Security Analyst – GRC

Relevant Experience: Freshers

Job Description

Information Security and Compliance Analyst will be a member of the information security team and assist with a wide range of information security tasks, including, but not limited to, ISMS policy, SOC2 compliance procedure creation and improvement, and technical controls auditing and review. As part of this position, the successful candidate will work closely with teams across the organization, from HR, accounting, administration, IT, and engineering to ensure our standards are both sufficient to maintain our security posture and adhered to by all parts of the organization.

Responsibilities

• Assist in supporting compliance reviews, certifications, and accreditations (e.g., ISO27001, SOC2, GDPR, etc.) under guidance and supervision.
• Enhance risk and compliance strategy in alignment with internal controls, audit, and business requirements and objectives.
• Review, assess, and document current internal controls.
• Translate regulatory requirements into a unified collection of processes and provide the respective stakeholders with compliance requirements and methodologies.
• Facilitate Client assessments.
• Collaborate with engineering, product, and cloud teams to ensure security compliance and continually improve processes.
• Facilitate internal & external audits and conduct reviews to verify compliance.
• Manage all internal and external audit findings and ensure their remediation on an agreed schedule with the respective stakeholders.
• Managing security incidents and taking appropriate corrective actions.
• Define risk and compliance metrics and provide monthly reporting to management, including gaps in policy and proposed resolutions.
• Maintain a risk register and manage risk mitigation plans.
• Frequently update domain knowledge by tracking incoming regulations, maintaining knowledge of relevant frameworks and standards, participating in educational opportunities, reading professional publications, maintaining personal networks, participating in professional organizations, and obtaining relevant certifications.
• Conduct training on information security awareness for new joiners.

Experience & Qualifications

• Must be a Graduate. Preferably in Computer Science / Computer Applications / Business Administration.
• Possesses excellent listening skills and is proficient in oral and written communications.
• Have a proven ability to work effectively in a loosely structured team environment that demands a high degree of cooperation, flexibility, teaming, cross-group, and real-time responsiveness.
• 0-1 years of experience in information security compliance, audit, and/or risk management in a technology environment.
• Experience facilitating external assessments, such as security audits or regulatory inquiries.
• Understanding of the VAPT process and capable of driving vulnerability management.
• Excellent written and verbal communication skills, with a willingness to learn and contribute to drafting policies and supporting awareness or training initiatives.
• Eagerness to understand complex and evolving requirements, with the ability to support in translating them into clear, actionable steps while working with cross-functional teams.
• Willingness to learn how to identify potential security and privacy risks, and support in suggesting practical solutions that align with the business needs.
• People-oriented with the ability to build relationships, persuade stakeholders, and manage conflict across a variety of functions and skill levels.
• Basic understanding of regulatory requirements relevant to tech companies (like GDPR, EU AI Act), and security frameworks such as OWASP SAMM is a plus.
• Knowledge of current and impending regulatory requirements applicable to technology organizations, such as GDPR and the EU Artificial Intelligence Act desirable.
• Willingness to learn and develop familiarity with application security control models, such as OWASP SAMM, is desirable.
• Identify control gaps and support remediation of findings.
• Ability to contribute to internal ISO 27001 assessments.
• Contribute to and achieve business and departmental goals and objectives.