Home
Communities
Companies
- Companies
  
  Discover best places to work
- Compare Companies
  
  Compare & find best workplace
- Add Office Photos
  
  Bring your workplace to life
- Add Company Benefits
  
  Highlight your company's perks
Reviews
- Company reviews
  
  Read reviews for 6L+ companies
- Write a review
  
  Rate your former or current company
Salaries
- Browse salaries
  
  Discover salaries for 6L+ companies
- Salary calculator
  
  Calculate your take home salary
- Are you paid fairly?
  
  Check your market value
- Share your salary
  
  Help other jobseekers
Interviews
- Company interviews
  
  Read interviews for 40K+ companies
- Campus placements
  
  Interviews questions for 1K+ colleges
- Share interview questions
  
  Contribute your interview questions
Jobs
Awards

RATE NOW!
- ABECA 2025
  
  RATE NOW!
  
  AmbitionBox Employee Choice Awards - 4th Edition
- ABECA 2024
  
  AmbitionBox Employee Choice Awards - 3rd Edition
- AmbitionBox Best Places to Work 2022
  
  2nd Edition
- AmbitionBox Best Places to Work 2021
  
  1st Edition

Add office photos

Engaged Employer

Sumeru Software Solutions

Compare

3.5

based on 128 Reviews

1 Sumeru Software Solutions Job

Sumeru Software Solutions - Senior Technical Compliance Analyst (5-8 yrs)

sumeru inc

3.5

based on 128 Reviews

5-8 years

Bangalore / Bengaluru

Sumeru Software Solutions - Senior Technical Compliance Analyst (5-8 yrs)

Sumeru Software Solutions

posted 2mon ago

Job Role Insights

Flexible timing

Key skills for the job

Cisa Cism IT Compliance IT Risk Management

Job Description

Role : Compliance Analyst.

Location : Initially remote (Candidates should be based out of Bangalore or Pune).

Duration : 6+ months (Possibilities of extension and conversion).

Job Brief - Compliance Analyst.

Responsibilities:

What you'll do:

- Assist with the implementation and management of Client common/unified controls framework.

- Work as a subject matter expert on the process to interpret compliance regulations such as ISO27001, SOC1, SOC2, NIST 800-53 and NIST800-171 into actionable controls, with corresponding processes, policies, oversight.

- Ability to deep dive into the various Client control environments to develop technical understanding of control implementation, and articulate compliance implications to internal control owners and external audit functions.

- Build capabilities for automation of evidence and integration into GRC platforms.

- Work with external auditors on regulatory and compliance program audits and assessments.

- GRC and automation tooling API Integration: Collaborate with cross-functional teams to identify integration requirements and design solutions that connect our Technical Compliance platforms with third-party services, ensuring seamless data flow and functionality.

- Assist in the continuous effort of implementing and executing continuous monitoring activities to maintain a real time conformance view for Client SaaS environments.

- Assess: Seek out opportunities to improve verification of controls compliance, such as through automation of tests.

- Assess: Evaluate, document, and communicate business risk in the context of control designs and gaps.

- Assess: Evaluate and assess the effectiveness of management, operational, and technical security controls.

- Assess: Conducting walkthroughs and audits to assess the adequacy of controls for adherence to established policies, procedures, business practices, and compliance with the Client Unified Controls Framework.

- Assess: Obtaining and reviewing evidence, ensuring audit conclusions are well documented and based on a complete understanding of the processes and risks.

- Monitor compliance-led initiatives against KPIs, managing project risks, stakeholders, and excellent project delivery.

Requirements:

What we're looking for:

- Strong familiarity with risk management methodologies and common security controls frameworks, such as OX, ISO 27001, SOC I & II, NIST, CMMC, FedRamp, etc.

- Experience with security compliance monitoring tools/solutions offered natively in AWS, SIEM tools, GRC platforms, vulnerability scanning tools and log analysis, PAM (Privileged Access Management), and other infrastructure security tools.

- Ability to clearly communicate technical issues to non-technical audiences and others with varying backgrounds.

- Experience in performing and/or participating in technical assessments in direct support of other I.

Security and Management Standards (such as, NIST 800-53, FedRAMP/StateRAMP, SOC 2).

- Relevant professional certifications, such as CISA, CISM, CISSP, GCCC, ISO 27001 Auditor.

- Experience in cloud technologies, cloud deployment models (IaaS/PaaS/SaaS), and audit of cloud environments.

- Bachelor's degree in Engineering, Information Systems, Business or related disciplines; Masters preferred with 2+ years of experience at a Big 4 consulting firms or similar.

- 5+ years as a technical compliance specialist, preferably at a late-stage tech startup/newly-public company; along with 5+ years of experience as a technical manager preferred.

- Self-sufficient and self-motivated; capable of working with ambiguity in a dynamic environment.

- Outstanding written and verbal communication skills will need to document policies and procedures, and articulate them well across all levels at Client.

- Strong collaboration and negotiation skills and demonstrated ability to manage multiple projects and priorities.

- Creative, business first approach to GRC with CISA, CISM, CISSP and other certifications a plus.

- A detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for these types of assessments.

Must Haves:.

- 5+ experience.

- GRC.

- Scripting experience.

- Experience with Python.

- Control Automation.

- NIST Control Implementation.