967 Compliance Engineer jobs in India

About Skyhigh Security:

Skyhigh Security is a dynamic, fast-paced, cloud company that is a leader in the security industry. Our mission is to protect the world’s data, and because of this, we live and breathe security. We value learning at our core, underpinned by openness and transparency.

Since 2011, organizations have trusted us to provide them with a complete, market-leading security platform built on a modern cloud stack. Our industry-leading suite of products radically simplifies data security through easy-to-use, cloud-based, Zero Trust solutions that are managed in a single dashboard, powered by hundreds of employees across the world. With offices in Santa Clara, Aylesbury, Paderborn, Bengaluru, Sydney, Tokyo and more, our employees are the heart and soul of our company.

Skyhigh Security Is more than a company; here, when you invest your career with us, we commit to investing in you. We embrace a hybrid work model, creating the flexibility and freedom you need from your work environment to reach your potential. From our employee recognition program, to our ‘Blast Talks' learning series, and team celebrations (we love to have fun!), we strive to be an interactive and engaging place where you can be your authentic self.

The Role:

• You will serve as a critical member of the team who expertly blends technical security knowledge with strategic compliance management.
• You will be the primary driver of our corporate compliance program. This involves independently managing the full lifecycle of internal and external audits for key certifications like ISO 27001, SOC 2, FedRAMP, and PCI-DSS.
• You will handle audit preparation, coordinate with auditors, and meticulously gather all required evidence and documentation.
• You will take direct ownership of developing, maintaining, and communicating our Information Security Management System (ISMS) documentation and policies.
• You will ensure compliance is not an afterthought by actively reviewing operational controls and participating in IT change management. You will work directly with technical teams to integrate compliance requirements into their workflows and CI/CD pipelines.
• While compliance is the focus, you will leverage your security engineering knowledge to provide valuable insights. You will personally guide the secure design of systems and translate vulnerability findings into actionable, risk-based remediation plans that align with our compliance framework.

Qualifications:

• 5-10 years of combined experience IT Audit, IT Compliance, or a related Security Engineering role with a strong compliance focus. You are a seasoned professional with deep knowledge of industry-leading security principles and frameworks.
• Hands-on experience managing audits for multiple standards, particularly ISO 27001, SOC 2, or FedRAMP. You are an expert in independently gathering evidence and presenting a compelling case for certification.
• Ability to perform both analytical, compliance-focused work and technical, hands-on tasks when needed. Your exceptional analytical, documentation, and organizational skills allow you to manage complex projects with meticulous detail.
• Excellent communicator with a proven ability to convey complex technical and compliance issues to a wide range of audiences. You excel at collaborating with cross-functional teams to drive process maturity and operational efficiency, serving as a subject matter expert and trusted advisor.
• Familiar with cloud environments (e.g., AWS, Azure, GCP) and understand the role of DevOps tools (e.g., GitLab, Jenkins) in a modern security and compliance program. You are comfortable thriving in a fast-paced, evolving global environment.

Certivo turns regulatory evidence into market access. Our AI, CORA, automates supplier outreach, data extraction, and rule checks, then assembles market-ready packets mapped to every product × site × market. We pair automation with deep domain expertise so industrial manufacturers can meet sustainability expectations and regulatory requirements without slowing down launches.

The role

Own sustainability compliance outcomes for industrial customers. You will lead life cycle data collection, model LCAs, produce and maintain EPDs, manage packaging and producer-responsibility obligations, and stand up reporting workflows for enterprise programs. You will also encode your playbooks into CORA so evidence stays current as products, suppliers, and rules change.

Responsibilities

• Regulatory and program intelligence: track and interpret sustainability frameworks and owner/operator requirements relevant to industrial equipment and components; author applicability rationales and encode thresholds, scopes, and reporting triggers into CORA.
• CSRD (EU) readiness: lead double materiality pre-work for industrial manufacturers; map ESRS topics (with emphasis on E1 GHG , E2 Pollution , E5 Circular Economy , and relevant social/governance disclosures) to data owners, controls, audit trail, and product‑level links (EPD, packaging, WEEE/batteries touchpoints).
• CBAM (EU) enablement: define CBAM scope (HS codes), production routes, embedded emissions (direct/indirect), electricity mix, and precursors; collect supplier declarations, build calculation files, and manage transitional reporting and definitive‑phase data flows.
• EU Batteries Regulation: where in scope (e.g., energy storage, drives/controllers with batteries), build workflows for battery labeling , recycled content , performance/durability , safety , carbon footprint declaration , and battery passport data; coordinate QR/UID strategy and supplier attestations.
• ESPR / Digital Product Passport (DPP): design attribute sets (UID, material composition, recycled content, repairability/serviceability, software/firmware, documentation) and evidence linkages; pilot payloads and maintenance processes; define how engineering changes trigger DPP updates.
• Life cycle modeling and EPDs: plan and execute LCAs aligned to ISO 14040/44 and EN 15804+A2; produce EPDs under ISO 14025 and relevant PCRs; coordinate third-party review and program operator verification.
• Supplier data collection: run multilingual campaigns to collect material specs, process energy, yields and scrap, transport, packaging, CBAM inputs , battery passport attributes , and end‑of‑life assumptions; validate data lineage and quality; commission testing or certificates as needed.
• Packaging and producer responsibility: gather weights, materials, and labeling data; prepare declarations and filings for packaging EPR where applicable; manage bill of materials and labeling implications for industrial packaging.
• Product- and portfolio-level carbon: support Scope 3 Category 1 (purchased goods and services) data capture; build emission factor libraries and mapping to parts; maintain auditable calculation files.
• Reporting and submittals: assemble sustainability evidence packs for buyers, owners, and authorities; prepare materials for contractor submittals and owner/operator documentation.
• Automation and data quality: define quality gates, curate factor and dataset libraries, and partner with Product and AI to improve extraction accuracy and reduce false positives/negatives.
• Customer and auditor interface: present models, assumptions, and results; respond to auditor or buyer questions; drive remediation to closure.

Industrial sub-verticals you will support

• Test and Measurement / Instrumentation: product-level embodied carbon and packaging declarations; EPDs where applicable; VOC/PFAS claims alignment with materials teams.
• Systems and Controls (HVAC/Automation/Lighting): controller and actuator product families; luminaire component EPD linkages; packaging reporting.
• Electrical Enclosures, Panels, and Power Distribution: steel and aluminum content tracking, coatings, and packaging; EPDs or embodied-carbon summaries used in projects.
• PVF / Water and Fire Protection: valves, fittings, polymers and brass content; NSF/ANSI 61/372 coordination with sustainability claims; construction submittal evidence.
• Drives, Motors, and Motion: motor and drive LCAs and EPDs; efficiency labels linkage to sustainability evidence; packaging data.
• Utility/Facility Skids and Equipment: multi-product skid LCAs and documentation; owner/operator evidence packs and commissioning documentation.
• Data Center Infrastructure Components: embodied carbon summaries and EPDs where applicable; packaging reporting for high-volume shipments.
• On-site Power and Energy Storage: component-level embodied carbon and packaging reporting for gensets, BESS modules, cabinets, and switchgear; commissioning documentation.

Frameworks and programs you will touch (Exposure to all is not required)

• CSRD / ESRS (EU): double materiality, ESRS topic scoping (E1/E2/E3/E5 plus governance/social where relevant), data controls and audit trail, linkage to product‑level evidence (EPDs, packaging, WEEE/batteries).
• CBAM (EU): Regulation 2023/956 transitional reporting vs. definitive phase; HS code scoping; embedded‑emissions calculation files (direct/indirect), production routes, electricity mix, precursor accounting; quarterly reporting.
• EU Batteries Regulation: product labeling, performance/durability, safety documentation, recycled content and carbon‑footprint declarations, and battery passport data capture/maintenance (including QR/UID strategy).
• ESPR / Digital Product Passport (DPP): attribute design, payload pilots, governance for updates, and links to technical documentation.
• EPDs and LCA: ISO 14040/44; ISO 14025; EN 15804+A2; PCRs relevant to electrical, mechanical, and construction‑adjacent products; program operators such as UL, ASTM, NSF, EPD International.
• Carbon accounting: GHG Protocol Scope 1, 2, and 3 with emphasis on Category 1; emission factor sources and data‑quality documentation.
• Packaging and product stewardship: packaging EPR regimes; WEEE and EU Batteries Regulation where relevant to product lines; labeling and reporting basics.
• Market and buyer programs: contractor submittals; owner/operator requirements; Buy Clean ‑style requests for embodied carbon where applicable.
• Trade and market access touchpoints: data capture for mechanisms that require product or material emissions data where applicable (e.g., CBAM‑linked import declarations).

Must-have qualifications

• 4 to 8+ years in LCA, EPD, or sustainability program management within industrial, electrical, mechanical, or construction-adjacent manufacturing.
• Hands-on experience building cradle-to-gate LCAs and taking at least one EPD through third-party verification with a program operator.
• Strong BoM and process understanding; ability to translate engineering and sourcing data into life cycle inventory inputs and auditable models.
• Proficiency with at least one LCA tool (openLCA, SimaPro, GaBi, One Click LCA) and advanced spreadsheet skills; familiarity with emission factor datasets.
• Clear written and verbal communication; able to explain assumptions and results to engineers, buyers, and auditors.
• Process discipline: change control, documentation, and versioning of models and assumptions.

Nice-to-have

• Experience with packaging EPR reporting and data models for multi-market shipments.
• Familiarity with sustainability elements of construction product documentation (declarations, contractor submittals, owner/operator requirements).
• Exposure to organization-level carbon accounting and supplier engagement for Scope 3 data improvement.
• PLM/ERP experience (Windchill, SAP, Oracle, Arena) and basic SQL or scripting.
• Multilingual for supplier engagement.

How we work

• AI plus human: pair with CORA to automate requests, validation, and rule checks while you focus on modeling choices and edge cases.
• Ownership: measured on readiness, timeliness, and audit performance for named programs.
• Builder’s mindset: turn playbooks into reusable rule packs and product features.

Interview process

1. Intro (30 minutes): mutual fit and domain depth.
2. Technical deep dive (60 minutes): walk us through an LCA and EPD you owned, including data gaps and verification.
3. Practical exercise (90-minute take-home): given a short BoM and process brief, produce an applicability matrix, a data-collection plan, and a preliminary LCA boundary and assumptions document.
4. Panel (60 minutes): cross-functional scenario with Customer Success and Product.

Apply

Send your resume or LinkedIn and one or two relevant (redacted) LCA/EPD artifacts you authored to with subject “Compliance Engineer (Sustainability Compliance) ”

Experience range: 5+ years

Location: Bengaluru and Hyderabad

Position Summary

We are seeking a Senior Patch Compliance Engineer as part of a long-term patch compliance and remediation initiative. This role will be hands-on and technical , while also offering the opportunity to mentor and guide two additional engineers as part of a seven-member global team .

The primary focus is to deploy and validate OS, Office, and third-party patching solutions across enterprise endpoints using SCCM, Intune, Qualys, and PatchMyPC , with additional exposure to tools such as Nexthink, BigFix , and other industry-standard platforms. PowerShell scripting and automation are essential to succeed in this environment.

This role is ideal for a technically skilled professional with strong endpoint patching expertise, excellent scripting capabilities, and a proactive approach to continuous improvement and compliance operations.

• Key Responsibilities Lead and execute patch deployments across Windows OS, Microsoft Office, and third-party applications using SCCM, Intune, PatchMyPC , and related enterprise tools
• Create, enhance, and maintain PowerShell scripts to support automation of pre-patch and post-patch processes
• Validate deployment success, troubleshoot failed installations, and guide junior engineers through remediation efforts
• Collaborate closely with global team leads, architects, and security teams to align patching activities with compliance goals
• Monitor patching dashboards, perform queries, and provide real-time status reports on endpoint compliance and system health
• Help maintain process documentation and contribute to team playbooks for standardized patch workflows
• Actively support continuous optimization of patching strategies, particularly for third-party application patching , which is a critical focus
• Coordinate closely with broader platform teams to ensure accurate targeting and risk prioritization of patch cycles

• Required Qualifications 5+ years of experience in enterprise IT operations, endpoint management, or patch compliance engineering roles
• Proven expertise in SCCM and Intune , including package deployment, device targeting, and automation
• Strong hands-on experience with PowerShell scripting and automation for endpoint management
• Practical understanding of patching lifecycle , remediation best practices, and third-party software support
• Exposure to Qualys or equivalent vulnerability scanning platforms
• Strong troubleshooting skills and ability to work independently in a fast-paced enterprise setting
• Effective written and verbal communication skills in English, with experience in reporting and technical documentation
• Comfort working across remote, cross-functional teams, including U.S. and LATAM-based resources

• Preferred Qualifications Experience with PatchMyPC , Nexthink , BigFix , or similar endpoint compliance and analytics platforms
• Familiarity with Prisma Cloud or other enterprise security posture platforms (contextual understanding only; not day-to-day)
• Background working in a consultancy or large enterprise client delivery environment
• Knowledge of industry patching standards and secure configuration frameworks (e.g., CIS Benchmarks)
• Ability to provide informal mentorship and support to junior or peer-level engineers on the team

• Why Join Us? Play a central role in a high-impact patch compliance initiative for a Fortune 50 enterprise client
• Use your automation and scripting skills to help drive efficiency and measurable security outcomes
• Join a globally distributed team solving real-world compliance challenges across 200K+ endpoints
• Gain valuable exposure to modern patching and compliance platforms in a collaborative, remote-first setting

• Bachelor's or Master's degree in Statistics, Mathematics, Finance, Economics, or a related quantitative field.
• Minimum of 5 years of experience in risk assessment, preferably within the insurance industry.
• Proven expertise in statistical modeling, data analysis, and risk management methodologies.
• Proficiency in data analysis tools and programming languages such as Python, R, SAS, or SQL.
• Strong understanding of insurance products, markets, and regulatory environments.
• Excellent analytical, problem-solving, and critical thinking skills.
• Exceptional written and verbal communication skills, with the ability to articulate complex concepts clearly.
• Ability to work independently and as part of a remote team, demonstrating strong organizational and time management skills.
• Experience with specific insurance risk management software is a plus.

• Perform actuarial valuations and analysis for various insurance products (life, health, general).
• Develop, test, and implement pricing models and reserving methodologies.
• Analyze statistical data to assess risk and predict future claim costs.
• Assist in the development and maintenance of financial projections and solvency requirements.
• Collaborate with actuaries, underwriters, and product managers to support product development and strategy.
• Prepare regulatory filings and reports, ensuring compliance with industry standards.
• Use actuarial software and programming tools (e.g., SQL, Python, R, Prophet) for data analysis and modeling.
• Stay current with actuarial standards of practice, regulations, and industry trends.
• Communicate complex actuarial concepts and findings to non-technical stakeholders.
• Contribute to the continuous improvement of actuarial processes and methodologies.
• Support internal and external audits related to actuarial data and models.
• Mentor junior analysts and provide guidance on actuarial techniques.

• Bachelor's degree in Actuarial Science, Mathematics, Statistics, or a related quantitative field.
• Progress towards actuarial exams (e.g., ACET, IFoA, SOA/CAS) is strongly preferred.
• 2-5 years of experience in the insurance or actuarial field.
• Proficiency in actuarial modeling software and databases.
• Strong analytical, quantitative, and problem-solving skills.
• Excellent written and verbal communication skills.
• Familiarity with insurance products and regulatory requirements.
• Proficiency in Microsoft Excel and SQL is required. Experience with programming languages like Python or R is a plus.
• Ability to work effectively both independently and as part of a team.
• Attention to detail and commitment to accuracy.

About Client:

Our client is a global digital solutions and technology consulting company headquartered in Mumbai, India. The company generates annual revenue of over $4.29 billion (₹35,517 crore), reflecting a 4.4% year-over-year growth in USD terms. It has a workforce of around 86,000 professionals operating in more than 40 countries and serves a global client base of over 700 organizations.

Job Type: C2H

Role: Senior Infrastructure Security & Compliance Engineer

Experience: 8-12y

Work Location:Bangalore

Payroll on : People Prime World Wide

Notice :0-15days

Job Description:

Senior Infrastructure Security & Compliance Engineer (Zero-Touch GPU Cloud – GitOps-Driven Compliance & Resilience)

We are seeking a Senior Infrastructure Security & Compliance Engineer with 10+ years of experience in infrastructure and platform automation to drive the Zero-Touch Build, Upgrade, and Certification pipeline for our on-prem GPU cloud environment. This role is focused on integrating security scanning, policy enforcement, compliance validation, and backup automation into a fully GitOps-managed GPU cloud stack, spanning hardware → OS → Kubernetes → platform layers.

Key Responsibilities

• Design and implement GitOps-native workflows to automate security, compliance, and backup validation as part of the GPU cloud lifecycle.
• Integrate Trivy into CI/CD pipelines for container and system image vulnerability scanning.
• Automate kube-bench execution and remediation workflows to enforce Kubernetes security benchmarks (CIS/STIG).
• Define and enforce policy-as-code using OPA/Gatekeeper to validate cluster and workload configurations.
• Deploy and manage Velero to automate backup and disaster recovery operations for Kubernetes workloads.
• Ensure that all compliance, scanning, and backup logic is declarative and auditable through Git-backed repositories.
• Collaborate with infrastructure, platform, and security teams to define security baselines, enforce drift detection, and integrate automated guardrails.
• Drive remediation automation and post-validation gates across build, upgrade, and certification pipelines.
• Monitor evolving security threats and ensure tooling is regularly updated to detect vulnerabilities, misconfigurations, and compliance drift.

Required Skills & Experience

• 10+ years of hands-on experience in infrastructure, platform automation, and systems security.
• Primary key skills required are Python/Go/Bash scripting, OPA Rego policy writing, CI integration for Trivy & kube-bench, GitOps
• Strong knowledge and practical experience with:
• Trivy for container, filesystem, and configuration scanning
• kube-bench for Kubernetes CIS benchmark compliance
• Velero for Kubernetes-native backup and disaster recovery
• OPA/Gatekeeper for policy-as-code and admission control
• Deep understanding of GitOps workflows (e.g., Argo CD, Flux) and how to integrate security tools declaratively.
• Proven experience automating security, compliance, and backup validation in CI/CD pipelines.
• Solid foundation in Kubernetes internals, RBAC, pod security, and multi-tenant best practices.
• Familiarity with vulnerability management lifecycles and security risk remediation strategies.
• Experience with Linux systems administration, OS hardening, and secure bootstrapping.
• Proficiency in scripting languages such as Python, Go, or Bash for automation and tooling integration.
• Bonus:
• Experience with SBOMs, image signing, or container supply chain security
• Exposure to regulated environments (e.g., PCI-DSS, HIPAA, FedRAMP)
• Contributions to open-source security/compliance projects

• Seniority Level
• Mid-Senior level
• Industry
• IT Services and IT Consulting
• Software Development
• Employment Type
• Contract
• Job Functions
• Information Technology
• Skills
• Infrastructure Security
• Compliance Engineering

• Analyze insurance applications to assess risks and exposures.
• Determine the eligibility of applicants and set appropriate terms, conditions, and premiums.
• Develop and maintain a thorough understanding of various insurance products and market trends.
• Communicate effectively with agents, brokers, and policyholders to gather information and explain underwriting decisions.
• Ensure compliance with company policies, procedures, and regulatory guidelines.
• Review and manage a portfolio of existing policies, making adjustments as necessary.
• Collaborate with the claims department to provide underwriting insights on complex cases.
• Contribute to the development and refinement of underwriting guidelines and strategies.
• Mentor and train junior underwriters.

• Bachelor's degree in Finance, Economics, Business Administration, or a related field.
• Extensive experience as an Insurance Underwriter, with a specialization in a specific line of insurance (e.g., property, casualty, life).
• Strong knowledge of underwriting principles, risk assessment techniques, and insurance regulations.
• Excellent analytical, quantitative, and decision-making skills.
• Proficiency in underwriting software and Microsoft Office Suite.
• Strong negotiation and communication skills.
• Ability to work independently and as part of a team.
• Relevant professional designations (e.g., CPCU, AU) are highly desirable.