Job Description

With unmatched technology and category-defining innovation, Icertis pushes the boundaries of what\'s possible with contract lifecycle management (CLM). The AI-powered, analyst-validated Icertis Contract Intelligence (ICI) platform turns contracts from static documents into strategic advantage by structuring and connecting the critical contract information that defines how an organization runs. Today, the world\'s most iconic brands and disruptive innovators trust Icertis to fully realize the intent of their combined 10 million contracts worth more than $1 trillion, in 40+ languages and 93 countries.

Who we are: Icertis is the only contract intelligence platform companies trust to keep them out in front, now and in the future. Our unwavering commitment to contract intelligence is grounded in our FORTE values-Fairness, Openness, Respect, Teamwork and Execution-which guide all our interactions with employees, customers, partners and stakeholders. Because in our mission to be the contract intelligence platform of the world, we believe how we get there is as important as the destination

Who we are: Icertis is the only contract intelligence platform companies trust to keep them out in front, now and in the future. Our unwavering commitment to contract intelligence is grounded in our FORTE values-Fairness, Openness, Respect, Teamwork, and Execution-which guide all our interactions with employees, customers, partners, and stakeholders. Because in our mission to be the contract intelligence platform of the world, we believe how we get there is as important as the destination.

Icertis is looking Senior Audit and Compliance analyst who will be part of the Compliance team and work closely with the Compliance manager on various Audit and Compliance initiatives.

Main Responsibilities:

• Planning, organizing, and handling ISO27001, SOC1, and SOC2 audits and following the Audit life cycle end to end.
• Front-end customer audits and follow the end-to-end life cycle of customer audit engagements. Experience in audits for regulated industries like financial services and healthcare is required.
• Experience in performing Information security risk management and following the complete risk management lifecycle.
• Ability to directly engage with various stakeholders, including at C-suite and executive levels when needed to follow escalation levels.
• Experienced in performing access reconciliation, and firewall access review for cloud operations, IT, and other regular compliance activities on a monthly, and quarterly basis.
• Quick thinker, understanding all technical evidence, and the ability to correlate the evidence in various audits in a SaaS, cloud knowledge is essential.
• Ability to create policy and procedure documentation quickly and make amendments and keep the documentation up to the mark.
• Experience building and running the BCP DR program, assisting in the testing of BCP for Icertis and tracking actions, and creating BCP DR test reports.
• Scale up and engage in other audits such as TISAX, SSPA, GDPR, SOC, HIPAA, and various other compliances.
• Keeping Information Security training records up to date by regular follow-up and publishing the dashboards. Take complete ownership.
• Maintaining evidence freshness where compliance controls require similar or related evidence of or proof of satisfactory compliant process and ability to map these artifacts to compliance framework.
• For all audits at Icertis- artifacts maintenance by coordination and follow-up with various departments.
• Handing customer audits and third-party risk assessment questionnaires.
• Performing Vendor risk assessment for Icertis and following the complete life cycle.
• Publishing monthly dashboard of Compliance certification, training records, Pending Audit action points, Risks, and Issues.
• Act as compliance point of contact and be available during RFP discussions for any compliance-related queries.

Qualifications:

• BE/BCS or MCS from a good college, MBA in Information Security, and has worked with large organizations such as EY, KPMG, and Deloitte.
• Proven experience in SaaS, and cloud-based compliance engagements.
• Experience working on Azure administration, O365 setup, and exposure to Azure Security governance.
• Worked on a SaaS organization audit and has a good understanding of Cloud infrastructure management.
• Demonstrated knowledge of application and infrastructure security at a high level.
• Knowledge of Cloud computing technology is a MUST requirement.
• Proven experience in IT Audit and handling various audits.
• Should have worked on ISO27001, ISO 27017, and 27018, SOC Audits certification audit requirements extensively.
• Exposure to GDPR is added advantage
• Proven experience in handling customer and 3rd party audit assessments
• Very good knowledge and experience using Microsoft Office tools such as Excel and SharePoint
• Must have BE/BCS or MCS along with MBA with an Information Security focus.
• Excellent communication skills are a MUST requirement.

Certifications * ISO 27001 LA or CISA /CISSP/CISM (mandatory)

• Cloud security-related certifications such as CCSK
• Other Cloud administration-related certification

Icertis, Inc. provides Equal Employment Opportunity to all employees and applicants for employment without regard to race, color, religion, gender identity or expression, sex, sexual orientation, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. Icertis, Inc. complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. If you are in need of accommodation or special assistance to navigate our website or to complete your application, please send an e-mail with your request to or get in touch with your recruiter.

By submitting your application you acknowledge that you have read Icertis\'s Privacy Policy ( )

Icertis is not open to third party solicitation or resumes for our posted FTE positions. Resumes received from third party agencies that are unsolicited will be considered complimentary.

Icertis