Senior Staff Security Governance & Compliance Analyst - Bengaluru

About the Role

We are seeking a proactive and automation-focused Compliance Engineer to join our Governance, Risk & Compliance (GRC) team in Bengaluru. This role is pivotal in managing the technical aspects of our compliance program. You will be responsible for designing and implementing systems that ensure continuous verification of our security controls, automate evidence collection, and maintain audit readiness.

This position sits at the intersection of security engineering and regulatory compliance. You will leverage advanced AI and agentic tools to transform manual, point-in-time audit processes into real-time, scalable assurance mechanisms. If you are passionate about evolving compliance from a reactive task into a proactive, engineering-driven discipline, this opportunity is ideal for you.

Key Responsibilities

Compliance Automation & Continuous Assurance

• Design, build, and maintain automated pipelines for control testing across frameworks such as SOC 2 Type II and ISO 27001.
• Develop scripts and integrations to continuously collect, validate, and store compliance evidence from cloud infrastructure, SaaS tools, CI/CD pipelines, and endpoint systems.
• Implement AI and agentic tools, including LLM-based classification and autonomous agents, to interpret data, identify control deviations, and assist in drafting audit narratives, thereby minimizing manual effort.
• Establish and manage a compliance-as-code library to ensure controls are versioned, testable, and auditable.

Frameworks & Audit Readiness

• Serve as an internal subject matter expert for SOC 2 (Trust Services Criteria) and ISO 27001 / 27701 control mapping.
• Maintain an up-to-date control inventory and evidence repository, ensuring readiness for external auditor reviews throughout the year.
• Coordinate with external auditors during annual assessments, managing the preparation of evidence packs and auditor Q&A sessions.
• Identify control gaps through automated gap assessments and collaborate with engineering and product teams for remediation.

GRC Programme Development

• Contribute to the design and enhancement of the company's internal assurance program, including risk assessment methodologies and control effectiveness metrics.
• Develop dashboards and executive-level reports to provide real-time insights into compliance posture across all frameworks.
• Provide guidance on vendor and third-party risk assessments, including the automation of security questionnaires.
• Stay informed about emerging regulations and integrate new requirements into the automation infrastructure.

Required Qualifications

Experience

• A minimum of 5 years in information security, with at least 3 years dedicated to GRC, compliance engineering, or security assurance.
• Proven experience in designing or operating a SOC 2 or ISO 27001 compliance program, including evidence collection and audit support.
• Hands-on experience scripting with Python, NodeJS, or similar languages to interact with cloud APIs (AWS, GCP, Azure), SaaS platforms, or SIEM/log aggregation tools.
• Experience integrating AI or ML tooling into operational workflows, including working with LLM APIs, prompt engineering, or building agentic pipelines.

Certifications (at least one required)

• CISSP — Certified Information Systems Security Professional
• CISA — Certified Information Systems Auditor
• CISM — Certified Information Security Manager
• ISO 27001 Lead Auditor or Lead Implementer
• CompTIA Security+ or equivalent (acceptable as a secondary certification)

Technical Skills

• Proficiency in Python for automation; familiarity with REST APIs, webhooks, and data pipelines.
• Working knowledge of cloud-native security services such as AWS Config, AWS Security Hub, Azure Policy, and GCP Security Command Center, and their mapping to compliance controls.
• Experience with GRC platforms like Vanta, Drata, Tugboat Logic, or OneTrust, and preferably extending them via API or custom integrations.
• Understanding of IAM, encryption, logging, vulnerability management, and change management controls in a cloud-centric environment.

Preferred Qualifications

• Experience building agentic workflows where AI systems autonomously gather evidence, test controls, and identify exceptions with minimal human oversight.
• A background in a high-growth SaaS, fintech, or B2B technology company where compliance served as a commercial advantage.
• Experience with Infrastructure-as-Code tools like Terraform and understanding of how policy guardrails integrate with deployment pipelines.