IT Compliance and Security Analyst

About the Role

SDG Corporation is seeking a dedicated IT Compliance and Security Analyst for our Noida office. This pivotal role involves ensuring our IT infrastructure, policies, and processes align with critical regulatory and industry security standards. You will be instrumental in conducting comprehensive risk assessments, managing audits, rigorously enforcing security policies, and proactively mitigating potential vulnerabilities to safeguard our organizational assets.

Key Responsibilities

IT Compliance & Risk Management

• Champion adherence to IT security compliance frameworks including SOC 2, ISO 27001, NIST, HIPAA, and GDPR.
• Perform detailed risk assessments and gap analyses to identify compliance risks and develop effective mitigation strategies.
• Contribute to the development, implementation, and ongoing maintenance of robust IT security policies and procedures.
• Stay abreast of the latest compliance regulations and evolving security best practices.
• Manage and ensure compliance with key frameworks such as SOC 2, ISO 27001, NIST, and GDPR (as applicable).
• Coordinate and support internal and external audits.
• Track and remediate audit findings and identified compliance gaps.
• Maintain comprehensive evidence repositories for audit purposes.
• Review user access provisioning and de-provisioning processes to ensure adherence to the principle of least privilege and segregation of duties.
• Conduct periodic access recertification reviews.

Security Monitoring & Incident Response

• Review security alerts and investigate potential threats or security incidents.
• Support incident response activities, including forensic analysis, reporting, and the development of mitigation plans.
• Collaborate with IT teams to ensure the effective implementation and maintenance of security controls.
• Work closely with Security Operations Center (SOC) and IT teams to ensure security controls are implemented as required.
• Leverage knowledge of security tools such as EDR, SIEM, DLP, and MFA from a compliance perspective.
• Ensure endpoint, server, and network hardening standards are consistently followed.
• Support vulnerability management and patch compliance tracking efforts.

Audit & Documentation

• Lead internal and external security audits from an IT perspective, including evidence collection, audit coordination, and tracking to closure.
• Maintain accurate records and documentation related to security controls, compliance reports, and risk assessments.
• Liaise effectively with stakeholders, ensuring diligent follow-up until issues are fully resolved or mitigated.
• Employ a 360-degree approach to identify and prioritize required evidence, aiming for First Time Right (FTR) submission.
• Ensure all compliance tasks are completed punctually and tracked meticulously, preventing delays or breaches that could lead to non-compliance.
• Track audit findings and ensure timely remediation of identified gaps.
• Conduct rigorous follow-ups on all ongoing tasks, aiming for 100% on-time delivery and providing timely updates to stakeholders.

Vendor & Third-Party Compliance

• Ensure vendor contracts align with IT security policies and regulatory requirements.

A strong technical understanding of IT infrastructure-related compliances is essential to ensure adherence to compliance standards and all processes.

Qualifications & Skills

• Minimum of 5 years of experience in IT compliance, risk management, or audit functions.
• Demonstrated ability to articulate past role experiences to showcase capabilities relevant to this position.
• Proficiency with security frameworks such as ISO 27001, SOC 2, NIST, GDPR, HIPAA, or PCI-DSS.
• Proven experience with IT governance, risk assessment, and regulatory compliance.
• Excellent analytical, problem-solving, and communication skills.
• Relevant certifications such as CISA, CEH, or Security+ are advantageous.

Preferred Skills

• Familiarity with security tools including SIEM, vulnerability scanners, patch management, and endpoint protection.
• Experience in cloud security compliance (AWS, Azure, GCP).
• Understanding of Data Loss Prevention (DLP) and Identity & Access Management (IAM).
• Ability to collaborate effectively with IT, Legal, and business teams.

Key Skills Summary

• Strong analytical and documentation skills
• Excellent stakeholder communication
• Internal and external audit coordination experience
• Risk-based thinking
• Process improvement mindset
• Ability to work independently