ClawJobs
ClawJobs
Back to all jobs
M

Specialist, Information Security & Privacy

Mindtickle|SaaS
Pune, Maharashtra, Bengaluru, Karnataka
full-timeG&A
Apply for this positionView all Mindtickle careers

Job Description

Who we are
 
Mindtickle is the leading AI-powered revenue enablement platform that combines on-the-job learning and deal execution to drive behavior change and get more revenue per rep. Mindtickle is recognized as a market leader by top industry analysts and is ranked by G2 as the #1 sales onboarding and training product.
 
Our commitment to innovation has also earned us the "AI-based Sales Solution of the Year" award in the 8th annual AI Breakthrough Awards program (PR Newswire), and a Gold Stevie Award for Sales and Customer Service (Mindtickle)- recognition of our dedication to both product excellence and outstanding customer support.

Job Snapshot

Mindtickle is hiring a Specialist, Information Security and Privacy to join our Information Security and Privacy team in Pune. This role sits at the intersection of compliance, technical security, and intelligent automation — and it is designed for someone who understands that good security is not just about policy, but about building systems that make compliance self-evident.

You will own the operational backbone of our compliance programme across SOC 2 Type II, ISO 27001, GDPR, and HIPAA — managing controls, preparing for audits, and working directly with engineering teams on vulnerability remediation. Alongside this, you will gradually build automated compliance workflows: Python-based applications and AI-assisted agents that collect audit evidence, surface control gaps, and keep stakeholders proactively informed — reducing manual effort and enabling the team to stay ahead of its obligations at scale.

If you are someone who is equally comfortable reading a security advisory as you are writing a Python script, and who believes that compliance should be a living, automated system rather than an annual scramble, this role offers rare breadth and long-term impact.

This role reports to the Senior Manager, Information Security and Privacy.

What’s in it for you?

    Compliance operations and audit readiness

    • Own and manage controls across SOC 2 Type II, ISO 27001, GDPR, and HIPAA frameworks, maintaining an up-to-date control landscape and evidence inventory.

    • Coordinate and support external audits end-to-end — from audit scoping and evidence preparation to auditor walkthroughs and post-audit remediation tracking.

    • Manage compliance tracking across Google Workspace (Sheets, Drive, Docs, Gmail) — maintaining structured control registers, evidence repositories, and policy documentation.

    • Send and track corrective action communications to control owners, following up through resolution and maintaining a clear audit trail.

    • Conduct periodic internal compliance reviews and produce structured reports for leadership.

      • Technical security and vulnerability management

      • Participate in Vulnerability Assessment and Penetration Testing (VAPT) cycles — reviewing findings, contextualising them for engineering teams, and tracking remediation to closure.

      • Monitor and triage security findings from external risk and rating platforms including SecurityScorecard, Panorays, UpGuard, Whistic, ProcessUnity, Qualys SSL Labs, and similar sources.

      • Act as the liaison between the security team and engineering — translating security findings into actionable tickets in Jira, validating fixes post-sign-off, and gradually taking ownership of resolutions.

      • Maintain a working knowledge of common vulnerability classes (OWASP Top 10), exploits, and secure architecture patterns relevant to cloud-hosted SaaS platforms.

      • Support cloud security reviews and configuration assessments on AWS (primary) and GCP, with an understanding of IAM, network security groups, storage controls, and logging configurations.

        • Compliance automation and AI-assisted workflows

        • Build and maintain Python-based automation scripts that collect compliance evidence from internal systems, APIs, and Google Workspace — reducing manual evidence gathering for external audits.

        • Develop automated email workflows and scheduled reports that keep control owners, team leads, and leadership informed of compliance status, upcoming obligations, and open remediation items.

        • Create and maintain compliance dashboards that provide a real-time view of control health, audit readiness, and key risk indicators.

        • Progressively design and deploy AI-assisted internal audit workflows — acting as the orchestrator of agentic pipelines that perform control checks, generate evidence summaries, and flag anomalies for human review.

        • Leverage AI-assisted coding tools such as Cursor and Claude Code to accelerate development of automation and internal tooling.

          • Cross-functional collaboration and programme hygiene

          • Collaborate with Engineering, DevOps, Legal, and HR teams to ensure controls are implemented, tested, and documented in alignment with framework requirements.

          • Maintain and periodically review information security policies, procedures, and standards in Google Docs, ensuring they remain current and aligned with framework controls.

          • Coordinate access reviews, vendor security assessments, and third-party risk evaluations as part of the ongoing compliance calendar.

          • Support onboarding and awareness initiatives by contributing to security training content and policy communications.

We’d love to hear from you, if you:

    Experience and background

    • 2–3 years of hands-on experience in information security, GRC (Governance, Risk and Compliance), or a security-adjacent technical role.

    • Demonstrated experience working with at least one major compliance framework (SOC 2, ISO 27001, GDPR, or HIPAA) — including evidence collection, control testing, or audit support.

    • 1+ year of programming experience, with practical Python skills for scripting, automation, or data processing tasks.

    • Exposure to cloud platforms, with working knowledge of AWS services (IAM, S3, CloudTrail, Security Hub, or equivalent) and basic familiarity with GCP.

      • Technical security knowledge

      • Understanding of common vulnerability classes, OWASP Top 10, and secure development principles sufficient to contextualise findings and communicate them to engineering teams.

      • Familiarity with VAPT processes — including scoping, findings review, and remediation validation.

      • Basic understanding of network security concepts: TLS/SSL, DNS, firewalls, VPNs, and cloud-native security controls.

      • Working knowledge of authentication and identity concepts: SSO, OAuth 2.0, SAML, IAM, RBAC, and MFA.

      • Ability to read and interpret security findings from external platforms such as SecurityScorecard, Qualys, or similar security rating and scanning tools.

        • Tooling and workflow

        • Proficient in Google Workspace — comfortable using Sheets for control tracking and mapping, Drive and Docs for policy and evidence management, Gmail for formal communications and sign-offs, and Calendar for compliance scheduling.

        • Experience using Jira for cross-functional issue tracking and Slack for team collaboration.

        • Comfortable writing Python scripts for automation, data extraction, API integrations, or report generation.

        • Exposure to or genuine curiosity about AI tooling, LLMs, and agent-based workflows.

          • Soft skills and working style

          • Strong written communication skills — able to draft clear policy documents, corrective action notices, and executive summaries.

          • Methodical and organised — able to manage multiple concurrent workstreams, deadlines, and stakeholders without losing detail.

          • Comfortable with ambiguity and ad-hoc requests in a fast-paced SaaS environment.

          • Proactive and self-driven — able to identify gaps, propose solutions, and execute independently once direction is set.

Good to have:

    • Certifications: CISA, CISSP, CEH, CompTIA Security+, or any recognised AI / machine learning certification.

    • Experience building or interacting with AI agents, LLM-based pipelines, or automation using frameworks such as LangChain or LangGraph.

    • Hands-on experience with AI-assisted development tools such as Cursor or Claude Code.

    • Familiarity with third-party risk and security rating platforms (SecurityScorecard, Panorays, UpGuard, Whistic, ProcessUnity).

    • Prior experience with GCP services for development or workflow automation.

    • Understanding of data privacy principles under GDPR and HIPAA, including data classification, retention policies, and subject rights processes.

    • Exposure to SAST/DAST tooling, container security, or cloud security posture management (CSPM).

About Mindtickle

First seen: May 24, 2026
Last updated: May 29, 2026