vultr - Privacy & TPRM Analyst, India
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• Minimum of 3-5 years of work experience in IT/Security Compliance/Audit function (or equivalent). • Educational Qualification: Bachelor’s degree or equivalent experience. • Proven experience in compliance,privacy, risk, business continuity, and/or IT security program management. • Excellent written communications to internal and external audiences, including senior leadership. • Experience collaborating with cross-functional teams, including legal, procurement, engineering, infrastructure, security, suppliers, etc. • Ability to succeed in a team environment or work as an individual contributor • Familiarity with the security and compliance standards/regulations, specifically SOC 2, ISO 27001, ISO 27701, NIST 800-53, NIST CSF, FedRAMP, DPDPA, GDPR, PCI DSS and HIPAA. • Understanding of concepts related to information security domains such as Cloud Computing, Data Privacy, Physical Security, Identity and Access Management, Encryption, Vulnerability Management, Incident Response, etc. • Applicants must have work authorization that does not require sponsorship from the company now or in the future. • Bonus but not required - CIPP, CTPRM or equivalent certification. • Experience with Supplier Life Cycle Management - Vendor Contracting Process and Third-Party Risk Management Programs for Cloud providers. • Must be able to collaborate in US time zones • Must be able to start employment within 45 days of offer of employment • Self-starter and requires minimal direction from leadership. • Methodical and diligent with outstanding planning abilities • Able to meet deadlines and handle multiple priorities. • Strong ability to negotiate with business partners to attain successful outcomes. • Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget, and on time. • Ability to present and effectively communicate with all levels of the organization. • Flexible with the ability to multitask, effectively prioritize, and work under pressure • Advocate of continuous improvement and industry-recognized best practice • INCLUSION & PRIVACY
Responsibilities
• Conduct vendor Business Impact Analysis (BIA) and Data Privacy assessments. • Complete third-party risk assessments for all new vendors. • Ensure third-party risk assessments include an in-depth Business Impact Analysis (BIA) and Data Protection Impact Assessment (DPIA), supporting BCP/DR and Privacy programs. • Continually reevaluate vendors based on their criticality level to identify/document any changes that may impact on Constant’s risk exposure, data privacy, mitigation strategies, etc. • Coordinate the collection of required security assessment artifacts (e.g., audit reports, privacy policies, compliance documentation, incident response plan, disaster recovery/business continuity plans, etc.) from (new and existing) vendors periodically. • Prioritize assessments that require technical reviews/PoC to Security Engineering. • Prepare and monitor the status of each vendor risk assessment (software, data center, etc.) and communicate the status with key stakeholders regularly. • Update and document due diligence tracking with real-time status and escalate issues and concerns (e.g., oversight deficiencies, program concerns, and open risk items). • Own and update control evidence related to TPRM to ensure readiness for internal assessments and external audits. • Document program processes and procedures to ensure all updates to the TPRM program are captured and accessible to relevant parties. • Support the sales department in completing customer TPRM questionnaires and being the point of contact for security, governance and IT-related inquiries as needed. • Answering queries on global data privacy processing and protection requirements from internal stakeholders. • Escalating any potential data breaches for investigation and resolution. • Creating and maintaining documentation, privacy notices, privacy statements, SOPs, work instructions and guidance notes in cooperation with Legal, SecOps, GRC, Trust & Safety and other teams. • Assist in the continued development and maintenance of a comprehensive privacy program which minimizes risk and maintains the confidentiality of personal information of customers, employees and other applicable company data. • Preparing reports on regulatory compliance as needed.
No credit card. Takes 10 seconds.