Compliance Analyst

Job Title: GRC Analyst / GRC Specialist

Location: Hyderabad

Experience: 6 to 8 years

Job Summary

We are looking for a detail-oriented and proactive GRC professional with hands-on experience in SOC 2 Type 1 & Type 2, NIST CSF, NIST SP 800-53, CIS, GDPR, HIPAA, and ISO 27001.

The ideal candidate will support and lead governance, risk, and compliance initiatives to ensure audit readiness, regulatory compliance, and effective risk management across the organization.

Key Responsibilities

• Lead and support the implementation, maintenance, and continuous improvement of information security compliance programs, with a focus on SOC 2 Type 1 & Type 2, NIST CSF, NIST SP 800-53, and ISO 27001.
• Develop, review, and update security policies, procedures, and guidelines to align with applicable compliance frameworks and regulatory requirements.
• Conduct risk assessments in coordination with cross-functional stakeholders against SOC 2, NIST, and ISO 27001 controls to identify gaps and improvement opportunities.
• Prepare, compile, and manage audit documentation, evidence, and responses to ensure audit readiness and successful outcomes.
• Contribute to enterprise risk assessments and business impact analysis (BIA) activities.
• Maintain comprehensive documentation of security controls, compliance activities, remediation plans, and risk registers.
• Prepare and present regular compliance status reports, key risk metrics, and identified issues to management and stakeholders.
• Perform third-party risk assessments (TPRM) to evaluate vendor compliance with organizational security and privacy requirements.
• Develop and maintain TPRM processes to monitor, assess, and mitigate risks associated with external vendors.
• Ensure effective communication and documentation of third-party risk findings and remediation actions.
• Assist in drafting, reviewing, and updating organizational governance, risk, and compliance policies and procedures.

Required Qualifications

• Proven experience in GRC, Information Security, Risk, or Compliance roles.
• Hands-on experience with SOC 2, NIST CSF, NIST SP 800-53, ISO 27001, and familiarity with CIS, GDPR, and HIPAA.
• Strong understanding of risk management principles, audit processes, and control frameworks.
• Experience supporting internal and external audits.
• Excellent documentation, reporting, and communication skills.
• Ability to work cross-functionally with IT, Security, Legal, and Business teams.

Preferred Qualifications

• Certifications such as CISA, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor, or similar.
• Experience with GRC tools (ServiceNow GRC, Archer, OneTrust, etc.).
• SaaS, cloud, or regulated industry experience.