Security Compliance Risk Analyst

AS THE Security Compliance Risk Analyst (Commercial Audits), YOU WILL:

• Communicate compliance requirements to cross functional teams and own audit evidence validation, documentation, standardization with the goal of driving automation in this end to end process.
• Help maintain and mature common controls framework and the GRC tool.
• Regularly validate control implementation(s) to support product security compliance.
• Collaborate regularly with cross functional teams to address requirements.
• Manage compliance projects across multiple teams, including cloud engineering, security and development etc.
• Reporting and communication of project status to service teams, control owners, and senior leadership.
• Show high adaptability and proactiveness, and be eager to tackle any challenge head-on to continuously expand learning and growth potential.
• Proactively identify and communicate risks and potential roadblocks during audit processes to ensure timely resolution and audit success

OUR IDEAL Security Compliance Risk Analyst (Commercial Audits), WILL HAVE:

• Atleast 3-6 years of experience in an equivalent technology risk and compliance related role.
• Ability to organize, prioritize and project manage work in a fast-paced and ambiguous environment.
• Knowledge of cloud infrastructures (AWS, Azure, or GCP)
• Experience with security compliance reports, certifications and standards as they relate to Software as a Service, Infrastructure as a Service and Cloud Computing, such as SOC1 (SSAE18), SOC2, ISO 27k family of standards, FedRAMP, IRAP, PCI-DSS, HITRUST, NIST CyberSecurity Framework, regional cyber security regulations and other related frameworks.
• Experience with common control framework and GRC software and tools maintenance.
• Experience coordinating, facilitating and managing security and compliance audits; industry-specific regulatory compliance knowledge, a plus.
• Drive program efficiency and high customer satisfaction and cultivate support and consensus across multiple stakeholder groups.
• Excellent oral, written and presentation skills with the capability to articulate technical and operational processes.
• BachelorDegree in computer science, information systems, security or related field and CISA, CISSP or other relevant certifications is a plus
• While we are flexible with work timings, this position would require some level of collaboration with stakeholders in the USA to ensure effective communication and project alignment. This translates into later evenings in India, ensuring that there is a couple of hours of overlap in working hours.