Role: Security & Compliance Manager
Experience: 2+ years
Location: Noida (5 days WFO)

About Us:
Visit Health is a pioneering health-tech platform, founded in 2016 by BITS Pilani alumni, dedicated to making healthcare accessible, affordable, and preventive. Originated as a telemedicine platform during the 2015 Swine Flu epidemic, Visit Health has grown into an all-in-one wellness ecosystem that connects doctors, insurers, and millions of Indian families. Our services range from physical and mental wellness to OPD benefits, empowering both individuals and corporations to prioritize well-being.

Job Summary:

We are looking for a Associate Security and Compliance to oversee and enhance our security frameworks, regulatory compliance, and risk management initiatives. The ideal candidate will ensure adherence to industry regulations, implement security best practices, and lead audits to maintain compliance with international standards.

Key Responsibilities:

Security Governance & Risk Management:

• Develop and implement security policies, standards, and guidelines.
• Conduct risk assessments and security audits to identify vulnerabilities and mitigate risks.
• Collaborate with IT and legal teams to ensure secure infrastructure and data protection.
• Monitor emerging security threats and recommend appropriate countermeasures.

Regulatory Compliance & Audits:

• Ensure compliance with industry regulations such as ISO 27001, HIPAA, GDPR, SOC 2, PCI-DSS, NIST, and others.
• Lead internal and external security audits, managing relationships with auditors and regulators.
• Develop compliance reports and maintain documentation for audits and assessments.
• Educate internal teams on compliance requirements and security best practices.

Data Protection & Privacy:

• Implement and maintain data protection policies to safeguard sensitive information.
• Work with legal and IT teams to ensure compliance with global privacy laws (e.g., GDPR, CCPA).
• Conduct Data Protection Impact Assessments (DPIAs) and oversee incident response plans.

Incident Management & Response:

• Develop and maintain incident response plans and security monitoring mechanisms.
• Lead investigations into security incidents, breaches, and compliance violations.
• Coordinate with cybersecurity teams to implement security controls and remediation strategies.
  

Training & Awareness:

• Conduct security awareness training for employees to promote a security-first culture.
• Stay updated on new regulations and industry trends to proactively adapt policies.