Specialist, Information Security & Privacy bei Mindtickle

Mindtickle is the market-leading revenue productivity platform that combines on-the-job learning and deal execution to get more revenue per rep. Mindtickle is recognized as a market leader by top industry analysts and is ranked by G2 as the #1 sales onboarding and training product. We’re honoured to be recognized as a Leader in the first-ever Forrester Wave™: Revenue Enablement Platforms, Q3 2024!

Job Snapshot

Mindtickle is hiring a Specialist, Information Security and Privacy to join our Information Security and Privacy team in Pune. This role sits at the intersection of compliance, technical security, and intelligent automation — and it is designed for someone who understands that good security is not just about policy, but about building systems that make compliance self-evident.

You will own the operational backbone of our compliance programme across SOC 2 Type II, ISO 27001, GDPR, and HIPAA — managing controls, preparing for audits, and working directly with engineering teams on vulnerability remediation. Alongside this, you will gradually build automated compliance workflows: Python-based applications and AI-assisted agents that collect audit evidence, surface control gaps, and keep stakeholders proactively informed — reducing manual effort and enabling the team to stay ahead of its obligations at scale.

If you are someone who is equally comfortable reading a security advisory as you are writing a Python script, and who believes that compliance should be a living, automated system rather than an annual scramble, this role offers rare breadth and long-term impact.

This role reports to the Senior Manager, Information Security and Privacy.

Compliance operations and audit readiness

• Own and manage controls across SOC 2 Type II, ISO 27001, GDPR, and HIPAA frameworks, maintaining an up-to-date control landscape and evidence inventory.

• Coordinate and support external audits end-to-end — from audit scoping and evidence preparation to auditor walkthroughs and post-audit remediation tracking.

• Manage compliance tracking across Google Workspace (Sheets, Drive, Docs, Gmail) — maintaining structured control registers, evidence repositories, and policy documentation.

• Send and track corrective action communications to control owners, following up through resolution and maintaining a clear audit trail.

• Conduct periodic internal compliance reviews and produce structured reports for leadership.

Technical security and vulnerability management

• Participate in Vulnerability Assessment and Penetration Testing (VAPT) cycles — reviewing findings, contextualising them for engineering teams, and tracking remediation to closure.

• Monitor and triage security findings from external risk and rating platforms including SecurityScorecard, Panorays, UpGuard, Whistic, ProcessUnity, Qualys SSL Labs, and similar sources.

• Act as the liaison between the security team and engineering — translating security findings into actionable tickets in Jira, validating fixes post-sign-off, and gradually taking ownership of resolutions.

• Maintain a working knowledge of common vulnerability classes (OWASP Top 10), exploits, and secure architecture patterns relevant to cloud-hosted SaaS platforms.

• Support cloud security reviews and configuration assessments on AWS (primary) and GCP, with an understanding of IAM, network security groups, storage controls, and logging configurations.

Compliance automation and AI-assisted workflows

• Build and maintain Python-based automation scripts that collect compliance evidence from internal systems, APIs, and Google Workspace — reducing manual evidence gathering for external audits.

• Develop automated email workflows and scheduled reports that keep control owners, team leads, and leadership informed of compliance status, upcoming obligations, and open remediation items.

• Create and maintain compliance dashboards that provide a real-time view of control health, audit readiness, and key risk indicators.

• Progressively design and deploy AI-assisted internal audit workflows — acting as the orchestrator of agentic pipelines that perform control checks, generate evidence summaries, and flag anomalies for human review.

• Leverage AI-assisted coding tools such as Cursor and Claude Code to accelerate development of automation and internal tooling.

Cross-functional collaboration and programme hygiene

• Collaborate with Engineering, DevOps, Legal, and HR teams to ensure controls are implemented, tested, and documented in alignment with framework requirements.

• Maintain and periodically review information security policies, procedures, and standards in Google Docs, ensuring they remain current and aligned with framework controls.

• Coordinate access reviews, vendor security assessments, and third-party risk evaluations as part of the ongoing compliance calendar.

• Support onboarding and awareness initiatives by contributing to security training content and policy communications.

Experience and background

• 2–3 years of hands-on experience in information security, GRC (Governance, Risk and Compliance), or a security-adjacent technical role.

• Demonstrated experience working with at least one major compliance framework (SOC 2, ISO 27001, GDPR, or HIPAA) — including evidence collection, control testing, or audit support.

• 1+ year of programming experience, with practical Python skills for scripting, automation, or data processing tasks.

• Exposure to cloud platforms, with working knowledge of AWS services (IAM, S3, CloudTrail, Security Hub, or equivalent) and basic familiarity with GCP.

Technical security knowledge

• Understanding of common vulnerability classes, OWASP Top 10, and secure development principles sufficient to contextualise findings and communicate them to engineering teams.

• Familiarity with VAPT processes — including scoping, findings review, and remediation validation.

• Basic understanding of network security concepts: TLS/SSL, DNS, firewalls, VPNs, and cloud-native security controls.

• Working knowledge of authentication and identity concepts: SSO, OAuth 2.0, SAML, IAM, RBAC, and MFA.

• Ability to read and interpret security findings from external platforms such as SecurityScorecard, Qualys, or similar security rating and scanning tools.

Tooling and workflow

• Proficient in Google Workspace — comfortable using Sheets for control tracking and mapping, Drive and Docs for policy and evidence management, Gmail for formal communications and sign-offs, and Calendar for compliance scheduling.

• Experience using Jira for cross-functional issue tracking and Slack for team collaboration.

• Comfortable writing Python scripts for automation, data extraction, API integrations, or report generation.

• Exposure to or genuine curiosity about AI tooling, LLMs, and agent-based workflows.

Soft skills and working style

• Strong written communication skills — able to draft clear policy documents, corrective action notices, and executive summaries.

• Methodical and organised — able to manage multiple concurrent workstreams, deadlines, and stakeholders without losing detail.

• Comfortable with ambiguity and ad-hoc requests in a fast-paced SaaS environment.

• Proactive and self-driven — able to identify gaps, propose solutions, and execute independently once direction is set.

• Certifications: CISA, CISSP, CEH, CompTIA Security+, or any recognised AI / machine learning certification.

• Experience building or interacting with AI agents, LLM-based pipelines, or automation using frameworks such as LangChain or LangGraph.

• Hands-on experience with AI-assisted development tools such as Cursor or Claude Code.

• Familiarity with third-party risk and security rating platforms (SecurityScorecard, Panorays, UpGuard, Whistic, ProcessUnity).

• Prior experience with GCP services for development or workflow automation.

• Understanding of data privacy principles under GDPR and HIPAA, including data classification, retention policies, and subject rights processes.

• Exposure to SAST/DAST tooling, container security, or cloud security posture management (CSPM).

As an organization, it’s our priority to create a highly engaging and rewarding workplace. We offer tons of awesome perks and many opportunities for growth.

Our culture reflects our employee's globally diverse backgrounds along with our commitment to our customers, and each other, and a passion for excellence. We live up to our values, DAB, Delight your customers, Act as a Founder, and Better Together.

Mindtickle is proud to be an Equal Opportunity Employer.

All qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, disability, protected veteran status, or any other characteristic protected by law.

Your Right to Work - In compliance with applicable laws, all persons hired will be required to verify identity and eligibility to work in the respective work locations and to complete the required employment eligibility verification document form upon hire.