What is Contentstack
Contentstack the leading Composable Digital Experience Platform (DXP) provider empowers marketers and developers to deliver composable digital experiences at the speed of their imagination. Companies such as ASICS, Chase, Steve Madden, Holiday Inn, Icelandair, Mattel, Mitsubishi, Riot Games, and Shell trust Contentstack to power their most critical content experiences with uncompromising scale and dependability. Known for its
Care Without Compromise program, Contentstack has achieved the industry's highest customer satisfaction rating. Contentstack is also a founding member of the MACH Alliance, advocating for best-of-breed composable technology that is Microservices-based, API-first, Cloud-native SaaS, and Headless. Learn more at www.contentstack.com.
Who Are We
At Contentstack we are more than colleagues, we are a tribe. Our vision is to pursue equity among our communities, employees, partners, and customers. We are global-diverse yet close; distributed yet connected. We are dreamers and dreammakers who challenge the status quo. We do the right thing, even when no one is watching. We are curious trendspotters and brave trendsetters. Our mission is to make Contentstack indispensable for organizations to tell their stories and to connect with the people they care about through inspiring, modern experiences. We care deeply about our customers and the communities we serve. #OneTeamOneDream. Chalo, let's go!
What Are We Looking For
Contentstack is looking for a Senior Internal Security Auditor II.
Overview:
The Senior Internal Security Auditor is responsible for maintaining and enhancing Contentstack's security posture by conducting comprehensive audits and assessments. This role requires a deep understanding of security and control frameworks, such as SOC2, NIST, and ISO27001, their effective implementation, and the ability to translate complex technical information into actionable recommendations. The ideal candidate will be a strategic thinker with strong analytical skills and a proven track record in identifying and mitigating security risks.
Responsibilities:
- SOC2 and ISO27001 Compliance: Oversee the ongoing maintenance of SOC2 and ISO27001 certifications. Coordinate external audits and assessments to ensure compliance with relevant standards and regulations.
- Internal Control Effectiveness: Monitor and evaluate the effectiveness of internal controls related to information security. Identify control gaps and recommend enhancements to strengthen the overall security posture.
- Technical Evaluation: Possess the ability to evaluate technical evidence provided by internal teams, ensuring it aligns with audit objectives and industry standards.
- Audit Planning and Execution: Develop and execute audit plans, including defining objectives, scope, and methodology.
- Report Writing and Communication: Prepare clear and concise audit reports, summarizing findings, recommendations, and action plans. Communicate effectively with both technical and non-technical stakeholders.
- Continuous Improvement: Stay up-to-date on industry best practices, emerging threats, and regulatory changes. Recommend process improvements to enhance audit efficiency and effectiveness.
- Risk Assessment and Mitigation: Assist in conducting risk assessments to identify potential threats and vulnerabilities. Aid in the development and implementation of risk mitigation strategies to protect information and systems.
- Customer Audits: When necessary, manage and coordinate customer audits, providing necessary documentation and support. Collaborate with cross-functional teams to address audit findings and implement corrective actions.
- GRC Tool Utilization: Leverage GRC tools to manage audit workflows, evidence collection, and reporting.
Qualifications:
- Minimum of 8 years of experience in information security auditing and compliance.
Location: Pune/Mumbai/Bangalore
What Do We Offer
Interesting Work | We hire curious trendspotters and brave trendsetters. This is NOT your boring, routine, cushy, rest-and-vest corporate job. This is the challenge yourself role where you learn something new every day, never stop growing, and have fun while you're doing it.
Tribe Vibe | We are more than colleagues, we are a tribe. We have a strict no a**hole policy and enforce it diligently. This means we spend time together - with spontaneous office happy hours, organized outings, and community volunteer opportunities. We are a diverse and distributed team, but we like to stay connected.
Bragging Rights | We are dreamers and dream makers. Our efforts pay off and we work with the most prestigious brands, from big-name retailers to airlines, to professional sports teams. Your contribution will make an impact with many of the most recognizable names in almost every industry including ASICS, Chase, Steve Madden, Holiday Inn, Icelandair, Mattel, Mitsubishi, Riot Games, Shell, and many more!
One Team One Dream | This is one of our values, and it shows. We don't believe in artificial hierarchies. If you're part of the tribe, you have an opportunity to contribute. Your voice will be heard and you will also receive regular updates about the business and its performance. Which, btw, is through the roof, so it's a great time to be joining
To review our Privacy Policy, please click here.
