Infosec & Audit

Bengaluru, Karnataka, India | Full-time


About MediBuddy

MediBuddy is India’s number 1, ISO Certified Medical App that lets one consult Specialist Doctors 24X7 over a tele, video call or even a chat within 30 minutes.  It is the award-winning technology platform that transforms the health insurance industry at the very core. MediBuddy, with its diverse offerings for various stakeholders of the health benefits industry, makes the process of discovering, accessing, utilizing and monitoring health benefits seamless and real-time.   It is built in an integrated platform for online consultation, ordering medicines & booking lab tests, managing insurance covers etc. With over 6 Million+ Indian users, 5000+ MD Doctors, funding from Bessemer venture partners, Rebright partners and other investors, MediBuddy is scaling rapidly in its quest to help millions more. 

MediBuddy provides consultation services for patients of all age groups in several key medical, disciplines such as dermatology, gynaecology, sexology, paediatrics, general medicine, psychiatry,weight management etc. Every user can avail transparent, tech-enabled, round-the-clock and multi-language services. Also, ordering medicines and booking lab tests is only a click away for all our customers!  

“MediClinic” is our very own OPD services with 300+ clinics across India to support immediate wellness or medical needs of our customers.  With the recent pandemic, MediBuddy has been instrumental in helping multiple corporates to get back to workplace with right safety norms.  

With focus on Mental wellness, MediBuddy has curated a specific program for mental wellness of their customers to help them deal with any stress in a confidential and appropriate manner.

Your Key Responsibilities

Responsible for ensuring that all processes and policies of the company are compliant by conducting regular audits and risk assessments to ensure the organization remains ISO certified.
Coordinate, communicate and liaison with clients for assessments and audits.
Identify and prevent any compliance issues/violations and escalate such violations to facilitate and support follow-up and prompt investigation
Monitor compliance systems to ensure their effectiveness and design or implement improvements in communication, monitoring, or enforcement of compliance standards
While on audits; assess controls, identify control weaknesses and areas for process improvements.
Coordinate with the team for IA and external audits for closure of NC and ensure that corrective action plans are implemented accordingly.
Follow up on clients’ technical requests in a timely manner.
Perform risk assessments/ security audits, create Business impact analysis and create BCP for all departments and functions.
Review the drafted (New / existing) SOP / Work Instructions / Guidelines
Ability to conduct the periodic security awareness training across the organisation.
Knowledge and experience in industry best risk management frameworks
Develop audit calendar for the organisation
Create and update the hardening checklist, and other security checklists.
Maintain an audit calendar and proactively follow up with the various internal teams on closure of outstanding audit requests

Preferred Skills & Qualifications
BE-IT or equivalent degree with ISO 27001 Lead Auditor certification and up to 3 years of relevant experience
Candidate should have good knowledge for SOC 1, SOC 2, IT General Controls, and IT Compliance
Excellent understanding of information security and risk frameworks/standards (ISO 27001, GDPR, NIST etc.)
Should be a self learner and must keep self updated with latest threats and vulnerabilities researched/ discovered
knowledge of business continuity framework and standards
Proven ability to conduct ISMS audit independently
Good organisational and planning skills.
Excellent customer service skills & client management