SirionLabs is the leading provider of enterprise SaaS products that leverage automation and advanced analytics to enable effective post-signature management of complex services engagements (e.g. ITO and BPO) for buyers and suppliers.
SirionLabs - SaaS Product firm | is looking for people who – simply put – are driven to make a difference.
SirionLabs is a growth stage company building breakthrough technology in Contract Lifecycle Management. We are hosted on AWS utilizing Aurora, Redshift, Lambda and are built on Java, C#, Golang, Angular, MongoDB and Postgres.
We make data speak for itself by ingesting large volumes of machine data, support data and complex enterprise data sets. We rely on NLP (coreNLP), Neuralnets and Machine Learning technologies to improve operational efficiency and for predictive analysis.
We are a team of high energy individuals who revel in a rapid-pace, agile product development environment. We aim to build path-breaking, context-aware products that solve meaningful and complex problems. In doing so, we hope to put Indian engineering on the world map. So, if these are the ideals that excite you, there is definitely a place for you at SirionLabs!
Job Role: Associate/Analyst/Senior Analyst - Information Security
Years of Experience required: 7-10 years
Work Location: Gurgaon
Define, implement, and maintain the Information Security Management System (ISMS) and Privacy Information Management System (PIMS) in compliance with frameworks, standards and regulations such as ISO 27001, 22301, 27701, 27018, 31000, Service Organization Controls (SOC), SSAE 16, General Data Protection Regulation (GDPR), PrivacyShield, Australian Data Protection Act, SOX, NIST, Cyber Essentials (UK)
Develop and maintain the Unified Controls Framework that acts as a single repository of controls for SirionLabs to operate in order to align with organization information security policies, industry standards and regulations applicable to the company and its customers
Plan and execute periodic risk assessments based on ISO 27001 and 31000 based Risk Assessment and Management methodology
Maintain SOC 1 & 2 compliance, monitor & report effectiveness, manage the audit process
Define, Review and Maintain the organizational information security policies, processes, procedures and control framework in-line with ISO 27001: 2013 standard and best practices to ensure it is adequate to address the emerging risks due to changing environment and technology
Align customer and internal information security objectives to the ISMS and PIMS
Respond to RFX of prospects and customers of SirionLabs and support the calls with prospects and customers for security related questions
Respond to information security assessments performed by SirionLabs customers
Monitor and fulfill client contractual (MSA) information security obligations
Work with internal stakeholders such as Engineering, DevOps, Product, Finance, HR, Admin, IT for implementing controls for the respective functions and ensuring the continuous operating effectiveness of the controls
Prepare metrics based periodic reports and dashboards with support from the stakeholder functions for management review
Assess and review the contracts / agreements of customers and vendors for information security related clauses/ requirements
Liaise with security vendors, suppliers, service providers and external resources for new security tools for improving security.
Lead the Information Security audits / assessments / remediation of Sirion third party vendors / suppliers and present key risks to the management
Perform the Third party Risk Assessment (TPRM) of Critical Vendors
Conduct Information Security awareness and training programs for the employees as part of their induction and regular awareness
Oversee information security incident management process for incident reporting, containment, resolution and root cause analysis
Plan and co-ordinate BCP and DR tests
Conduct periodic information security review meetings with ISMS working group
Work with Engineering and Devops teams on technical implementations, and preferably be able to perform hands-on system related technical tasks as and when required (it is preferable to have a person on-board with past IT, AWS and Security administration experience.
Educational qualifications and certifications:
BE / B. Tech / BSc Computer Science with active CISSP / CISA / CRISC
In ISO 27001, SOC and 31000 based Risk Assessment and Management methodology
Implementation of ISO 27001, SSAE 16/SOC, NIST requirements
Information security support in a customer facing environment
Managing ISMS and compliance to Privacy Regulations
Security incident management, BCP DR planning and coordination
Client and Vendor security management practices
Performing and facing audits
Experience in action plan designs for control weaknesses
Experience in one or more of Linux, Microsoft, Cisco and Security technologies
Experience of implementing/Auditing Cloud Security Controls. (Preferabally AWS)
Self-driven and initiator
Ability to multi-task effectively and work under pressure
Relationship and trust-based information security program (not authority based)