Title: Lead Information Security (GRC)
Location: Gurgaon, India
Job Description
Who We Are:
Fareportal is a travel technology company powering a next-generation travel concierge service. Utilizing its innovative technology and company owned and operated global contact centers, Fareportal has built strong industry partnerships providing customers access to over 600 airlines, a million lodgings, and hundreds of car rental companies around the globe. With a portfolio of consumer travel brands including CheapOair and OneTravel, Fareportal enables consumers to book-online, on mobile apps for iOS and Android, by phone, or live chat. Fareportal provides its airline partners with access to a broad customer base that books high-yielding international travel and add-on ancillaries.
Fareportal is one of the leading sellers of airline tickets in the United States. We are a progressive company that leverages technology and expertise to deliver optimal solutions for our suppliers, customers, and partners.
FAREPORTAL HIGHLIGHTS:
- Fareportal is the number 1 privately held online travel company in flight volume.
- Fareportal partners with over 600 airlines, 1 million lodgings, and hundreds of car rental companies worldwide.
- 2019 annual sales exceeded $5 billion.
- Fareportal sees over 150 million unique visitors annually to our desktop and mobile sites.
- Fareportal, with its global workforce of over 2,600 employees, is strategically positioned with 9 offices in 6 countries and headquartered in New York City.
Job Description and Responsibilities:
- Implement security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances business objectives.
- Evaluate risks and develop/review security standards, procedures, and controls to manage risks. Improves Fareportal's security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Implement processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develop reporting metrics, dashboards, and evidence artifacts.
- Define and document business process responsibilities and ownership of the controls. Schedule regular assessments and testing of effectiveness and efficiency of controls and create GRC reports.
- Update security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, Payment Card Industry Data Security Standards (PCI DSS), ISO 27001, etc.
- Support vendor due-diligence process and review third-party contracts, SOW, etc
- Support internal and external audit process for relevant compliance
- Document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities.
- Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
Required Skills:
- CISSP, CISA or CISM certification will be an added advantage
- Knowledge on
- applicable information security management, governance, and compliance principles, standards, practices, laws, rules and regulations (ISO 27001, PCI DSS, GDPR, CCPA, IT Act, etc)
- and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration;
- systems auditing, monitoring, controlling, and assessment process;
- assessment and management methodology
- ability to consistently provide high-quality products that are concise, thorough and accurate;
- Strong attention to detail with an analytical mind and outstanding problem-solving skills.
- Good communication and persuasive skills
- Work independently
Qualifications:
- BS/MCA/BE/BTech/M.Tech in technology-related or information security curriculum
- Prior experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management
- Required 3 years of relevant experience in information security domain
Disclaimer
This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Fareportal reserves the right to change the job duties, responsibilities, expectations or requirements posted here at any time at the Company's sole discretion, with or without notice.