Specialist, Information Security & Privacy

Who we are   Mindtickle is the leading AI-powered revenue enablement platform that combines on-the-job learning and deal execution to drive behavior change and get more revenue per rep. Mindtickle is recognized as a market leader by top industry analysts and is ranked by G2 as the #1 sales onboarding and training product.   Our commitment to innovation has also earned us the "AI-based Sales Solution of the Year" award in the 8th annual AI Breakthrough Awards program (PR Newswire), and a Gold Stevie Award for Sales and Customer Service (Mindtickle)- recognition of our dedication to both product excellence and outstanding customer support. What’s in it for you?

Compliance operations and audit readiness

• Own and manage controls across SOC 2 Type II, ISO 27001, GDPR, and HIPAA frameworks, maintaining an up-to-date control landscape and evidence inventory.

• Coordinate and support external audits end-to-end — from audit scoping and evidence preparation to auditor walkthroughs and post-audit remediation tracking.

• Manage compliance tracking across Google Workspace (Sheets, Drive, Docs, Gmail) — maintaining structured control registers, evidence repositories, and policy documentation.

• Send and track corrective action communications to control owners, following up through resolution and maintaining a clear audit trail.

• Conduct periodic internal compliance reviews and produce structured reports for leadership.

Technical security and vulnerability management

• Participate in Vulnerability Assessment and Penetration Testing (VAPT) cycles — reviewing findings, contextualising them for engineering teams, and tracking remediation to closure.

• Monitor and triage security findings from external risk and rating platforms including SecurityScorecard, Panorays, UpGuard, Whistic, ProcessUnity, Qualys SSL Labs, and similar sources.

• Act as the liaison between the security team and engineering — translating security findings into actionable tickets in Jira, validating fixes post-sign-off, and gradually taking ownership of resolutions.

• Maintain a working knowledge of common vulnerability classes (OWASP Top 10), exploits, and secure architecture patterns relevant to cloud-hosted SaaS platforms.

• Support cloud security reviews and configuration assessments on AWS (primary) and GCP, with an understanding of IAM, network security groups, storage controls, and logging configurations.

Compliance automation and AI-assisted workflows

• Build and maintain Python-based automation scripts that collect compliance evidence from internal systems, APIs, and Google Workspace — reducing manual evidence gathering for external audits.

• Develop automated email workflows and scheduled reports that keep control owners, team leads, and leadership informed of compliance status, upcoming obligations, and open remediation items.

• Create and maintain compliance dashboards that provide a real-time view of control health, audit readiness, and key risk indicators.

• Progressively design and deploy AI-assisted internal audit workflows — acting as the orchestrator of agentic pipelines that perform control checks, generate evidence summaries, and flag anomalies for human review.

• Leverage AI-assisted coding tools such as Cursor and Claude Code to accelerate development of automation and internal tooling.

Cross-functional collaboration and programme hygiene

• Collaborate with Engineering, DevOps, Legal, and HR teams to ensure controls are implemented, tested, and documented in alignment with framework requirements.

• Maintain and periodically review information security policies, procedures, and standards in Google Docs, ensuring they remain current and aligned with framework controls.

• Coordinate access reviews, vendor security assessments, and third-party risk evaluations as part of the ongoing compliance calendar.

• Support onboarding and awareness initiatives by contributing to security training content and policy communications.

We’d love to hear from you, if you:

Experience and background

• 2–3 years of hands-on experience in information security, GRC (Governance, Risk and Compliance), or a security-adjacent technical role.

• Demonstrated experience working with at least one major compliance framework (SOC 2, ISO 27001, GDPR, or HIPAA) — including evidence collection, control testing, or audit support.

• 1+ year of programming experience, with practical Python skills for scripting, automation, or data processing tasks.

• Exposure to cloud platforms, with working knowledge of AWS services (IAM, S3, CloudTrail, Security Hub, or equivalent) and basic familiarity with GCP.

Technical security knowledge

• Understanding of common vulnerability classes, OWASP Top 10, and secure development principles sufficient to contextualise findings and communicate them to engineering teams.

• Familiarity with VAPT processes — including scoping, findings review, and remediation validation.

• Basic understanding of network security concepts: TLS/SSL, DNS, firewalls, VPNs, and cloud-native security controls.

• Working knowledge of authentication and identity concepts: SSO, OAuth 2.0, SAML, IAM, RBAC, and MFA.

• Ability to read and interpret security findings from external platforms such as SecurityScorecard, Qualys, or similar security rating and scanning tools.

Tooling and workflow

• Proficient in Google Workspace — comfortable using Sheets for control tracking and mapping, Drive and Docs for policy and evidence management, Gmail for formal communications and sign-offs, and Calendar for compliance scheduling.

• Experience using Jira for cross-functional issue tracking and Slack for team collaboration.

• Comfortable writing Python scripts for automation, data extraction, API integrations, or report generation.

• Exposure to or genuine curiosity about AI tooling, LLMs, and agent-based workflows.

Soft skills and working style

• Strong written communication skills — able to draft clear policy documents, corrective action notices, and executive summaries.

• Methodical and organised — able to manage multiple concurrent workstreams, deadlines, and stakeholders without losing detail.

• Comfortable with ambiguity and ad-hoc requests in a fast-paced SaaS environment.

• Proactive and self-driven — able to identify gaps, propose solutions, and execute independently once direction is set.

Good to have:

• Certifications: CISA, CISSP, CEH, CompTIA Security+, or any recognised AI / machine learning certification.

• Read More