Information Risk & Compliance Manager - Incident Management (6-10 yrs)

Role & Responsibilities

Location: Bangalore, Karnataka

Experience Level: Mid-senior level

Your work will help provide a secure and safe product for Wysa's global users in need of Mental Health support.

In this role, you will get to put in place robust organisational, technical and administrative safeguards for the organisation.

You will bring strong risk management, incident handling and response management, third-party risk management skillsets to raise the compliance maturity within the organisation.

The role will primarily be that of an individual contributor with hands-on contribution, execution abilities and people skills.

You will report to the head of compliance. You will have the opportunity to lead, mentor and guide lean teams.

You will support Wysa and its compliance objectives:

1. Staying Compliant

• Enforce Information security, privacy and compliance policies and practices.
• Monitor and manage information risks including third-party risk management.
• Own incident and breach handling and response.
• Own internal and external audits and maintain region based compliance and certification needs.
• Organize and enforce document and records management.
• Lead business continuity and disaster recovery risk initiatives.

• Execute compliance strategy and roadmap aligned to organization business objectives.
• Participate in customer and vendor contract reviews, track and manage contractual risks.
• Measure Information security and compliance objectives and report metrics.
• Work with business to respond to customer Information security and compliance requirements.
• Handle client and user requests, complaints and grievances.
• Participate in budgeting activities and controls.

• Build awareness and a risk culture within the organization.
• Design, improve and automate processes. Bring in new ideas and creative working.
• Monitor, research and prepare for changing global threat, vulnerability and regulatory landscape.
• Involve in healthcare based compliance priorities- safety, quality, accessibility, medical devices.
• Lead and execute Information security, privacy and compliance projects.
• Foster Competency and skill development within the compliance function.

• Total 6 to 8 years of relevant experience in cybersecurity and privacy protection.
• A solution-provider with quick decision taking abilities.
• Deep privacy based knowledge, capability and skills.
• Experience in security and breach incident handling and response
• Experience in risk Management practices and third-party risk management
• Experience in complying with EU and UK laws including GDPR, USA HIPAA and privacy laws.
• Experience implementing and complying to ISO 27001:2022, ISO 27701:2019 or alternate.
• Project management/organizational and planning skills.
• Proficiency with MS Office and Google Workspace suite of applications.

• Exposure to SOC2, OWASP, NIST, CERT-IN frameworks.
• Experience supporting compliance for Artificial Intelligence technologies.
• Experience and knowledge in forensic investigations.
• Experience working in a fast-paced digital technology startup.
• Experience working with customers, third-party security consultants and auditors.