GRC Analyst- information Security

Yellowai in Bengaluru, India

yellow.ai brings the best of AI+human-led conversational automation for enterprises of great repute like Schlumberger, Domino’s, Dr. Reddy’s Lab, PepsiCo, Bajaj Group, Indigo, Cipla, Siemens, MG Motors, and more. We have offices in 6 countries and have clients across 27 countries.

We’re a team of 900+ makers, who’ve shipped over 650+ Intelligent Virtual Assistants. Our Virtual Assistants converse in over 120 languages, and our platform handles more than a billion conversations every month - over 50+ channels in text and voice!

We’re also named Leading conversational AI Platform, Distinguished CX Vendor, and Advanced Virtual Assistant Provider by Gartner. They’re really critical and meet 1000+ Conversational AI Platforms. We’re thrilled to be recognized by them!

We’re one of the fastest growing SaaS leaders emerging from Asia and are backed on this journey with more than $100M in funding so far by partners like Lightspeed, Sapphire Ventures, WestBridge Capital and Salesforce Ventures. We also got honoured recently, being one of the top 10 companies to work at by ‘#LinkedinTopStartups’ and a ‘Great Place to Work at’ certification.

The purpose of this position is to provide highly skilled technical and Information Security expertise for development and implementation of the Information Security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and education; and development of policies, standards and guidelines.
If you have any questions about the company, the role or the process, write to us at careers@yellow.ai

Read more about us here .

yellow.ai provides Equal Employment Opportunity to all employees and applicants for employment without regard to race, color, religion, gender identity or expression, sex, sexual orientation, national origin, age, disability, genetic information, marital status in accordance with applicable federal, state and local laws.
    • Governance, Risk & Compliance resource with extensive experience in multiple domains of Information Security.
    • Experienced in client & program management.
    • Working knowledge in Vulnerability Assessment, Penetration Testing & Application Security Assessment.
    • Handles Vulnerability Management for entire organisation.
    • Assist organisation in internal compliance for ISO 27001, SOC2, GDPR, HIPAA, PCI DSS, NIST, etc.
    • Support in fulfilling vendor risk assessment requirements from clients of yellow.ai .
    • Assist in Risk assessment & management.
    • Assist in policies review and updates.
    • Assist in Change Management reviews.
    • Provide support in Exception management.
    • Understanding of secure development processes, S-SDLC etc.
    • Well versed in regulatory cybersecurity compliance and technical cybersecurity operations.
    • Has thorough understanding of infrastructure, application & technology stack.
    • Manages ongoing projects & stakeholder communication.
    • Prepares monthly dashboards, statistics & executive reports for Leadership.
    • Conducts relevant internal trainings, exercises, discussions etc.
    • Provides relevant subject matter expertise in cybersecurity matters.
    • Quarterly awareness trainings to be conducted.
    • Advanced IT skills with high level of Information Security experience and expertise.
    • Graduation Degree from an accredited University. Specialisation no bar.
    • Knowledge of Information Security risk management frameworks and compliance practices.
    • Knowledge of securing network technologies, client, and server operating systems.
    • Ability to develop security standards and guidelines based on best practices and industry standards.
    • Experience responding to, analyzing, and communicating information security incidents.
    • 1-3 years of planning and managing security projects.
    • Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
    • Understanding of common security standards and regulations relating to a higher education environment (e.g., PCI DSS, HIPAA, ISO2700x, NIST, etc.)
    • Must be well versed with laws affecting the higher education environment in the following areas:
      • - Privacy
      - Health Care
      - Finance
      - Research
      - Compliance
      - Local & Global Regulations
Apply