Information Security Compliance Analyst - Bangalore, India - Sumeru Global Technologies

Description

• Compliance Analyst.

• Assist with the implementation and management of Clients common/unified controls framework.
• Work as a subject matter expert on the process to interpret compliance regulations such as ISO27001, SOC1, SOC2, NIST and NIST into actionable controls, with corresponding processes, policies, oversight.
• Ability to deep dive into the various Client control environments to develop technical understanding of control implementation, and articulate compliance implications to internal control owners and external audit functions.
• Build capabilities for automation of evidence and integration into GRC platforms.
• Work with external auditors on regulatory and compliance program audits and assessments.
• GRC and automation tooling API Integration: Collaborate with crossfunctional teams to identify integration requirements and design solutions that connect our Technical Compliance platforms with thirdparty services, ensuring seamless data flow and functionality.
• Assist in the continuous effort of implementing and executing continuous monitoring activities to maintain a real time conformance view for Client SaaS environments.
• Assess: Seek out opportunities to improve verification of controls compliance, such as through automation of tests.
• Assess: Evaluate, document, and communicate business risk in the context of control designs and gaps.
• Assess: Evaluate and assess the effectiveness of management, operational, and technical security controls.
• Assess: Conducting walkthroughs and audits to assess the adequacy of controls for adherence to established policies, procedures, business practices, and compliance with the Client Unified Controls Framework.
• Assess: Obtaining and reviewing evidence, ensuring audit conclusions are well documented and based on a complete understanding of the processes and risks.
• Monitor complianceled initiatives against KPIs, managing project risks, stakeholders, and excellent project delivery.

• Strong familiarity with risk management methodologies and common security controls frameworks, such as OX, ISO 27001, SOC I & II, NIST, CMMC, FedRamp, etc.
• Experience with security compliance monitoring tools/solutions offered natively in AWS, SIEM tools, GRC platforms, vulnerability scanning tools and log analysis, PAM (Privileged Access Management), and other infrastructure security tools.
• Ability to clearly communicate technical issues to nontechnical audiences and others with varying backgrounds.
• Experience in performing and/or participating in technical assessments in direct support of other I.
• Security and Management Standards (such as, NIST 80053, FedRAMP/StateRAMP, SOC 2).
• Relevant professional certifications, such as CISA, CISM, CISSP, GCCC, ISO 27001 Auditor.
• Experience in cloud technologies, cloud deployment models (IaaS/PaaS/SaaS), and audit of cloud environments.
• Bachelor's degree in Engineering, Information Systems, Business or related disciplines; Masters preferred with 2+ years of experience at a Big 4 consulting firms or similar.
• 5+ years as a technical compliance specialist, preferably at a latestage tech startup/newlypublic company; along with 5+ years of experience as a technical manager preferred.
• Selfsufficient and selfmotivated; capable of working with ambiguity in a dynamic environment.
• Outstanding written and verbal communication skills will need to document policies and procedures, and articulate them well across all levels at Client.
• Strong collaboration and negotiation skills and demonstrated ability to manage multiple projects and priorities.
• Creative, business first approach to GRC with CISA, CISM, CISSP and other certifications a plus.
• A detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for these types of assessments.

• 5+ experience.