Security and Compliance Analyst

Position: Security and Compliance AnalystExperience Range: 2 to 4 yrsJob Location: BangaloreWork Mode: Hybrid (3 days in the office, 2 days remote)Job SummaryAnumana is seeking a detail-oriented and proactive Security and Compliance Analyst to ensure our organization’s adherence to international security standards and regulatory requirements. The successful candidate will play a key role in the development, implementation, and continuous improvement of Anumana's Information Security Management System (ISMS) in compliance with ISO/IEC 27001, ISO/IEC 27002, and ISO 13485 standards.This role involves close collaboration with multiple departments—HR, Legal, IT, Engineering, and Quality/Regulatory teams—to maintain a robust security and compliance posture. The Security and Compliance Analyst will also be responsible for managing third-party risk assessments, ensuring compliance with global privacy regulations (such as GDPR), and supporting the overall Information Security Program.Key ResponsibilitiesCompliance Management- Maintain and continuously improve the Information Security Management System (ISMS) to comply with ISO/IEC 27001, ISO/IEC 27002, and ISO 13485 standards.- Coordinate with the Quality and Regulatory team to align security controls with ISO 13485 requirements for medical device software.- Develop and update policies, procedures, and documentation necessary for maintaining certification status.- Conduct internal audits and prepare for external audits, ensuring that all necessary evidence is documented and accessible.Cross-Department Collaboration- Work closely with HR, Legal, IT, Engineering, and other departments to ensure that information security requirements are consistently integrated across the organization.- Provide guidance on security and compliance matters, including secure practices, policy enforcement, and risk mitigation.- Assist in the development of training materials and conduct regular security awareness sessions for staff.Third-Party Risk Management- Respond to third-party risk management questionnaires, ensuring that external parties meet Anumana’s security standards.- Perform risk assessments on vendors, suppliers, and partners, evaluating their adherence to security requirements.- Maintain and update a database of third-party risk assessments and ensure regular monitoring of vendor compliance.Privacy and Confidentiality Management- Monitor and enforce privacy compliance across the organization, focusing on GDPR, CCPA, and other relevant global data protection regulations.- Track data protection incidents and coordinate response and remediation activities.- Work with Legal and HR teams to ensure confidentiality agreements are properly managed and enforced.Security Program Oversight- Support the overall information security program by conducting risk assessments, tracking key performance indicators (KPIs), and managing security metrics.- Develop and maintain security policies, standards, and guidelines based on best practices and relevant frameworks.- Monitor and assess compliance with organizational policies, industry standards, and applicable regulations.- Identify areas of improvement in security controls and recommend mitigation strategies.Audit Preparation & Evidence Management- Gather, organize, and maintain documentation of control evidence required for internal and external audits.- Track audit findings, follow up on remediation actions, and ensure they are completed on time.- Prepare reports summarizing compliance activities, audit results, and risk assessments for management review.Qualifications Required:- Bachelor's degree in Information Security, Computer Science, Risk Management, or a related field (or equivalent experience).- 2+ years of experience in information security, compliance, risk management, or related fields.- Strong understanding of ISO/IEC 27001, ISO/IEC 27002, and ISO 13485 standards.- Experience with information security frameworks (e.g., NIST, HITRUST) and best practices.- Knowledge of data protection regulations, including GDPR, CCPA, and other privacy laws.- Ability to respond to third-party risk assessments and manage vendor compliance.- Familiarity with GRC (Governance, Risk, and Compliance) tools and methodologies.Preferred:- Professional certifications such as CISSP, CISM, CRISC, CCSK, or ISO/IEC 27001 Lead Auditor/Implementer.- Experience working in the medical device or healthcare sector, with familiarity in Software as a Medical Device (SaaMD).- Knowledge of security assessment tools and vulnerability management practices.- Understanding of secure software development and DevSecOps practices.Skills:- Strong analytical and problem-solving skills with attention to detail.- Excellent communication skills, with the ability to present complex information clearly to technical and non-technical stakeholders.- Highly organized, with strong project management skills and the ability to prioritize tasks effectively.- Demonstrated ability to work collaboratively with cross-functional teams.