Location: Gurgaon (Work from Office)
Experience: 46 years
Reporting to: Founder / Engineering Leadership
About Infra360.io
Infra360.io is a cloud, DevOps, and infrastructure services company helping fast-growing startups and enterprises build secure, scalable, and compliant cloud platforms across AWS, Azure, and GCP.
As our clients mature, security and compliance are becoming critical enablers for growth, enterprise sales, and trust.
We are looking for an
Information Security & Compliance Engineer (GRC) who can
own day-to-day compliance execution and work closely with engineering and client teams.
Role Overview
This is a
hands-on execution role, not a purely advisory or audit-only position.
You will be responsible for implementing, maintaining, and supporting multiple security compliance programs while collaborating with DevOps, SRE, and client stakeholders.
Key Responsibilities
Compliance & Governance
Own And Support Compliance Programs, Including
- ISO 27001 (ISMS)
- SOC 2 (Type I & II)
- HIPAA readiness
- PCI DSS (scope & coordination)
- GDPR (policies, DPIA, vendor risk)
- NIST CSF mappings
Coordinate internal and external audits end-to-end
Manage audit evidence collection and documentation
Maintain risk registers and track remediation actions
Security Policies & Documentation
Draft, Update, And Maintain
- Information Security policies
- Access control & IAM policies
- Incident response & BCP/DR documentation
Ensure policies are practical and aligned with engineering workflows
Cloud & DevOps Collaboration
Work Closely With DevOps/SRE Teams To
- Implement security controls in cloud environments (AWS/Azure/GCP)
- Review IAM, network security, logging, and monitoring controls
- Support DevSecOps initiatives (CI/CD security, secrets management)
Client & Stakeholder Interaction
Respond to client security questionnaires (SIG, CAIQ, custom formats)
Support sales and pre-sales teams on security and compliance discussions
Coordinate with clients and vendors on security assessments
Required Skills & Experience
Must-Have
46 years of experience in
Information Security, GRC, or Compliance
Hands-on experience with
ISO 27001 implementation
Hands-on experience with
SOC 2 Type I (Type II is a strong plus)
Experience working with external auditors
Strong documentation and communication skills
Basic to intermediate understanding of cloud security concepts
Good-to-Have
Exposure to HIPAA, PCI DSS, or GDPR
Experience with AWS, Azure, or GCP environments
Familiarity with NIST frameworks
Experience in startups, SaaS, fintech, or cloud services companies
Certifications (Nice to Have)
ISO 27001 Lead Implementer or Lead Auditor
CISA / CISSP / CCSP (any one is a plus)
PCI DSS Implementer (rare, strong advantage)
Who Will Be a Good Fit
Hands-on and execution-focused
Comfortable working in a fast-moving environment
Able to collaborate with engineering teams
Willing to learn and grow into a lead role over time
Not afraid of audits, documentation, or client-facing discussions
Growth Opportunity
Opportunity to grow into
Security & Compliance Manager
Play a key role in shaping infra360.io's security practice
High exposure to enterprise clients and cloud-native environments
