Security Engineer - II ( GRC ) @ Innovaccer

About The Role

We at Innovaccer are looking for an Security Engineer-II who will be responsible for Risk Assessment role in our Cyber Security Team for customer & internal activities including proprietary & public data. This role will encompass the use of a broad range of security domains (Security Questionnaires, Vendor Risk Assessment, Internal and External Audits, Writing Policies & Procedures etc.).This role would be a great opportunity to learn and grow as you would be exposed to multiple security domains across multiple cloud platforms at a single time.

A Day in the Life

• Responding to RFPs & Security Questionnaires
• Coordinating with RFP team and Legal team on reviewing security questionnaires/exhibits, BAA/MSA queries and respond to follow-ups and customer queries
• Analyzing and updating existing compliance policies, procedures and related documentations
• Implementing privacy controls & policies
• Drive Vendor Risk Assessment & Risk Management programme
• Maintaining communication and coordinating with corporate, legal and IT teams
• Implement audit controls for external audits like SOC2 Type2, HiTrusHIPAA,t, ISO27701, etc.
• Perform third party risk assessments and work on remediation of findings
• Familiar with Regulations in United States HealthCare & Middle-East
• Coordinating with internal teams for gathering evidences and presenting it to auditor
• Identify control gaps/weaknesses and formulate action plans to address

What You Need

• Understanding of different Privacy & Compliance controls of Federal & State Regulation's
• Bachelors degree in Information Technology, Computer Science Engineering preferred
• Minimum of 3-5 years of prior experience in Information Security Risk & Compliance
• Hands-on experience on HIPAA, SOCII, ISO27001:2022, HiTrust etc.
• Familiarity of compliances like GDPR, NISTSP800-53, HiTech, FedRamp, AzRamp, MARSE, etc
• Vendor Risk Assessment, Respond to RFPs & Legal Review of Security Exhibits
• Work with Corporate compliance Team for Audits
• Good to have CISSP/CISA or other relevant certifications
• Hands-on skills in Data security controls
• Ready to take up more responsibilities along-with existing role
• Understanding of Security Architecture and proficient in immediately of data security control
• Able to work independently, being a team player, ability to work well under pressure
• Familiarization with cloud like AWS, Azure & GCP
• Able to multi task, prioritize, and manage time effectively
• Collaborates effectively and communicates efficiently
• Readily available to work with teams and clients outside India in USA & Middle-East