Security Analyst – Compliance and Audit in Bengaluru, Karnātaka at Simeio

Overview

The Security Analyst – Compliance and Audit is responsible for supporting and maintaining the organization’s compliance posture across key security and privacy frameworks, including ISO/IEC 27001, ISO/IEC 27018, ISO/IEC 27701, CSA STAR, and SOC 2. This role plays a critical part in managing the audit lifecycle, coordinating compliance activities, and ensuring consistent implementation of controls across the Information Security Management System (ISMS).

The position includes ownership of the Business Continuity Management (BCM), and ongoing compliance monitoring across all ISMS domains. The analyst applies technical knowledge of operating systems, cloud platforms, cloud‑native architectures, and secure software development practices to assess control effectiveness and support compliance requirements throughout the Software Development Lifecycle (SDLC).

In addition, the role supports cyber maturity assessments and continuous improvement initiatives aimed at evaluating, strengthening, and advancing the organization’s overall security and compliance posture.

Key Responsibilities

• Audit Management
  Lead the technical preparation and execution of ISO/IEC 27001, ISO/IEC 27018, ISO/IEC 27701, CSA STAR, and SOC 2 audits, ensuring audit documentation, including IRLS and evidence are complete, accurate, and aligned with audit requirements.

• Business Continuity Management (BCM)
  Execute the annual Business Continuity Management lifecycle, including conducting Business Impact Analyses (BIA) and guiding teams to develop, maintain, and test appropriate Business Continuity and Disaster Recovery plans in alignment with ISO 22301.

• Privacy Information Management (ISO/IEC 27701 – PIMS)
  Maintain and operate the Privacy Information Management System (PIMS), including data minimization practices, Privacy by Design and Privacy Impact Assessments (DPIAs), maintenance of personal data inventories and data flows, definition of lawful basis and data retention requirements, oversight of third‑party processors, and support for data subject rights (DSARs) and privacy incident handling.

• External Audit Coordination
  Provide technical expertise and support during external audits, including evidence presentation, walkthroughs, and clarification of technical and operational controls.

• Control Monitoring and Continuous Improvement
  Support the monitoring, assessment, and continuous improvement of security and compliance controls across the ISMS, including Business Continuity Management, user access reviews, incident management, and privacy controls. Assist with compliance validation and control assessments within cloud environments.

• Policy Management
  Contribute to the review, update, and maintenance of security policies, standards, and procedures to ensure alignment with regulatory requirements, industry best practices, and audit expectations.

• Documentation and Reporting
  Maintain accurate and up‑to‑date documentation for compliance activities, audit findings, risk treatment actions, control implementations, and policy updates. Produce reporting artifacts required for internal governance and external audits.

Key Skills

• Strong knowledge of security, privacy and compliance frameworks, including ISO/IEC 27000, ISO/IEC 27001, ISO/IEC 27018, ISO/IEC 27701, ISO 22301, CSA STAR, and SOC 2.

• Hands-on experience executing internal audits and supporting external audits, including information request lists (IRL) development, coordinating audit activities, preparing technical evidence, and responding to auditor inquiries.

• Comprehensive understanding of Information Security Management System (ISMS) domains, including Business Continuity Management (BCM), privacy, incident management, risk management, user access reviews, vendor and third‑party management, cloud security, and Secure SDLC practices.

• Policy development and governance, experience drafting, reviewing, updating, and aligning security policies, standards, and procedures to regulatory and compliance requirements.

• Effective communication skills, with the ability to clearly explain complex technical concepts, security controls, and audit findings to both technical and non‑technical stakeholders.

• Technical proficiency across infrastructure and cloud platforms, including operating systems (Windows and Linux), cloud environments (AWS, Microsoft Azure, and Oracle Cloud), and cloud‑native applications.

Why Simeio?: Simeio is a global managed services provider offering Identity and Access Management solutions delivered as a service and interoperable with leading IAM tools. With 700+ employees worldwide, Simeio secures over 160 million identities globally for large enterprises and government entities.

Services and solutions from Simeio include Customer Identity & Access Management, Privileged Access Management, Identity Proofing, Access Management & Federation, Identity Governance & Administration, Application Onboarding, and Simeio Identity Orchestrator. The company has been recognized for its business and technical leadership and highly rated by Gartner, Forrester, and KuppingerCole, and was ranked by Great Places to Work®. For more information visit simeio.com

Simeio is an equal opportunity employer. If you require assistance with completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to any of the recruitment team at recruitment@simeio.com or +1 404-882-3700.