We are a regulated fintech (ISO 27001:2022, PCI-DSS v4.0.1) operating in a multi-framework, high-audit environment;hiring an execution-focused InfoSec & Compliance Analyst to support CISO Office across audits, compliance tracking,evidence and control management—requiring strong structure, coordination, and multi-audit handling—offering high accountability and deep exposure to India's fintech regulatory landscape.
Key Responsibilities:
Audit Coordination & Execution
- End-to-end audit coordination (internal/external across all frameworks)
- Drive evidence collection with cross-functional teams; ensure timely submissions
- Maintain master audit calendar (timelines, dependencies, parallel audits)
- Track findings, ensure closure, escalate blockers
- Manage audit logistics, kick-offs, and status reporting
Compliance Monitoring & Control Tracking
- Maintain live compliance trackers; monitor control effectiveness
- Conduct internal reviews/gap assessments for audit readiness
- Track remediation and report status to CISO
- Support audit readiness and evidence planning
Evidence & Artefact Management
- Own structured, audit-ready evidence repository
- Standardize templates for recurring audits
- Ensure artefact completeness, accuracy, version control
- Periodically review repository for freshness
Policy & Documentation Managemen
- Maintain/update policies, SOPs, standards
- Ensure alignment with actual practices and audit requirements
- Manage versioning, approvals, and distribution
Third-Party & Partner Audit Suppor
- Coordinate TPSA/TPRS and partner audits
- Manage security questionnaires and due diligence
- Act as SPOC for auditors and internal teams
Risk & Finding Management
- Maintain central risk & findings register (audits, VAPT, reviews)
- Track remediation, flag high-risk/aged items, escalate
- Support risk assessment and prioritization
VAPT & Technical Audit Support
- Coordinate VAPT for cloud, APIs, mobile apps
- Track findings, drive closure, validate remediation
- Maintain VAPT history and reporting
Qualifications
- Bachelor's in Computer Science / IT / Information Security or related field
- 2–5 years experience in InfoSec, IT audit, GRC, or compliance, preferably in regulated fintech/financial services
- Hands-on exposure to at least 2–3 frameworks: ISO 27001, PCI-DSS, RBI IS, SEBI, IRDAI
- Experience in external audit coordination and evidence management
- Proficiency with Excel/Sheets, Confluence, Jira, or GRC/project tools
Preferred
- Working knowledge of AWS security (IAM, VPC, logging, security groups)
- Understanding of application security, VAPT lifecycle, vulnerability management
- Exposure to third-party/vendor risk assessments
- Certifications (ISO 27001 LA/LI, CISA or equivalent) are a plus
- Experience in multi-regulatory compliance environments strongly preferred
Key Skills & Competencies
- Audit & Compliance Acumen: Ability to interpret regulations, map to controls, and collect relevant evidence
- Structured Tracking: Able to manage & prioritise concurrent audit activities without dropping threads
- Attention to Detail: Precise in documentation, evidence labelling, & artefact quality
- Stakeholder Communication: Confidently engages with internal teams and external auditors
- Process Discipline: Adheres to structured timelines, escalation paths, and documentation standards
- Problem Solving: Identifies gaps, anticipates audit risks, and drives practical remediation
Role Positioning & Expectations
What this role is
- Execution-heavy, high operational ownership across audits
- High visibility with direct CISO exposure
- Strong learning curve across India's fintech regulatory landscape
- Accountable for timelines, quality, and compliance outcomes
