About Searce

Searce means ‘a fine sieve’ & indicates ‘to refine, to analyze, to improve’.

It signifies our way of working: To improve to the finest degree of excellence, ‘solving for better’ every time.

Searcians are passionate improvers & solvers who love to question the status quo.

The primary purpose of all of us, at Searce, is driving intelligent, impactful & futuristic business outcomes using new-age technology.

This purpose is driven passionately by HAPPIER people who aim to become better, everyday.

Job Responsibilities:

Compliance Program Management:

• Design, implement, and continuously monitor information security compliance programs aligned with industry standards and regulatory requirements (ISO 27001, GDPR, SOC 2, NIST, PCI DSS, HIPAA, etc.).
• Ensure all security policies and controls are regularly reviewed and updated in line with changing regulations.

Risk Assessment and Mitigation:

• Conduct comprehensive risk assessments to identify potential vulnerabilities, threats, and non-compliance risks.
• Recommend and implement risk mitigation strategies and corrective actions to minimize risks and ensure ongoing compliance.

Audit and Compliance Reporting:

• Coordinate and lead internal and external security audits, ensuring preparation and adherence to audit schedules.
• Create detailed audit reports, documenting findings, risks, and remediation actions for senior leadership.
• Ensure that audit findings are addressed in a timely manner.

Policy and Procedure Development:

• Create, enforce, and update information security policies, standards, and procedures to ensure compliance with applicable regulations.
• Regularly assess the effectiveness of policies and update them as required to improve security and compliance posture.

Training and Awareness:

• Develop and execute ongoing employee training programs on security awareness, compliance obligations, and best practices.
• Foster a security-first culture by educating staff on regulatory requirements, risk factors, and their role in maintaining security.

Additional Responsibilities

Incident Management and Response:

• Collaborate with the incident response team to ensure security incidents are appropriately managed, reported, and documented in compliance with applicable regulations.
• Contribute to post-incident analysis to identify compliance gaps and recommend improvements.

Vendor and Third-Party Compliance:

• Oversee the security compliance of third-party vendors, ensuring they meet security requirements as per contractual agreements.
• Conduct assessments to ensure vendors’ adherence to data protection and security policies.

Stakeholder Engagement and Communication:

• Serve as the main point of contact for all information security compliance-related queries and concerns.
• Collaborate with cross-functional teams, including Legal, IT, and HR, to ensure that compliance requirements are met and to promote a cohesive approach to security and risk management.

Continuous Monitoring and Improvement:

• Stay updated on new regulatory requirements and cybersecurity threats, ensuring compliance strategies are proactive and effective.
• Implement continuous improvement initiatives to maintain the organization's security compliance posture.

Required Skills

Technical Skills:

• Deep understanding of information security frameworks, standards, and regulations (ISO 27001, SOC 2, PCI DSS, NIST, HIPAA, GDPR, etc.).
• Knowledge of security tools and technologies, such as SIEM, firewalls, intrusion detection systems, DLP, encryption, IAM, and vulnerability management tools and relevant 7+ Years of experience.
• Familiarity with cloud security environments and associated compliance challenges.
• Experience with GRC (Governance, Risk, and Compliance) tools is a plus.

Analytical Skills:

• Strong ability to conduct comprehensive risk assessments and identify potential security threats and vulnerabilities.
• Proficient in analyzing audit reports and security logs to identify non-compliance issues.