Sorry. This page is not yet translated.

SirionLabs is the leading provider of enterprise SaaS products that leverage automation and advanced analytics to enable effective post-signature management of complex services engagements (e.g. ITO and BPO) for buyers and suppliers.

Manager - Information Security - 141220
Gurgaon, IN
Job Description / Skills Required

SirionLabs - SaaS Product firm | is looking for people who – simply put – are driven to make a difference.

SirionLabs is a growth stage company building breakthrough technology in Contract Lifecycle Management. We are hosted on AWS utilizing Aurora, Redshift, Lambda and are built on Java, C#, Golang, Angular, MongoDB and Postgres.

We make data speak for itself by ingesting large volumes of machine data, support data and complex enterprise data sets. We rely on NLP (coreNLP), Neuralnets and Machine Learning technologies to improve operational efficiency and for predictive analysis.

We are a team of high energy individuals who revel in a rapid-pace, agile product development environment. We aim to build path-breaking, context-aware products that solve meaningful and complex problems. In doing so, we hope to put Indian engineering on the world map. So, if these are the ideals that excite you, there is definitely a place for you at SirionLabs!


Job Role: Associate/Analyst/Senior Analyst - Information Security

Years of Experience required: 7-10 years

Work Location: Gurgaon

Job Profile

Define, implement, and maintain the Information Security Management System (ISMS) and Privacy Information Management System (PIMS) in compliance with frameworks, standards and regulations such as ISO 27001, 22301, 27701, 27018, 31000, Service Organization Controls (SOC), SSAE 16, General Data Protection Regulation (GDPR), PrivacyShield, Australian Data Protection Act, SOX, NIST, Cyber Essentials (UK)

Develop and maintain the Unified Controls Framework that acts as a single repository of controls for SirionLabs to operate in order to align with organization information security policies, industry standards and regulations applicable to the company and its customers

Plan and execute periodic risk assessments based on ISO 27001 and 31000 based Risk Assessment and Management methodology

Maintain SOC 1 & 2 compliance, monitor & report effectiveness, manage the audit process

Define, Review and Maintain the organizational information security policies, processes, procedures and control framework in-line with ISO 27001: 2013 standard and best practices to ensure it is adequate to address the emerging risks due to changing environment and technology

Align customer and internal information security objectives to the ISMS and PIMS

Respond to RFX of prospects and customers of SirionLabs and support the calls with prospects and customers for security related questions

Respond to information security assessments performed by SirionLabs customers

Monitor and fulfill client contractual (MSA) information security obligations

Work with internal stakeholders such as Engineering, DevOps, Product, Finance, HR, Admin, IT for implementing controls for the respective functions and ensuring the continuous operating effectiveness of the controls

Prepare metrics based periodic reports and dashboards with support from the stakeholder functions for management review

Assess and review the contracts / agreements of customers and vendors for information security related clauses/ requirements

Liaise with security vendors, suppliers, service providers and external resources for new security tools for improving security.

Lead the Information Security audits / assessments / remediation of Sirion third party vendors / suppliers and present key risks to the management

Perform the Third party Risk Assessment (TPRM) of Critical Vendors

Conduct Information Security awareness and training programs for the employees as part of their induction and regular awareness

Oversee information security incident management process for incident reporting, containment, resolution and root cause analysis

Plan and co-ordinate BCP and DR tests

Conduct periodic information security review meetings with ISMS working group

Work with Engineering and Devops teams on technical implementations, and preferably be able to perform hands-on system related technical tasks as and when required (it is preferable to have a person on-board with past IT, AWS and Security administration experience.


Educational qualifications and certifications:

BE / B. Tech / BSc Computer Science with active CISSP / CISA / CRISC


In ISO 27001, SOC and 31000 based Risk Assessment and Management methodology

Implementation of ISO 27001, SSAE 16/SOC, NIST requirements

Privacy regulations

Information security support in a customer facing environment

Managing ISMS and compliance to Privacy Regulations

Security incident management, BCP DR planning and coordination

Client and Vendor security management practices

Performing and facing audits

Experience in action plan designs for control weaknesses

Experience in one or more of Linux, Microsoft, Cisco and Security technologies

Experience of implementing/Auditing Cloud Security Controls. (Preferabally AWS)

Organizational skills:

Self-driven and initiator

Ability to multi-task effectively and work under pressure

Relationship and trust-based information security program (not authority based)

Task finisher