Security and Compliance Analyst

Position: Security and Compliance AnalystExperience Range: 3 to 5 yrsJob Location: BangaloreWork Mode: Hybrid (3 days in the office, 2 days remote)Job SummaryAnumana is seeking a detail-oriented and proactive Security and Compliance Analyst to ensure our organization’s adherence to international security standards and regulatory requirements. The successful candidate will play a key role in the development, implementation, and continuous improvement of Anumana's Information Security Management System (ISMS) in compliance with ISO/IEC 27001, ISO/IEC 27002, and ISO 13485 standards.This role involves close collaboration with multiple departments—HR, Legal, IT, Engineering, and Quality/Regulatory teams—to maintain a robust security and compliance posture. The Security and Compliance Analyst will also be responsible for managing third-party risk assessments, ensuring compliance with global privacy regulations (such as GDPR), and supporting the overall Information Security Program.Key ResponsibilitiesCompliance Management- Maintain and continuously improve the Information Security Management System (ISMS) to comply with ISO/IEC 27001, ISO/IEC 27002, and ISO 13485 standards. - Coordinate with the Quality and Regulatory team to align security controls with ISO 13485 requirements for medical device software. - Develop and update policies, procedures, and documentation necessary for maintaining certification status. - Conduct internal audits and prepare for external audits, ensuring that all necessary evidence is documented and accessible.Cross-Department Collaboration- Work closely with HR, Legal, IT, Engineering, and other departments to ensure that information security requirements are consistently integrated across the organization. - Provide guidance on security and compliance matters, including secure practices, policy enforcement, and risk mitigation. - Assist in the development of training materials and conduct regular security awareness sessions for staff.Third-Party Risk Management- Respond to third-party risk management questionnaires, ensuring that external parties meet Anumana’s security standards. - Perform risk assessments on vendors, suppliers, and partners, evaluating their adherence to security requirements. - Maintain and update a database of third-party risk assessments and ensure regular monitoring of vendor compliance.Privacy and Confidentiality Management- Monitor and enforce privacy compliance across the organization, focusing on GDPR, CCPA, and other relevant global data protection regulations. - Track data protection incidents and coordinate response and remediation activities. - Work with Legal and HR teams to ensure confidentiality agreements are properly managed and enforced.Security Program Oversight- Support the overall information security program by conducting risk assessments, tracking key performance indicators (KPIs), and managing security metrics. - Develop and maintain security policies, standards, and guidelines based on best practices and relevant frameworks. - Monitor and assess compliance with organizational policies, industry standards, and applicable regulations. - Identify areas of improvement in security controls and recommend mitigation strategies.Audit Preparation & Evidence Management- Gather, organize, and maintain documentation of control evidence required for internal and external audits. - Track audit findings, follow up on remediation actions, and ensure they are completed on time. - Prepare reports summarizing compliance activities, audit results, and risk assessments for management review.Qualifications Required:- Bachelor's degree in Information Security, Computer Science, Risk Management, or a related field (or equivalent experience). - 3+ years of experience in information security, compliance, risk management, or related fields. - Strong understanding of ISO/IEC 27001, ISO/IEC 27002, and ISO 13485 standards. - Experience with information security frameworks (e.g., NIST, HITRUST) and best practices. - Knowledge of data protection regulations, including GDPR, CCPA, and other privacy laws. - Ability to respond to third-party risk assessments and manage vendor compliance. - Familiarity with GRC (Governance, Risk, and Compliance) tools and methodologies.Preferred:- Professional certifications such as CISSP, CISM, CRISC, CCSK, or ISO/IEC 27001 Lead Auditor/Implementer. - Experience working in the medical device or healthcare sector, with familiarity in Software as a Medical Device (SaaMD). - Knowledge of security assessment tools and vulnerability management practices. - Understanding of secure software development and DevSecOps practices.Skills:- Strong analytical and problem-solving skills with attention to detail. - Excellent communication skills, with the ability to present complex information clearly to technical and non-technical stakeholders. - Highly organized, with strong project management skills and the ability to prioritize tasks effectively. - Demonstrated ability to work collaboratively with cross-functional teams.