More jobs:
Job Description & How to Apply Below
Information Security Compliance Analyst
Experience:
2 - 5 years
Location:
Hyderabad / Chennai - India (Hybrid)
Employment Type:
Full-Time, Permanent
Work Mode:
Hybrid
Reports To:
Head of IT
About the Role
Evon Sys is looking for a practical, technically aware Information Security Compliance Analyst to help strengthen and sustain our compliance programmes across ISO/IEC 27001:2022, SOC 2 Type II, and ISO/IEC 27701 Privacy Information Management System (PIMS).
This role sits at the intersection of compliance, engineering, Dev Ops, infrastructure, and IT operations. The successful candidate will translate control requirements into clear technical actions, work closely with engineers to implement those controls, and ensure the evidence we maintain is audit-ready, meaningful, and aligned with day-to-day operations.
This is not a tick-box compliance position. We are looking for someone who understands how security controls work in real environments and can make compliance practical, sustainable, and useful for the business.
Experience with AI-assisted development, AI-enabled security tooling, compliance automation, or AI governance will be a strong advantage.
Key Responsibilities
Bridge Compliance and Engineering
Act as the main point of coordination between Compliance and technical teams, including engineering, Dev Ops, infrastructure, cloud, and IT operations.
Translate ISO 27001, SOC 2, and ISO 27701 control requirements into practical technical specifications and implementation guidance.
Work with technical teams to design, implement, and validate controls across IAM, encryption, logging and monitoring, vulnerability management, network segmentation, and secure SDLC / CI/CD practices.
Embed compliance-by-design into architecture reviews, change management, new system onboarding, and cloud service evaluations.
Review technical evidence such as configuration exports, pipeline outputs, vulnerability scan results, log samples, access reviews, and monitoring records.
Support compliance automation through policy-as-code, CI/CD control gates, configuration baselines, evidence workflows, and continuous control monitoring. ISO/IEC 27001:2022 - Information Security Management
Support the implementation, operation, and continuous improvement of the Information Security Management System (ISMS).
Coordinate risk assessments, Statement of Applicability (SoA) reviews, Annex A control mapping, and risk treatment plans.
Prepare and maintain ISMS documentation, registers, procedures, evidence packs, and audit records.
Support internal audits, certification audits, surveillance audits, and follow-up actions with certification bodies.
Track nonconformities, observations, corrective actions, and improvement items through to timely closure.
SOC 2 Type II - Trust Services Criteria
Support the SOC 2 Type II audit lifecycle, from readiness assessment through evidence collection, auditor liaison, and report issuance.
Map applicable Trust Services Criteria to internal controls and maintain clear evidence of design and operating effectiveness.
Coordinate with technical control owners to ensure controls operate consistently throughout the audit period.
Maintain a year-round compliance posture through continuous control monitoring and structured evidence management.
ISO/IEC 27701 / PIMS - Privacy Information Management
Support the implementation and maintenance of the Privacy Information Management System as an extension of the ISMS.
Align privacy controls with GDPR, PDPA, CCPA, and other relevant multi-jurisdictional privacy requirements.
Maintain privacy records such as RoPA, DPIAs, cross-border transfer documentation, and privacy control evidence.
Work with Legal, Compliance, business, and technical teams to embed privacy-by-design into systems and processes.
AI-Assisted Compliance, Automation, and AIMS
Use AI-assisted tools such as Git Hub Copilot, Cursor, Claude, ChatGPT, or similar platforms to support compliance automation, dashboards, and evidence workflows.
Apply AI-enabled security or compliance tooling for monitoring, anomaly detection, log analysis, and control validation where appropriate.
Stay informed on emerging AI governance frameworks, including ISO/IEC 42001, the EU AI Act, and the NIST AI RMF.
Contribute to responsible AI practices, AI-assisted development controls, and internal governance guidance for secure and compliant use of AI tools.
What You Will Bring
Required Experience and Qualifications
ISO/IEC 27001:2022 Lead Implementer or Lead Auditor certification is mandatory.
Formal ISO/IEC 27701 training, implementation knowledge, or equivalent privacy management experience.
2-3+ years of hands-on experience supporting ISO 27001 and SOC 2 compliance programmes, including SOC 2 Type II audit support and auditor coordination.
Strong technical understanding of cloud platforms such as AWS, Azure, or GCP; networking; IAM; endpoint and server security; and modern Dev Ops practices.
Practical exposure to CI/CD pipelines, version control, containerisation,…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×