Security Compliance Specialist

We are seeking a skilled professional to take ownership of our security and compliance initiatives, contributing to the growth and success of our organisation.

The ideal candidate will own and execute end-to-end security audits and compliance initiatives across applications, infrastructure, and organisational processes. This role ensures that our systems, applications, and business operations are secure, compliant, and aligned with both internal policies and regulatory requirements.

The successful Security Lead will conduct technical assessments required by new clients, analyse and complete detailed cloud infrastructure security and compliance questionnaires, and assist in mapping customer security and regulatory requirements to internal controls. They will maintain documentation and templates for commonly requested assessment artefacts and manage and complete security questionnaires from clients, vendors, and partners.

This role requires collaboration with the IT security, legal, and procurement teams to address concerns identified in the security assessments, coordination with vendors to ensure their security practices meet company requirements, and policy development and maintenance of internal security policies and procedures related to vendor assessments and third-party risk management.

The Security Lead will identify security risks within the company's IT infrastructure, applications and services, assess potential risks posed by vendors or partners during onboarding, and ensure compliance with security standards such as ISO 27001, GDPR, SOC 2, or any other relevant frameworks.

Key Responsibilities:

• Conduct technical assessments required by new clients
• Analyse and complete detailed cloud infrastructure security and compliance questionnaires
• Assist in mapping customer security and regulatory requirements to internal controls
• Maintain documentation and templates for commonly requested assessment artefacts
• Manage and complete security questionnaires from clients, vendors, and partners
• Identify security risks within the company's IT infrastructure, applications and services
• Assess potential risks posed by vendors or partners during onboarding
• Ensure compliance with security standards such as ISO 27001, GDPR, SOC 2, or any other relevant frameworks
• Collaborate with the IT security, legal, and procurement teams to address concerns identified in the security assessments
• Coordinate with vendors to ensure their security practices meet company requirements
• Develop and maintain internal security policies and procedures related to vendor assessments and third-party risk management
• Prepare detailed reports summarising findings from security assessments and risk analysis
• Provide recommendations to improve security measures and compliance
• Educate internal staff and external partners about security best practices and compliance requirements
• Support pre-sales and onboarding teams with timely delivery of assessment documentation

Requirements:

• Bachelor's degree in computer science, Information Security, Data Science, or a related field
• 5+ years of experience working with Audit/compliance, application security assessments, AWS cloud security preferably BFSI domain
• 2+ yrs. of experience on AWS cloud security and risk assessments
• Strong exposure to AWS cloud infrastructure (Guard Duty, security hub, inspector, Firewall, IAM, EC2, VPC, S3, Security Groups, etc.)
• Familiarity with secure coding practices, vulnerability management, and threat modelling
• Experience with VRA templates, cloud security checklists, and assessment responses for enterprise or regulated clients
• Familiarity with information security standards such as ISO 27001, SOC 2, RBI cybersecurity framework
• Strong understanding of data protection, encryptions methodologies
• Strong written and verbal communication skills to liaise with technical and non-technical stakeholders
• Ability to interpret and explain security configurations and policies in layman's terms
• Experience with security controls, vulnerability scanning tools (e.g., Nessus, wire shark), or SIEM
• Exposure with security tools such as network firewall, IPS/IDS is plus

Personality Traits:

• Security-first mindset – Committed to protecting data and ensuring system integrity
• Builder's DNA – Goes beyond assessment to think proactively about potential risks
• Mentor & Leader – Invests in growing people as well as systems
• Sharp problem-solver – Brings clarity and structure to complex issues
• Bias for action – Values timely execution, grounded in solid design
• Owner mentality – Takes pride in delivering reliable, secure systems
• Quick learner – Keeps pace with evolving threats and security trends
• Highly disciplined – Detail-oriented with strong follow-through

About Us:

We are a leading organisation in the industry, committed to delivering innovative solutions and exceptional customer service. Our team is passionate about making a positive impact and is dedicated to excellence in everything we do.