Security Compliance and Audit Lead

Department: G&A Operations

Employment Type: Full Time

Location: India

Reporting To: Shibanarayan Behera

• Acting as a subject matter expert on compliance with frameworks like NIST CSF, ISO 27001, HIPAA, and privacy regulations (GDPR, CCPA, NY SHIELD).
• Performing gap analyses and implementing frameworks and standards for security and privacy.
• Leading and managing certification efforts for SOC2 Type 2, ISO 27001/27017, HIPAA, and others as needed.
• Tracking and monitoring Risk Treatment Plans to ensure timely resolution and compliance.
• Developing and refining Policies, Standards, and Guidelines to maintain robust enterprise security.
• Conducting Vendor Risk Assessments to evaluate the security posture of third parties.
• Monitoring the effectiveness of security controls, reporting key metrics, and ensuring operational compliance.
• Collaborating across teams (Product Management, Engineering, Cloud Operations) to drive awareness and compliance.
• Supporting team development through coaching and knowledge sharing.

• Experience: 6–10 years in information security, with at least 4 years in Audit and Compliance. Hands-on experience with ISO 27001 and SOC2 audits is essential; HIPAA audit experience is a plus.
• Expertise in regulatory standards: NIST CSF, SOC2, HIPAA/HITRUST, FedRAMP, PCI-DSS.
• Proven ability to translate compliance standards into implementable and repeatable controls.
• Strong project management skills with experience in cross-functional collaboration.
• Technical skills: Proficiency in Excel and PowerPoint for reporting; scripting knowledge is desirable.
• Education: Bachelor’s degree in Computer Science, Information Systems, or a related field.
• Certifications such as CISM, CISSP, CISA, or other compliance-related credentials are highly preferred.

• Exceptional attention to detail and ability to resolve discrepancies.
• Strong written and verbal communication skills to engage stakeholders at all levels.
• A self-motivated, enthusiastic mindset with the ability to multitask and prioritize effectively.

• Innovation: Push the boundaries of what’s possible in compliance and risk management.
• Impact: Your expertise will directly influence the security and trustworthiness of our organization.
• Growth: With continuous learning opportunities and challenging projects, your professional development is a priority.
• Recognition: We celebrate excellence and reward contributions that drive meaningful outcomes.