Compliance Specialist

Bengaluru, Karnataka, India | SignEasy | Full-time | Fully remote

Apply

Join Signeasy, and contribute to a paperless world
Signeasy is a leading eSignature company that offers an easy-to-use, cross-platform and cloud-based eSignature and document transaction management solution for businesses. Over 160,000 customers in 55,000 companies worldwide use Signeasy to digitize and streamline business workflows. We have collectively nurtured an environment that challenges us to be creative, while giving us the opportunity to work on products that have received multiple accolades at the global stage from the biggest technology platforms, of the likes of Apple, Google and Microsoft.

Signeasy is a Great Places To Work certified organization with Glassdoor ratings at 4.5* consistently.

Role overview:
The prime responsibilities of the Compliance Specialist role are to identify, quantify and proactively address security issues and changes in the business's risk profile. They will be responsible for the overall security of data, systems and applications; focus on improving the end-to-end risk posture, and ensure appropriate controls are implemented across the technology landscape to operate within risk appetite. This includes a risk-based approach to enable security from the start, during the adoption of emerging technology and application development. The specialist will be expected to drive effective risk & controls management and support the business through identification of control weaknesses through gap analysis and recommendations for improved security, articulation of the business impact and associated risk, and educate the business on proactive measures to remediate. 

Responsibilities: 

  • Governance, risk and compliance. Oversee the information security programs, including data protection, risk management, and compliance testing.
  • Lead compliance-related activities by planning, driving and implementing controls and procedures with respect to compliance.
  • Develop, maintain and publish corporate information security standards, procedures and guidelines and contribute to the design, implementation or continual improvement of programs focused on user awareness, compliance monitoring, and information security.
  • Develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organisational cyber activities. 
  • Design and execute audit procedures to assess and measure company compliance with its security policies and procedures.
  • Monitor advancements in information privacy laws to ensure organisational adaptation and compliance.
  • Manage compliance testing and monitoring of current and future regulatory obligations and other regulatory matters as required.
  • Conduct internal security risk assessments and security compliance audits.
  • Establish IT security audit procedures relevant to different industry standards including SOC2, ISO27001 and work with external auditors to meet the certification requirements.
  • Work with external auditors to meet the audit requirements.
  • Work with teams in various departments and get adherence to compliance and manage risks.
  • Lead the escalation and resolution of risk and compliance issues with appropriate stakeholders.
  • Develop and maintain a vendor security and compliance program.
  • Arranging third-party penetration tests and vulnerability testing by identifying and negotiating with vendors, scheduling testing, and following up on results delivery.
  • Ensure technology risk impacting the business is effectively identified, quantified, communicated and managed, including recommendations for resolution and identifying the root cause/key themes.
  • Embed threat modelling, solutions architecture, secure code review into product and application teams so they are secure from the start and compliant with risk policies and regulatory obligations.
  • Serve as a point of escalation and subject matter expert for IT Risk and Cyber domains, including vulnerability management, data protection, cloud and application security.
  • Partner with Third Party Oversight teams to ensure effective technology risk management of vendors with a focus on Cloud computing / emerging technologies.
  • Interface with Lead ISMs, Technology Leadership and Application Development teams on an ongoing basis for business as usual risk activities, reporting and project initiatives.
  • Serve as a subject matter expert for information security principles and practices (especially as they pertain to vendors and cloud security), and promote a culture of security throughout the company.

Preferred Experience: 

  • 5+ years of experience in Security and /or Risk Management and / or Corporate Technology with an aptitude in application and platform security. 
  • Strong written and verbal communication skills with ability to effectively communicate and present security risk concepts with business and technology partners. 
  • Knowledge of regulations like GDPR and HIPAA, certifications like SOC2, ISO and CFR 11
  • Strong personal leadership, collaboration, bias for action and experience working within fast-paced, complex and high-performing Digital/Agile/Scaled teams 
  • Strong analytical skills including solving and communicating complex problems, data analytics, measurement and reporting needed to drive continuous improvement. 
  • Applicable working experience designing and implementing cloud services (e.g., IaaS, PaaS, SaaS, etc.) offered from public cloud service providers (e.g., AWS, Google Cloud) 
  • Applicable working experience in multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security) 
  • Preferable Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect) 
  • Preferable experience in multiple modern development practices (e.g. microservices, containers, orchestration, continuous integration & delivery pipelines, API first, service delivery & integration) 
  • Preferable experience in Secure Software Development Life Cycle (SSDLC) (e.g. code review, risk assessments, threat modelling, static code analysis, and dynamic application scanning) 
  • Background in Quality Assurance is preferred.
  • Preferable experience working in regulated industries, in particular, leveraging technology standards, frameworks, compliance, and industry-recognized best practice / standards (e.g. NIST, ISO, PCI, SOC)

Why work with Signeasy:
Our people are our biggest assets. You will be working alongside some of the smartest, most humble people across the globe who come from diverse backgrounds and come with unparalleled experiences. We are a remote-first organization that believes in employee safety first, offering flexibility in timings and the ability to work from anywhere in the world.

You can also look forward to: Generous ill day leaves and an open door culture | Fully paid annual company offsites | Macbooks for all, including interns and temps | Home office set-up assistance | Medical insurance benefits for self and family | Sponsorship to career enrichment programs | 100% Paperless employee experience | Regular office treats and perks on the house

Hear what it is like to work for Signeasy: https://www.youtube.com/watch?v=oCY-rCTODbw
Meet Signeasy's leadership and core team: https://rb.gy/ftyfkw
Read our origin story: https://rb.gy/azsda0
Take a peek at Signeasy's culture: https://rb.gy/nvra6o/
Learn more about growth at Signeasy: https://signeasy.com/jobs/