Senior Manager Information Security

Saviynt's AI-powered identity platform manages and governs human and non-human access to all of an organization's applications, data, and business processes. Customers trust Saviynt to safeguard their digital assets, drive operational efficiency, and reduce compliance costs. Built for the AI age, Saviynt is today helping organizations safely accelerate their deployment and usage of AI. Saviynt is recognized as the leader in identity security, with solutions that protect and empower the world’s leading brands, Fortune 500 companies and government institutions. For more information, please visit www.saviynt.com. If required for this role, you will: - Complete security & privacy literacy and awareness training during onboarding and annually thereafter - Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to): > Data Classification, Retention & Handling Policy > Incident Response Policy/Procedures > Business Continuity/Disaster Recovery Policy/Procedures > Mobile Device Policy > Account Management Policy > Access Control Policy > Personnel Security Policy > Privacy Policy Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work which directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us! Saviynt is an equal opportunity employer and we welcome everyone to our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. country: IN all locations: [Bengaluru] commitment: department: InfoSec location: Bengaluru team: Information Security WHAT YOU WILL BE DOING: Serve as the Governance POC both internally and externally. Identify governance or compliance requirements, assess risks, review required forms, and serve as liaison across cross functional teams to help achieve Info Sec objectives. Maintain compliance calendar and be accountable for the execution of various compliance assessments throughout the year, including but not limited to ISO 27001, FedRamp, PCI-DSSS, SOC 1, SOC 2. Have a working knowledge of the NIST CSF and RMF frameworks Support customer requests as they pertain to Compliance queries and to other Information Security questions, with the support of technical Info Sec members Develop and update Policies, Standards and Procedures per the organization’s policy framework Establish and lead risk management activities, including identification of risk and recommended mitigations; track and manage risks and issues from identification through closure. Establish and maintain appropriate metrics that will help measure the GRC posture of the company  Collaborate with key stakeholders to ensure successful execution of mission and business needs. Execute on GRC initiatives as defined within the security roadmap, while working with the broader Information Security team and technology teams Conduct risk assessments, compile risk registers, and track risk remediation plans Respond to requests from customers for information on our security measures Completing vendor security reviews. Optimize and automate security questionnaire process. Review security clauses in customer and vendor contracts Establish, review, and enhance security training and awareness programs Support the business with customer engagements, including attending customer calls and supporting sales teams WHAT YOU BRING: Bachelor’s degree with a minimum of 8 years of experience Knowledge of risk management processes and requirements, including NIST RMF and NIST 800-53 Rev 5 controls Experience managing Agile projects with a focus on duties related to Product Owner Experience developing executive level presentations to support Governance and broader Information Security updates to appropriate audiences Experience assessing project and technical documentation to ensure compliance with established policies, processes, and procedures. Requires sufficient technical background to be able to interpret audit and compliance requirements Ability to provide excellent written and oral communications by email, presentations, and mobile communication platforms (including: experience facilitating discussions, briefing senior managers, and conducting project meetings). Experience supervising or managing an Agile project team. Work on multiple projects and tasks concurrently Experience defining project scope and objectives, developing detailed work products (schedules, status reports, etc.), conducting project meetings, and owning responsibility for project tracking and analysis. Knowledge of local legal and regulatory security requirements including HIPAA, FedRAMP, and GDPR/privacy Flexible and collaborative approach to enabling and supporting the business Strong stakeholder and relationship management skills