Sumeru Global Technologies
Location
Bangalore | India
Job description
Job Brief : - Compliance Analyst. Responsibilities : What you'll do : - Assist with the implementation and management of Clients common/unified controls framework. - Work as a subject matter expert on the process to interpret compliance regulations such as ISO27001, SOC1, SOC2, NIST 800-53 and NIST800-171 into actionable controls, with corresponding processes, policies, oversight.- Ability to deep dive into the various Client control environments to develop technical understanding of control implementation, and articulate compliance implications to internal control owners and external audit functions.- Build capabilities for automation of evidence and integration into GRC platforms. - Work with external auditors on regulatory and compliance program audits and assessments.- GRC and automation tooling API Integration: Collaborate with cross-functional teams to identify integration requirements and design solutions that connect our Technical Compliance platforms with third-party services, ensuring seamless data flow and functionality.- Assist in the continuous effort of implementing and executing continuous monitoring activities to maintain a real time conformance view for Client SaaS environments.- Assess: Seek out opportunities to improve verification of controls compliance, such as through automation of tests.- Assess: Evaluate, document, and communicate business risk in the context of control designs and gaps.- Assess: Evaluate and assess the effectiveness of management, operational, and technical security controls.- Assess: Conducting walkthroughs and audits to assess the adequacy of controls for adherence to established policies, procedures, business practices, and compliance with the Client Unified Controls Framework.- Assess: Obtaining and reviewing evidence, ensuring audit conclusions are well documented and based on a complete understanding of the processes and risks.- Monitor compliance-led initiatives against KPIs, managing project risks, stakeholders, and excellent project delivery.Requirements : What we're looking for : - Strong familiarity with risk management methodologies and common security controls frameworks, such as OX, ISO 27001, SOC I & II, NIST, CMMC, FedRamp, etc.- Experience with security compliance monitoring tools/solutions offered natively in AWS, SIEM tools, GRC platforms, vulnerability scanning tools and log analysis, PAM (Privileged Access Management), and other infrastructure security tools.- Ability to clearly communicate technical issues to non-technical audiences and others with varying backgrounds.- Experience in performing and/or participating in technical assessments in direct support of other I.- Security and Management Standards (such as, NIST 800-53, FedRAMP/StateRAMP, SOC 2). - Relevant professional certifications, such as CISA, CISM, CISSP, GCCC, ISO 27001 Auditor.- Experience in cloud technologies, cloud deployment models (IaaS/PaaS/SaaS), and audit of cloud environments. - Bachelor's degree in Engineering, Information Systems, Business or related disciplines; Masters preferred with 2+ years of experience at a Big 4 consulting firms or similar. - 5+ years as a technical compliance specialist, preferably at a late-stage tech startup/newly-public company; along with 5+ years of experience as a technical manager preferred. - Self-sufficient and self-motivated; capable of working with ambiguity in a dynamic environment. - Outstanding written and verbal communication skills will need to document policies and procedures, and articulate them well across all levels at Client. - Strong collaboration and negotiation skills and demonstrated ability to manage multiple projects and priorities. - Creative, business first approach to GRC with CISA, CISM, CISSP and other certifications a plus. - A detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for these types of assessments.Must Haves : - 5+ experience. (ref:hirist.tech)
Job tags
Salary
