Listing Description

Play a critical role in Data Privacy Risk Management, Compliance Programs and Information Security initiatives for a global SaaS tech company

About Anchanto:

Enabling Simpler, Faster and Scalable eCommerce Operations, our mission is to simplify backend eCommerce operations for businesses of all sizes through our innovative & intelligent SaaS platforms. We aim to transform the way businesses conduct eCommerce in the region, while aggressively moving towards becoming the most customer-centric company in our domain.

Our offices are spread across Singapore, Kuala Lumpur (Malaysia), Jakarta (Indonesia), Manila (Philippines), Sydney (Australia), Bangkok (Thailand), Seoul (South Korea), and Pune (India). Our diverse and multicultural fabric is woven in a way that each Anchanter gets complete freedom and opportunity to realize & explore his/her full potential.

We pride ourselves in building awesome & powerful products that have the potential to change the way businesses perceive eCommerce management. We believe in delivering anchanting experiences and aim to become the #1 customer-centric company in our domain.

The Role:

As a Lead Consultant, you will focus on supporting information security and data privacy risk and compliance program, wherein you will support security efforts to acquire and maintain industry certifications such as ISO 27001, SOC2, GDPR etc. You will be supporting the initiatives of defining the implementation of technical compliance capabilities and providing transparency to customers, prospects, and other stakeholders. 

You will work closely with the engineering, product, legal, customer success, marketing, and sales teams, as well as internal and external auditors to promote security and compliance best practices and provide comprehensive data governance.

Reporting to the Head of Compliance & Information Security, you will facilitate the development and implementation of policies and procedures, organizational privacy & Infosec training, oversight of ISO 27001 & privacy compliance program, and incidents monitoring, to name a few. You will have experience with various compliance frameworks and industry certifications such as ISO 27001, SOC2, GDPR; be able to effectively interpret and communicate the Infosec & privacy requirements to internal stakeholders and teams and produce actionable plans to meet Infosec & privacy regulations. In this role, you will be involved in sustaining the ISO & Privacy compliance programs by working collaboratively with internal teams, SMEs, external customers, vendors, auditors, and other stakeholders.

Essential Duties & Responsibilities:

• Designing and maintaining a global Information Security (InfoSec) & Data Privacy compliance program for Anchanto


• Create and own documentation to provide transparency to customers, prospects, and other stakeholders from time to time


• Collaborate cross-functionally with technology and business stakeholders to drive, track, maintain, and resolve all aspects of InfoSec & Data Privacy compliance readiness and procedures


• Maintain system of information for security relevant documentation, and all the relevant records required as per the respective standard and compliance guidelines


• Participate in information security risk assessments; identify, investigate, and document potential security exposures; propose control activities or solutions to mitigate risk including compensating controls; assist implementing approved procedures and products


• Identify and evaluate risks to technology and architecture to ensure security and compliance with corporate policies, standards, and applicable frameworks and regulatory requirements; collaborate with business to implement controls and secure solutions


• Participate in Third Party Risk Management (TPRM) for critical and non-critical vendors and provide guidance to the respective teams on implementation


• Review and assess new vulnerabilities through documented process


• Lead in the preparation of reports and presentations on compliance with relevant applicable ISO Standards & global data protection legislation and regulations


• Prepare a variety of correspondence including letters, reports, statistics, summaries, and checklists to support the processes


• Interface with external auditors to facilitate privacy audits end-to-end and ensure the right closure of the audit process


• Research global data protection laws and ensure are policies and procedures are in line


• Assist in Management of Awareness campaigns. Support and coordinate activities that foster information privacy awareness within the organization


• Maintain industry awareness and knowledge relevant to Anchanto business and industry, in core information security & risk topics by participating in professional associations, attending educational workshops, reviewing professional publications, and self-learning opportunities


• Conduct relevant and timely trainings with different functions in the organization to keep everyone abreast with the developments in the industry and most importantly the developments and achievements by the company for these compliances and standards


• Review and respond to customer questionnaires related to Data security and Privacy, security addendums, and assist sales team with RFI and RFP work as needed

Skills, Knowledge and Ability Requirements:

• Possess a bachelor’s degree in computer science, privacy, business, technology, data analytics or a related field


• 6+ years’ experience in administrator role with experience in a related area such as Information Security, Compliance, Privacy, Audit or Risk Management


• Understanding of security controls, privacy, risk management framework and compliance models is a must


• Experience with compliance programs like GDPR, SOC2, ISO 27001 is must


• Familiarity with GDPR, PDPA, International Privacy Requirements including EU Privacy


• Demonstrate ability to deal with ambiguity and seek for clarity independently, work effectively with remote, global teams in multiple time zones


• Demonstrate understanding of agile and DevOps secure software development lifecycle and ability to distinguish the core inputs and outputs in each cycle


• Familiarity with cloud architectures and platforms such as AWS/Azure/GCP


• Ability to work professionally with internal stakeholders, external independent auditors, and customers


• Ability to demonstrate critical thinking, problem solving, and decision making with professional poise


• Ability to self-motivate and work independently


• Ability to work with people from many different disciplines and cultures with varying degrees of technical aptitude


• Attention to detail and a thorough approach to problem-solving


• Able to quickly synthesize business and information security intersecting needs; ability to prioritize competing projects


• Ability to work autonomously on multiple projects with a geographically distributed team


• Certifications in information security, audit, or risk management such as: (CIPM, CIPP/E, CHPS, CIPM, CIPP, CISSP, CISA, CISM, ISSMP, ISO 27001 Lead Implementer or similar) – preferred but not mandatory


• Experience performing internal or external audits


• Delivered or helped develop an Infosec Compliance program, understand how to articulate controls, and how to design effective compensating controls where necessary

Personal Attributes

• A high adversity quotient


• Ability to work in a high-pressure role and juggle multiple deliverables


• Ability to follow up & prioritize work


• Knowledge of diverse business functions and principles 


• Excellent written and verbal English communication skills

Benefits

• A chance to build career with a fast-growing global SaaS tech company


• An opportunity to collaborate with global teams on interesting roles


• Competitive salary package


• Amazing work-life balance


• Learning opportunities

Office Location

Our new office is located in Baner, Pune and we would like this role to be based in this office

Anchanto provides equal employment opportunity, promotes diversity; actively encouraging applicants all backgrounds, ages, LGBTQ+, & those with disabilities to apply