About the role

Information Security Auditor ensuring Nextiva’s compliance with global security and privacy regulations. Collaborating with teams to monitor compliance and lead audits effectively.

Responsibilities

Assess compliance of the organization to industry standards, security frameworks, and privacy regulations.
Review and update security and privacy policies and procedures to ensure consistency with new and evolving requirements.
Plan and conduct internal audits of the design and effectiveness of the organization’s security and privacy controls, policies, processes and procedures.
Document audit findings, identify and report gaps and risks in controls, and lead remediation efforts.
Support external audits by working with the auditor and internal asset, process, and control owners to gather and submit evidence for compliance.
Keep up to date with changes in security frameworks, regulatory changes, and commercial requirements that affect the organization’s compliance, including all countries where Nextiva provides, or intends to provide, service.
Work with product development teams, infrastructure, and other parts of the organization to define policies and procedures, implement remediation plans, and monitor compliance.
Effectively use available AI tools to plan and conduct audits, develop policies and procedures, and document audits.
Perform other duties to support the security and compliance of the organization as required.
Comply with organization information security policies.

Bachelor’s degree in an IT related field or equivalent experience and 4-6 years of experience in working in IT security, software development, or IT or information security audit.
Strong knowledge of IT infrastructure and networking, including data center infrastructure, cloud infrastructure (GCP and AWS), IP networking, firewalls, IDS/IPS and endpoint security tools, backup and recovery, identity and access management, application security, and SIEM tools.
Understanding of security and privacy frameworks and regulations, including SOC 2, ISO-27001, UK Cyber Essentials, NIST, NIS2, HITRUST, PCI-DSS, HIPAA, GDPR, and CPRA.
Desired certifications – one or more of the following: CISSP (Certified Information Systems Security Professional), Certified Information Security Manager (CISM), SSCP (Systems Security Certified Practitioner), CCSP (Certified Cloud Security Professional) or CompTIA Security+.
Flexibility to work extended hours and off-hours to support global project teams.

Medical - Medical insurance coverage is available for employees, their spouse, and up to two dependent children with a limit of 500,000 INR, as well as their parents or in-laws for up to 300,000 INR.
Group Term & Group Personal Accident Insurance - Provides insurance coverage against the risk of death / injury during the policy period sustained due to an accident caused by violent, visible & external means.
Work-Life Balance - 15 days of Privilege leaves per calendar year, 6 days of Paid Sick leave per calendar year, 6 days of Casual leave per calendar year. Paid 26 weeks of Maternity leaves, 1 week of Paternity leave, a day off on your Birthday, and paid holidays.
Financial Security - Provident Fund & Gratuity.
Wellness - Employee Assistance Program and comprehensive wellness initiatives.
Growth - Access to ongoing learning and development opportunities and career advancement.