Role Overview
As an Information Security and Compliance Analyst, you will play a key role in maintaining and improving the organization's security posture. Your responsibilities will center on managing compliance with SOX and ISO 27001 standards, overseeing vulnerability remediation, and ensuring that security policies are effectively implemented across systems and teams.
Key Responsibilities
- Lead coordination of SOX and ISO 27001 compliance activities, including control assessments, evidence gathering, and internal readiness checks
- Evaluate security configurations and support cloud infrastructure administration across AWS and Azure platforms
- Assess client contracts to determine alignment with data protection policies and regulatory requirements
- Act as the primary liaison during audits, providing documentation and updates to external auditors and internal stakeholders
- Maintain a centralized, well-organized system for compliance records, policies, and procedural documentation
- Analyze findings from vulnerability scans, classify risks by severity and business impact, and guide prioritization
- Partner with IT and application teams to track and resolve security findings within defined timelines
- Support the development and refinement of security policies, procedures, and user guidance based on industry standards
- Produce clear reports and dashboards for leadership and compliance reviewers
- Monitor control exceptions, identify gaps, and assist in implementing risk reduction strategies
- Contribute to security education by creating accessible training materials and documentation
Qualifications
Required
- Minimum of three years in information security, compliance, or a related technical field
- Proven involvement in SOX, ISO 27001, or equivalent compliance programs
- Experience with tools used for vulnerability detection and management
- Strong writing skills for audit responses, process documentation, and internal communications
- High level of precision and organizational ability when handling time-sensitive tasks
- Ability to work independently in a remote, distributed setup
Preferred
- Industry certifications such as CISA, CISSP, Security+, or ISO 27001 Lead Implementer
- Exposure to regulatory frameworks including NIST, GDPR, or SOC 2
- Background in multinational or highly regulated sectors
- Familiarity with project and knowledge management platforms like JIRA, Confluence, or SharePoint
Technology Environment
Work will involve interaction with AWS, Azure, JIRA, Confluence, and SharePoint.
Work Environment
This role supports a global team with colleagues primarily based in the US. Expect flexibility in scheduling to align with cross-time-zone collaboration, including occasional availability outside standard hours for urgent incidents or critical remediation efforts. The position offers a flexible work model with remote capabilities.
Benefits
- 30 days of paid leave annually
- Public holidays observed
- Flexible work hours
- Comprehensive medical, life, and accident insurance for employees and families
- Support for ongoing professional development, including training and certification
- Regular social and cultural events such as Diwali celebrations, team outings, and internal gatherings
Company Culture
The organization values empathy, integrity, innovation, and inclusivity. Decision-making is guided by data, with a focus on human-centered solutions and collaborative problem-solving. Diversity and respect are foundational, and customer needs remain central to all initiatives.
Equal Opportunity Statement
All qualified applicants will be considered without regard to race, color, religion, sex, age, national origin, citizenship status, marital status, military or veteran status, genetic information, sexual orientation, gender identity, disability, or any other protected characteristic under applicable law. The company is committed to fostering a respectful, diverse, and innovative workplace for all employees.
