Job Description

ZS is a place where passion changes lives. As a management consulting and technology firm focused on transforming global healthcare and beyond, our most valuable asset is our people. Here you\'ll work side-by-side with a powerful collective of thinkers and experts shaping solutions from start to finish. At ZS, we believe that making an impact demands a different approach and that\'s why here your ideas elevate actions, and here you\'ll have the freedom to define your own path and pursue cutting-edge work. We partner collaboratively with our clients to develop products that create value and deliver company results across critical areas of their business including portfolio strategy, customer insights, research and development, operational and technology transformation, marketing strategy and many more. If you dare to think differently, join us, and find a path where your passion can change lives. Our most valuable asset is our people. At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems-the ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. ZS IT Support teams are aligned with the company\'s business strategy and operating model and aims to provide its 10000 plus employees and their clients the right tools and information for high performance. The IT organization focuses on providing products and services to ZS to ensure successful business outcomes. This involves providing a scalable, sustainable and reliable IT infrastructure, customized applications, messaging and collaboration products, Business Intelligence and Database administration support along with a reliable 24.7 uninterrupted high-quality technology support services. Specialist -Compliance and Audit We are currently seeking applicants for the position of Specialist - Risk Management and Audit to join our India IT Governance, Risk and Compliance team. The position will support various management directed, IT risk governance initiatives which include following job requirements: Ensure risk and control activities are completed in a timely and appropriate manner Act as SME supporting functional managers in understanding and applying responsibilities towards risk and compliance providing recommendations as appropriate Lead any Security Framework Implementation (Like ISO 27001, NIST, etc.) Provide first line of defense support in assessing risk and reviewing control issues Documentation of control procedures, standards and guidelines, etc. Report control issues and follow up on non-compliances with Functional leadership to mitigate and close the issues Co-ordinate and Track the tickets / findings in areas below to closure IT Operational Risks and Information Security Risks Control Self assessments Internal/External Audit findings with appropriate CAPA BCP / Disaster recovery Problem tickets with root cause analysis Audit event co-ordination, Audit liaison and issue closure oversight (SOC 2 Type 2, ISO 27001, etc.) Lead pre-audit preparation activities with stakeholders (SOC 2 Type 2, ISO 27001, etc.) Control conformance monitoring Identification and application of required governance for risk and control issues using appropriate toolsets Generate regular reports for Senior Management Ensure that Risk and Compliance activities associated are regularly reviewed to drive continuous improvement: providing Subject advice, making recommendations and interventions as appropriate Responsibilities: Asist in prioritizing and planning risk management activities Working with Risk Lead to review, prioritize and assign identified control gaps Support Risk Owners and Tech teams in documenting control procedures, guidelines, etc. Audit / Regulator engagement & issue management (SOC 2 Type 2, ISO 27001, etc.) Technology Infrastructure Specific Risk/Compliance Metrics reporting Control Execution / Control remediation oversight and escalation Risk acceptance / Deviation review Ensure risk and control activities are completed in a timely and appropriate manner applying the correct governance route Act as SME supporting functional units in understanding and applying responsibilities towards risk and compliance providing recommendations as appropriate. Retain oversight of all active governance activity across all relevant key risks under Technology Infrastructure Operations. Create / review/ continuous update of the risk library Report and publish control issues and active non-compliances to senior leadership inclusive of providing content for Senior Leadership risk and control review forums/Committees. Ensure all governance attestations and sign-off from Senior leadership are completed including the conduct risk measures Champion and lead a culture of customer service and continuous improvement ensuring that opportunities for process and service Improvements Monitor performance and identify areas for improvement Actively look for ways of smoothing peaks and troughs and reducing time scales. Qualifications: Atleast 8-10 Years of experience in Information Security Area Good Risk / Control / Compliance and Information Security skills Knowledge and Experience of Technology Infrastructure. Understanding of Infrastructure Security Working knowledge of group risk frameworks, policies and standards Stakeholder management Advanced Communication skills (Speaking/ Writing/Listening) CISSP / CISM / CISA/ CRISC certification preferred Proficient in MS Office productivity suite (e.g. Word, Excel, PowerPoint, SharePoint). Advanced Excel skills strongly preferred Basic working knowledge of following (Majority of the points, if not all): COBIT - Control Objectives for Information and Related Technology ISO/IEC 27001:2013 - Code of Practice for Information Security Management NIST SP 800-53 NIST CSF SOC1/SOC2/SOC3 HIPAA/HITECH Security and Privacy Audit Protocol Shared Assessments Standard Information Gathering (SIG) framework US SOx - Sarbanes Oxley Act US HIPAA/HITECH Act EU GDPR - General Data Protection Regulation US EU Privacy Shield India Companies Act Perks & Benefits: ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member. We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections. Considering applying At ZS, we\'re building a diverse and inclusive company where people bring their passions to inspire life-changing impact in global healthcare and beyond. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don\'t meet 100% of the requirements listed above. ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law. To Complete Your Application: Candidates must possess or be able to obtain work authorization for their intended country of employment. ZS is committed to providing and maintaining a safe workplace. In order to keep its employees safe, ZS recommends that all its employees and contractors be fully vaccinated against COVID-19. Proof of vaccination can be voluntarily provided upon acceptance of offer of employment. NO AGENCY CALLS, PLEASE. Find Out More At:

foundit