Information Security Specialist Job in Mindtickle

Position Responsibility Serve as the main point of contact for sales and customer teams regarding security, privacy, and compliance topics, communicating with customers and prospects through RFPs, emails, or calls. Collaborate closely with privacy, internal governance, and audit teams to gather necessary information related to compliance and controls. Work with engineering, business applications, legal, and other teams as required to fulfill customer, prospect, or third-party compliance requirements. Review customer/prospect questionnaires and security addendums, providing/building necessary information, collaterals, and resources. Maintain information security reports, RFP knowledge base, and security assets for the security due diligence process. Conduct security due diligence on new third parties and perform periodic risk reviews of existing third parties. Work flexibly across all teams in the organization, driving security RFP and third-party Risk management projects, including sales, customer success, product, and engineering. Own the third-party risk management process, including planning, scoping, needs analysis, ongoing project management, and communication with stakeholders. Utilize existing RFP management tools to maintain the knowledge base in line with changing customer needs, global standards, product releases, and updates. Undertake any other reasonable and related tasks associated with the role. Minimum Qualifications 4-6 years of experience in information security and compliance, with exposure to cloud software platforms. Extensive experience in handling customer security queries, including RFPs, questionnaires, security architecture reviews, and data protection evaluations. Strong understanding of cloud governance and technology security controls covered in SOC2, ISO 27001, NIST, HIPAA, CSA STAR, CIS, etc. Preferred certifications include CISSP, CISM, CISA, CRISC, CCSP, CEH, ISO 27001,etc. Excellent communication, interpersonal, project management, and issue-resolution skills. Strong analytical and organizational skills, with the ability to work effectively as part of a team. Experience in managing third-party risk evaluation and management processes. Demonstrated ability to learn quickly, take initiative, and drive complex projects.