Cyber Security Analyst

Senior Analyst, Cybersecurity Audit and Compliance (Contract to Hire)

Location: Balewadi Pune, India (Hybrid)

6 Months Contract to Hire Direct with client

What You'll Own

As a Senior Analyst, you will be a key driver in maturing and maintaining client's complex global compliance and risk posture. This role is for an owner who is expected to define the compliance strategy, value the output of their work, and drive outcomesnot just check boxes. You will operate within a lean, fast-paced startup, which means you must be comfortable with constant questioning, challenging the status quo, and innovating cost-effective compliance solutions.

Own, design, and manage a broad and complex compliance portfolio, including SOC 2 Type II, GDPR, and ISO certifications (Security, Privacy, and AI).

Proactively establish and embed compliance for new and advanced regulatory frameworks crucial to our global growth, specifically the EU AI Act and general AI compliance, IBM FS certification, EU-US Data Privacy Framework (DPF), and PCI DSS.

In addition to traditional risk assessment, strategically define, implement, and validate the most cost-effective controls for current processes and systems, ensuring the business can scale securely and efficiently.

Lead all internal audit activities, performing advanced controls testing to evaluate the design and operational effectiveness of global IT and security controls. You are the key decision-maker in identifying and implementing remediation plans.

Oversee and manage the end-to-end process for external audits and security assessments. This includes overseeing vulnerability assessments and penetration tests (pen tests), leading cross functional security review meetings, acting as the primary contact, and driving the entire remediation lifecycle for all audit and testing findings.

Act as a compliance consultant to our engineering, product, and legal teams, influencing necessary process and system modifications to meet evolving global regulatory needs in the most commercially viable way.

Serve as the subject matter expert when assisting with customer security questionnaires and high-stakes vendor/partner security and privacy assessments, using your expertise to unblock sales and partnership opportunities.

What You'll Bring

We are looking for a candidate who is deeply self-motivated, provides tangible value, and thrives in a high-ownership environment where agility and questioning are encouraged.

4+ years of relevant, hands-on experience in ITGC audits, SOC compliance, IT Audit, IT Risk assessment, security assessment, privacy assessment, and diverse regulatory/compliance audits.

Proven, practical experience in implementing and maintaining compliance for PCI DSS, AI compliance/EU AI Act, and EU-US DPF. Experience with the requirements for IBM FS certification is a plus. Extensive experience with Information Security and Risk Management standards, practices, methods, frameworks including NIST, PCI, ISO 27001, ISO 27005, ISO 277701, ISO 42001, etc.

A proven commitment to owning the outcome and delivering value. Must demonstrate a comfort level with ambiguity, an ability to rapidly adapt to change, and a proactive approach to finding cost-effective solutions for a small, scaling team. Comfortable working with global stakeholders across North America and Europe, including participating in audits and security reviews across time zones.

Strong working knowledge of IT Security, including Cloud Computing (e.g., AWS, Google Suite, Windows), database management systems, SDLC, IT General Controls, and cyber security, with a track record of implementing controls within agile development methodologies. Sound understanding of audit process/methodology and risk management/advisory ability. Experienced in using a risk-based audit approach in evaluation of recommendations for management processes.

Exceptional technical writing, presentation, and interpersonal skills. The ability to articulate complex compliance risks and solutions clearly to technical, business, and executive audiences. Excellent communication, interpersonal, time management and issue resolution skills. General understanding of security risks and trends, security compliance assessments, and audits. Strong experience in developing information security documentation standards, procedures and guidelines.

Bachelor's or Master's degree in Computer Science or equivalent experience preferred. CISA, CISSP, or relevant ISO Lead Implementer/Auditor certifications are strongly preferred.