Astuto Technologies - Information Security Specialist (2-6 yrs)

About Astuto :

We are a Cloud FinOps startup focused on helping businesses save Cloud costs, avoid waste, improve efficiency, and optimize their ROI on Cloud Spend. Our vision is to build OneLens as one of the industry-leading Cloud FinOps platforms.

We have the backing of a global institutional investor and raised pre-seed funding.

Role Overview :

We are seeking a highly skilled InfoSec, Trust & Compliance Specialist to join our team. The ideal candidate will be responsible for ensuring our software products comply with all necessary regulations and standards, particularly in the Financial Services and Enterprise Software sectors. This role requires a deep understanding of various compliance frameworks and the ability to build and maintain trust with our customers.

Key Responsibilities :

Compliance Management :

- Ensure compliance with ISO 27001, ISO 27017, SOC 2, FedRAMP, NIST, and other relevant standards.

- Develop, implement, and maintain compliance policies and procedures.

- Conduct regular audits and assessments to ensure ongoing compliance.

- Prepare and manage documentation for compliance audits and certifications.

Risk Management :

- Identify, assess, and mitigate security risks related to our software products.

- Develop and implement risk management strategies and controls.

- Monitor and report on compliance and risk management activities.

Customer Trust :

- Build and maintain strong relationships with customers, ensuring they have confidence in our compliance and security measures.

- Communicate effectively with customers about our compliance efforts and security posture.

- Address customer concerns and inquiries related to compliance and security.

Strategic Planning :

- Develop a long-term, sustainable roadmap for compliance and security.

- Stay updated on industry trends and regulatory changes to ensure our compliance strategies remain current and effective.

- Collaborate with internal teams to integrate compliance requirements into product development and business processes.

Qualifications :

- Bachelor's degree in information security, Computer Science, or a related field.

- Minimum of 3-5 years of experience in information security, compliance, or a related role.

- In-depth knowledge of ISO 27001, ISO 27017, SOC 2, FedRAMP, NIST, and other relevant standards.

- Experience in the Financial Services and/or Enterprise Software sectors is highly desirable.

- Strong analytical and problem-solving skills.

- Excellent communication and interpersonal skills.

- Ability to build and maintain trust with customers and stakeholders.

- Relevant certifications (e.g., CISSP, CISM, CISA, ISO 27001 Lead Implementer) are a plus.