questionnaires (Cloud security, NIST, CAIQ, SIG, custom, OneTrust, etc.) of SirionLabs prospective customers
  • Accountable for building and managing a skilled team to support business needs in line with company’s growth objective
  • Responsible for existing and prospective customer presentations and have related interactions on topics related Information Security and Data Privacy.
  • Accountable to build and maintain and up to date RFx response library and supporting artefacts in central repository.
  • Accountable for Review of SirionLabs’ Customer and Vendor/Supplier contractual documents (MSA, SOW, DPA, SCC) to validate compliance. Highlight, articulate and negotiate non-compliances and related risk with customers, suppliers, and internal business stakeholders.
  • Accountable to lead and successfully complete information security assessments/audits performed by SirionLabs customers, external and internal auditors against contractual obligations. Aligns customer obligations to internal ISMS (Information Security Management System), PIMS (Privacy Information Management System) and flow-down to vendor/supplier contracts.
  • Present program level and operational KPI based metrics and dashboards to CISO and senior management
  • Develop and foster relationships with internal stakeholders such as Engineering, DevOps, Customer Success, IT to gather and collate response & artifact for security risk questionnaires required for business proposals and for existing client and organizational data requests
  • Accountable for implementing and maintaining a program to fulfil customers contractual obligations related to information security and data privacy. Understand key Infosec obligations from SirionLabs customers and collaborate with internal functions to ensure complete implementation of the security controls related to those obligations.
  • Accountable to successfully complete periodic Risk Assessments based on organization information security policies, industry standards and regulations applicable to the company and its customers including, GDPR, ISO 27701, NIST 800-53, NIST 800-171, NIST CSF, FedRAMP, HIPAA, ISO 27001, SOC 2, CSA CCM.
  • Accountable for Data Privacy initiatives and program to maintain and fulfil SirionLabs Data Protection obligations to customer and regulators. Perform Privacy Impact Assessments, Data Transfer Impact Assessment, develop Data Flow Diagrams, Operationalize Privacy related policies and procedures etc.
  • Additional responsibilities include risk, controls, and compliance management, supporting BC/DR audit and examination activities, and development & maintenance of policies, standards & procedures that are aligned with the best practices

Educational qualifications and certifications:

  • Certifications: OSCP, GSOM, GSOC, CISSP, CCSP, CSA (at least two)
  • BE / B. Tech / BSc Computer Science with active CISSP / CISA / CIPP / CRISC

Expertise/experience

  • Strong knowledge and experience cloud security (AWS, Azure, etc.) and modern technologies like microservices, containers, multi-cloud architecture
  • Knowledge of security technologies and technology platforms security risks - LINUX/Ubuntu, Microsoft Technologies, infrastructure, and application security (secure SDLC, shift left).
  • 10+ years of relevant experience in a SaaS product company, in Customer facing roles in Information security & Data Privacy RFx’s, Contract Reviews, Facing Audits, Security and Privacy focussed assessments.
  • Deft Understanding and implementation of Information security standards, compliance such as ISO 27001, SOC 2, NIST 800-53, FedRAMP, IRAP etc. and Privacy regulations like GDPR, CCPA, etc.
  • Expertise in managing & implementing privacy framework and controls related to GDPR, conducting Privacy Impact Assessments (PIA), developing privacy policies and procedures.
  • Ability to articulate, understand and map the client information security requirements with the Organisational policies and procedures.
  • BCP/DR Planning and Coordination

Tags: Application security Audits AWS Azure CCPA CCSP CIPP CISA CISSP Cloud Compliance Computer Science CRISC DevOps FedRAMP GDPR HIPAA ISMS ISO 27001 Linux Microservices NIST OSCP Privacy SaaS SDLC Security assessment SOC 2 Ubuntu

Perks/benefits: Team events

Region: Asia/Pacific
Country: India
Job stats:  1  0  0
Category: Leadership Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.