Associate Lead Information Security

Quantiphi is an award-winning AI-first digital engineering company driven by the desire to reimagine & realize transformational opportunities at the heart of the business.

We are passionate about our customers & obsessed with problem-solving to make products smarter, customer experiences frictionless, processes autonomous & businesses safer.

We put together a wide array of solutions that help businesses build AI products, find & retain high-value customers, improve operating efficiency & reduce risk across several industries including but not limited to Healthcare, Insurance, Media, Retail, Manufacturing, & Consumer Products & are in partnership with Nvidia, Google Cloud, AWS, Looker, Snowflake, SAP & Tensorflow.

Job Description:

Manage ISMS and lead technology risk and compliance initiatives within the GRC domain.

Key Responsibilities:

Experience in IT audits, cybersecurity, or risk assessments is highly advantageous.

Strong understanding of information security.

Perform vendor/supplier InfoSec audit and third party vendor risk assessments.

Address regulatory compliance needs in technology risk.

Draft compliance reports, summarize findings, and coordinate remediation.

Comfortable identifying issues, assessing risks, and developing practical remediation plans.

Developing and refining GRC policies, procedures, and frameworks to ensure alignment with organizational goals, regulatory requirements, and industry standards.

Monitoring regulatory requirements and ensuring the organization's activities comply with applicable laws, regulations, and standards. This includes overseeing compliance audits and assessments.

In-depth knowledge of cybersecurity GRC frameworks, regulations, and industry best practices (e.g., ISO 27001, NIST Cybersecurity Framework, etc).

Good communication and presentation skills, enabling you to articulate complex cybersecurity concepts to both technical and non-technical stakeholders.

Extensive experience in risk assessment, compliance management, governance support.

Proficiency in utilizing industry-standard GRC security tools, technologies, and methodologies.

Information and privacy trainings and awareness across the organization thru conventional, online trainings and phishing simulations

Outstanding problem-solving skills and a strategic, analytical mindset, and be able to decipher the complex GRC landscapes.

Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degrees or certifications (e.g., CISSP, CISM, CISA, and ISO) are highly desirable.

4 years of Information security and/or privacy experience