Senior Compliance Analyst

Signzy is a digital trust system. We provide identification, background checks, forgery detection and contract management systems which enable contracting in a trustable, safe, legal, and convenient manner. Our biometric user authentication system and blockchain-based digital trail ensure non-repudiation. This increases compliance and enforceability in the court of law. We consist of a tech-savvy team and are backed by investors who are enthusiastic about creating solutions with technology. Working at Signzy ● At Signzy we breathe software and exploit the latest technologies to create the most amazing products. We comprise a tech-savvy team and are backed by investors who are enthusiastic about creating solutions using technology. ● Signzy is looking for an Compliance Analyst. If you think you have what it takes to get the job done, this is an invitation to be a part of the future JD for role of Compliance Analyst - II Responsibilities - Development, implementation, and management of security policies, standards, guidelines, and procedures to ensure the ongoing improvement and maintenance of security posture in line with ISO 27001, SOC2 Type 2, PCI DSS etc., - Understand technical implementation details necessary to assess general and situational Information Security risk. - Coordinate with multiple teams across the organization for the Audits - Lead the Third Party Risk Management audits conducted by Banks and other Authorities - Closely interact and work with Clients[Banks, Fintechs etc] in ensuring smooth audit process and TPRM - Coordinate internal and external audits, ensuring timely collection of artifacts and responses. - Manage the end-to-end vendor/partner onboarding risk process - due diligence, risk assessment, contract compliance, and continuous monitoring. - Maintain and improve the enterprise GRC framework aligned to ISO 27001/27701, SOC 2, PCI-DSS - Support risk assessments (operational, cyber, privacy) and maintain risk registers. - Design, implement, maintain, and improve programs to address key company risks and prepare internal teams for independent assessments against a wide variety of regulatory and compliance frameworks. - Demonstrated experience with common compliance frameworks (SOX, GDPR, CCPA, PCI, ISO27000, NIST Cybersecurity Framework, NIST SP800-53) - Understanding of security best practices (Password security, device security etc) in the context of Security Training and Awareness - Conduct internal control testing and compliance reviews across infrastructure, applications, and processes. - Establishing appropriate levels of security controls, systems monitoring, and security audits. - Assisting in the security engineering team with prioritizing patches and security fixes. - Improve controls for internal systems, processes, and policies. - Support the execution of multiple audit programs internally and externally. - Provide clear expectations and direction to security and engineering teams on audit requirements. Requirements Must Have - 3+ years of proven experience in information security, audit, compliance, risk assessment, and management. - Hands-on experience in managing and driving security compliance mainly ISO 27001, PCI DSS, Data Localization and Bank Audits - Ability to prioritise, manage, and deliver on multiple projects simultaneously and partner with management in support of key initiatives and projects. - Knowledge of pragmatic security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc. - Experience developing and producing security metrics and reports that are meaningful and actionable across various audiences. - In-depth understanding of the regulatory requirements and trends in the FinTech domain. - Ability to communicate to management, technical, and non-technical persons about the risk associated with the business. - Defining and maintaining the policies as per ISMS framework - Monitor third-party risk assessments and assist in performing internal risk assessments. Good to Have - Certifications such as ISO27001 Lead Auditor/Implementer - CISA/CISM certification would be a plus - Ability to use basic automation/scripting (Python, SQL) for evidence collection. - Experience with SIEM/SOC outputs to validate alerts as audit evidence. - Knowledge of data governance/DLP tools. - Awareness of AI/ML governance and evolving regulatory frameworks. - Skills in continuous compliance (CI/CD, IaC scanning). - Well-versed with data security and data privacy. - Strong team player, but can work and execute independently - Brilliant written, verbal communication, and interpersonal skills