Information Security & Privacy RFx & Contract Specialist - 300522

About SirionLabs:

SirionLabs - SaaS Product firm | is looking for people who are driven to make a difference.

Bringing together leading innovation, unrivalled Contract Lifecycle Management expertise and a deep commitment to customer success, SirionLabs helps the world’s leading businesses contract smarter. Powered by intelligence uniquely connected across the complete contract lifecycle.

SirionLabs’ easy-to-use, highly configurable Smarter Contracting Platform brings legal, procurement and business teams together to author stronger agreements, manage risk and strengthen counterparty relationships.

Today, analyst firms such as Forrester, Spend Matters and IDC agree that SirionLabs is a leader in CLM whilst world leading businesses including Vodafone, Unilever, DHL and Morgan Stanley trust SirionLabs to create, control and manage over 5m contracts worth more than $300bn, in 100+ countries around the world. SirionLabs is backed by leading VC firms and gone through series D round. SirionLabs is a 700+ people company with 9 offices globally.

Job Role: Information Security & Privacy RFx & Contract Specialist

Experience: 7 – 10 years

Location: Gurgaon

Responsibilities:

• Responding to Information Security and Data Privacy Request for Proposals/Information (RFx’s) and related questionnaires (Cloud security, NIST, CAIQ, SIG, custom, OneTrust, etc.) of SirionLabs prospective customers
• Lead customer’ presentations and related interactions on topics related Information Security and Data Privacy.
• Responsible for building and maintaining and up-to-date RFx response library and supporting artefacts in central repository.
• Perform Review of SirionLabs’ Customer and Vendor/Supplier contractual documents (MSA, SOW, DPA, SCC) to verify the compatibility compliance with SirionLabs’ Information security & privacy requirements. Highlight and articulate the non-compliances and related risk to the wider forum.
• Respond to all information security assessments/audits performed by SirionLabs customers, external and internal auditors. Aligns customer and internal information security objectives to the ISMS (Information Security Management System) and PIMS (Privacy Information Management System).
• Prepare metrics based periodic reports and dashboards with support from the stakeholder functions for management review
• Work with internal stakeholders such as Engineering, DevOps, Customer Success, IT to gather and collate response & artifact for security risk questionnaires required for business proposals and for existing client and organizational data requests
• Build, maintain, monitor and fulfil customers contractual obligations related to information security and data privacy. Understand key infosec obligations from SirionLabs customers and collaborate with other teams to ensure complete implementation of the security controls related to those obligations.
• Support in periodic Risk Assessments based on organization information security policies, industry standards and regulations applicable to the company and its customers including, GDPR, ISO 27701, NIST 800-53, NIST 800-171, NIST CSF, FedRAMP, HIPAA, ISO 27001, SOC 2, CSA CCM.
• Assist in performing appropriate due diligence and Information Security and Privacy Risk Assessment of IT systems, applications, new technologies, third parties etc. and implement mitigation controls
• Conducting Privacy Impact Assessments, Data Transfer Impact Assessment, developing Data Flow Diagrams, Privacy related policies and procedures etc.
• Additional responsibilities include risk, controls, and compliance management, supporting BC/DR audit and examination activities, and development & maintenance of policies, standards & procedures that are aligned with the best practices

Educational qualifications and certifications:

BE / B. Tech / BSc Computer Science with active CISSP / CISA / CIPP / CRISC

Expertise/experience

• Strong knowledge and experience cloud security (AWS, Azure, etc.) and modern technologies like microservices, containers, multi-cloud architecture
• Knowledge of security technologies and technology platforms security risks - LINUX/Ubuntu, Microsoft Technologies, infrastructure, and application security (secure SDLC, shift left).
• 7-10 years of relevant experience in a SaaS product company, in Customer facing roles in Information security RFX, Third Party Security Assessments, Audits, Security and Privacy focussed discussions.
• Exceptional communication skills, both verbally and in writing, to technical and non-technical audiences of various levels within SirionLabs or outside the organization (executives, regulators, clients, etc.).
• Deft Understanding and implementation of Information security standards, compliance such as ISO 27001, SOC 2, NIST 800-53, FedRAMP, IRAP etc. and Privacy regulations like GDPR, CCPA, etc.
• Experience in managing & implementing privacy controls related to GDPR, conducting Privacy Impact Assessments (PIA), developing privacy policies and procedures.
• Ability to articulate, understand and map the client information security requirements with the Organisational policies and procedures.
• BCP/DR Planning and Coordination

Organizational skills:

• High focus on Quality, Timeliness & Customer Delight
• Self-driven and initiator
• Highly effective cross functional (Pre-Sales, Sales, Legal, etc.) collaborator
• Ability to multi-task effectively and work under pressure
• Relationship and trust-based information security program (not authority based)
• Task finisher