3,687 Security Compliance jobs in India

• Develop, implement, and manage information security policies, procedures, and standards to ensure compliance with relevant regulations (e.g., GDPR, CCPA, HIPAA, ISO 27001, SOC 2).
• Conduct regular security risk assessments and vulnerability analyses to identify potential threats and weaknesses.
• Oversee the implementation and maintenance of security controls to mitigate identified risks.
• Lead internal and external audits, ensuring preparedness and facilitating audit processes.
• Develop and deliver security awareness training programs to employees across the organization.
• Monitor security incidents and breaches, managing response and remediation efforts.
• Work closely with legal, IT, and other departments to ensure alignment on compliance strategies.
• Stay abreast of evolving regulatory requirements, industry best practices, and emerging security threats.
• Develop and maintain comprehensive documentation for compliance processes and controls.
• Manage third-party vendor risk assessments to ensure their compliance with security standards.
• Prepare and present compliance reports to senior management and relevant stakeholders.
• Conduct periodic reviews of security policies and procedures to ensure their continued effectiveness and relevance.
• Establish key performance indicators (KPIs) to measure the effectiveness of the information security program.
• Champion a culture of security awareness and compliance throughout the organization.
• Manage data privacy initiatives and ensure adherence to data protection regulations.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master's degree preferred.
• 5-8 years of experience in information security, with a strong focus on compliance, risk management, and governance.
• In-depth knowledge of information security frameworks such as NIST Cybersecurity Framework, ISO 27001, SOC 2, PCI DSS, GDPR, and HIPAA.
• Experience in conducting security risk assessments and developing remediation plans.
• Proven ability to manage audit processes and interact with auditors.
• Excellent understanding of security technologies and controls.
• Strong analytical, problem-solving, and organizational skills.
• Exceptional written and verbal communication skills, with the ability to communicate complex compliance requirements clearly.
• Ability to work independently in a remote environment and manage multiple priorities effectively.
• Relevant security certifications such as CISSP, CISM, CRISC, CGEIT, or CISA are highly desirable.
• Experience with GRC (Governance, Risk, and Compliance) tools.
• Demonstrated ability to influence stakeholders at all levels of the organization.

Location : Kolkata

Mode : Preferable WFO

Timing : US Shift

About the role:

We’re looking for a detail-driven Compliance Specialist to help lead our SOC 2 and ISO 27001 initiatives. You’ll manage audits, maintain policies, assess risks, and work cross-functionally to ensure our security and compliance framework stays robust and up to date.

Key Responsibilities

• Implement and manage SOC 2 and ISO 27001 controls;
  lead audits and maintain ISMS documentation.
• Create, review, and update security policies;
  drive organization-widecompliance awareness.
• Conduct risk assessments and manage remediation for security gaps.
• Work closely with IT, HR, Legal, and others;
  provide compliance training and support.
• Enhance controls, processes, and stay informed on evolving security standards.

Qualifications

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• 3–5 years of experience in compliance or information security.
• Hands-on experience with SOC 2 and ISO 27001 audits.
• Certifications such as ISO 27001 Lead Implementer/Auditor, CISA, CISM, or CISSP are a plus.
• Strong understanding of compliance frameworks, risk management, and security best practices.

About the Team

At Navi, the InfoSec team safeguards our digital ecosystem - ensuring the confidentiality, integrity, and availability of critical systems and data. We lead the charge on cyber risk management, regulatory compliance, and data protection, while championing a security-first culture across all teams.

Our mission: Protect what powers Navi - securely, compliantly, and confidently.

About the Role

Navi is looking for an Associate Manager II – Information Security to pilot key aspects of its group-wide information security and regulatory compliance program. This role involves interpreting and implementing information security and technology risks mandates from regulators such as RBI, IRDAI, SEBI, and NPCI, ensuring continuous tech compliance across all business units. You will collaborate closely with engineering, infrastructure, legal, and IT teams to establish and maintain robust security policies, frameworks, and controls. Additionally, the role includes conducting risk assessments, enabling audit readiness, managing third-party/vendor security audits, and driving awareness initiatives across the organization, while also representing Navi in internal and external forums when needed.

What We Expect From You

• As Navi operates in the regulatory space, this role requires interpreting and helping implement regulations related to cyber security by Reserve Bank of India (RBI), IRDAI and SEBI, as well as any other applicable regulatory guidance related to the service offerings issued by relevant institutions.
• Further to the point above, ensure on-going monitoring and tech-compliance with existing regulatory expectations across these dimensions
• Lead the Information security - GRC practice for Navi group level.
• Ensuring that information security principles, policies, frameworks, standards and controls are defined, implemented and managed effectively.
• Partner and collaborate extensively with cross-functional teams, such as Engineering, Infrastructure, IT, Legal, and help minimize information security risks
• Architect and deliberate on the solutions that are compliant with relevant regulatory cybersecurity requirements
• Conduct and review results of Technology Risk Assessment, recommending mitigation strategies to bring the Risk to appropriate levels Nav is looking for a Senior Manager Information Security (GRC) to be part of the information security
• Ensure readiness of the organization for internal and external audits by keeping all documents, evidences, ready
• If required, represent Navi in Board and Board Committee meetings, as well as in discussions with regulators
• Conduct Security awareness programs, train personnel on data security & privacy related processes and responsibilities
• Review / conduct Third Party Risk Assessments & Vendor assessments before onboarding
• Review security solutions / controls implemented by Tech / Engineering teams, controls at data center,
• cyber / information security incidents, IT BCP and DR drills, cloud security controls
• Identify and define Security KPIs including weekly, monthly reports and update Security Dashboards

Must Haves

• Minimum 7+ years of experience working in information security GRC
• Prior experience in the Fintech/Startup industry and knowledge of one of the regulatory compliances like PCI DSS, RBI Master Directives, IRDA, SEBI cyber security guideline is preferred.
• Hands-on approach in solving complex security problems
• Experience with Information Security & Risk Management frameworks like ISO27001, NIST SP 800-37, etc Cyber Kill Chain, MITRE ATT&CK, or other relevant frameworks
• Working knowledge of Cloud environments like AWS, GCP, Oracle cloud is beneficial
• Exposure to Agile methodologies, DevOps, Cloud technologies is beneficial

Soft Skills

• Ability to multitask and meet deadlines, and to prioritize in a highly dynamic work environment
• Ability to balance risk, potential impact, resourcing, business drivers, and timelines
• Excellent verbal and written communication skills
• Strong Product Thinking
• Strong problem solving
• Business acumen
• Technology grounding
• Strategic thinking
• Strong written and verbal communication skills with a talent for articulating.

Inside Navi

We are shaping the future of financial services for a billion Indians through products that are simple, accessible, and affordable. From Personal & Home Loans to UPI, Insurance, Mutual Funds, and Gold - we’re building tech-first solutions that work at scale, with a strong customer-first approach.

Founded by Sachin Bansal & Ankit Agarwal in 2018, we are one of India’s fastest-growing financial services organisations. But we’re just getting started!

Our Culture

The Navi DNA

Ambition. Perseverance. Self-awareness. Ownership. Integrity.

We’re looking for people who dream big when it comes to innovation. At Navi, you’ll be empowered with the right mechanisms to work in a dynamic team that builds and improves innovative solutions. If you’re driven to deliver real value to customers, no matter the challenge, this is the place for you.

We chase excellence by uplifting each other and that starts with every one of us.

Why You'll Thrive at Navi

At Navi, it’s about how you think, build, and grow. You’ll thrive here if:

• You’re impact-driven : You take ownership, build boldly, and care about making a real difference.
• You strive for excellence : Good isn’t good enough. You bring focus, precision, and a passion for quality.
• You embrace change : You adapt quickly, move fast, and always put the customer first.

We are seeking a qualified and experienced ISO 27001 Auditor to assess, monitor, and improve our Information Security Management System (ISMS) in accordance with the ISO/IEC 27001 standard. The ideal candidate will have a strong understanding of information security principles and best practices and will be responsible for performing internal audits, supporting certification audits, and ensuring continuous improvement of the ISMS.

Key Responsibilities:

• Plan, conduct, and report on internal audits of the ISMS as per ISO/IEC 27001 requirements.
• Identify non-conformities, risks, and improvement opportunities and follow up on corrective actions.
• Assist in maintaining ISO 27001 certification by ensuring compliance with applicable controls and standards.
• Provide guidance on the implementation and effectiveness of security controls across departments.
• Work closely with stakeholders to ensure risk assessments, asset management, and security policies are up to date.
• Support third-party audits and liaise with external auditors and certification bodies.
• Keep abreast of regulatory changes and developments in information security standards.
• Assist in training staff on ISO 27001 awareness and internal audit procedures.
• Document audit findings, prepare audit reports, and present results to management.

Requirements:

Education & Experience:

• Bachelor’s degree in Information Security, Computer Science, IT, or a related field.
• Minimum (2–5) years of experience in information security or compliance.
• Proven experience conducting ISO 27001 audits.

Certifications (preferred or required):

• Certified ISO/IEC 27001 Lead Auditor or Internal Auditor (e.G., PECB, IRCA, BSI, or equivalent).
• Other relevant certifications (CISA, CISSP, CISM) are a plus.

Job Description

We're seeking a full-time, phenomenal Compliance Analyst to ensure Phenom's adherence to regulatory and industry information security and privacy standards. This role involves conducting audits, managing compliance initiatives, assessing risk, and collaborating with teams across the organization to enforce compliance policies and standards. The Security Compliance Analyst will be pivotal in maintaining certifications and ensuring Phenom remains compliant with frameworks such as ISO 27001 or SOC 2.

What You’ll Do

• Develop, implement, and maintain security policies, procedures, and controls to comply with regulatory and industry standards (e.G., SOC 2, ISO 27001, ISO 27017, ISO 27018, ISO 27701, SOC2, and others).
• Manage compliance initiatives, ensuring timely updates and certifications for applicable frameworks.
• Coordinate internal and external audits, including collecting evidence, managing documentation, and responding to auditor inquiries.
• Perform internal compliance assessments to identify gaps and recommend remediation strategies.
• Conduct regular risk assessments to identify processes, systems, and technology vulnerabilities.
• Collaborate with stakeholders to develop and implement mitigation strategies.
• Monitor compliance with security policies and standards, ensuring adherence across departments.
• Work closely with the sales, legal, and technical teams to respond to customer security questionnaires, RFPs, and due diligence requests.
• To streamline responses, maintain a library of frequently requested documentation, such as certifications, policies, and security process descriptions.
• Ensure responses align with the organization's security posture, compliance frameworks, and contractual obligations.
• Create and present reports on compliance status, audit results, and risk management metrics to leadership.
• Develop and deliver compliance training programs to educate employees on regulatory requirements and best practices.
• Promote a culture of compliance and security awareness across the organization.
• Assess the compliance posture of vendors and third-party partners, ensuring contractual obligations align with security and privacy standards.
• Manage vendor risk assessments and ensure ongoing monitoring of third-party relationships.
• Draft, review, and update security and privacy policies in alignment with regulatory requirements.
• Stay updated on regulatory and industry standards changes, recommending adjustments to policies and procedures as needed.

Must Have

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent work experience.
• 4-6 years of experience in information security, compliance, or risk management roles.

Specialized Knowledge

• Knowledge of regulatory and industry frameworks such as ISO 27001, SOC 2, and NIST CSF.
• Familiarity with GRC (Governance, Risk, and Compliance) tools such as OneTrust or similar.
• Basic understanding of security technologies (e.G., firewalls, SIEM, encryption) and their role in compliance.
• Proficiency with documentation tools and audit management software.
• Relevant certifications, such as Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP), are highly desirable.

HCLTech is hiring for Cyber Security Experts - Risk & Compliance Associate

Job Title

GET - Risk & Compliance Associate

Job Location

Noida/Chennai/Bangalore (Should be flexible to work from any of these locations)

Roles & Responsibility

• Understands Risk & Compliance domains and functions such as Information Security, IT Risk Management / Cyber Security, Enterprise Risk Management, Business Continuity Management, Privacy & Data Protection, Third Party Risk Management, Data Governance and Operations Risk to perform following activities as per applicability.
• Assist in conducting periodic risk assessments / compliance reviews and identify gaps / non-compliances.
• Drive risk remediation efforts and governance as per the defined risk management process.
• Provide the required support during the external/client information security audits under the guidance of experienced R&C professional.
• Contribute to the development of policies & procedures related to risk management and project execution.
• Establish ability to work in virtual team with help of tools and technologies.
• Demonstrates good inter-personal skills, high standards of professional behavior in dealings with business customers, colleagues, and staff.
• Engage in professional development opportunities to improve knowledge and skills relevant to the role.
• Support on the MIS related work on reporting of risks and metrics through excel/presentations.

Certification such as ISO 27001/ISO 31000/ISO 22301 will be expected to be achieved within first year of employment.

Qualification & Experience (if required)

• Graduate Engineer – B.Tech. Computer Science (Tech background), preferred with Cyber security/Information security graduate workstreams.

Skill Sets required

• Strong analytical and problem-solving skills, with a keen attention to detail
• Excellent interpersonal skills and effectively communicate with diverse groups of people
• Demonstrate ability to manage time effectively, prioritize tasks, and meet deadlines in a fast-paced environment.
• Professional demeanor, with a commitment to ethical conduct and maintaining confidentiality.
• Proficiency in Microsoft Office Suite (Excel, Word, PowerPoint) and experience with MIS tools is preferred.
• A proactive attitude and willingness to take on new challenges.

Job Title: IT Compliance Manager

Location: Mumbai

Company Overview:

HDFC Securities is a leading stockbroking company and a subsidiary of HDFC Bank, one of the world’s largest financial services conglomerates. With a strong emphasis on technology and innovation, HDFC Securities offers a diverse range of investment and trading services to retail and institutional clients. Our commitment to technological advancement and regulatory compliance sets us apart as a trusted partner in the financial industry.

Job Overview: As an IT Compliance manager at HDFC Securities, you will work closely with the senior management and team to ensure that HDFC Securities Ltd adheres to all relevant regulatory requirements and industry standards. You will play a pivotal role in safeguarding our IT operations against compliance breaches and mitigating risks effectively. The ideal candidate will have 5 -8 years of experience in compliance roles within the banking or capital markets sector and possess strong leadership and communication skills.

Key Responsibilities:

1. Compliance Policy Development and Maintenance

- Assist in developing, implementing, and maintaining comprehensive IT compliance policies and procedures in alignment with Indian banking and capital markets regulations.

- Collaborate with the senior management and team to review and update compliance policies and procedures regularly to reflect changes in laws, regulations, and organizational processes.

2. Regulatory Compliance Monitoring

- Support in monitoring the IT environment to ensure ongoing compliance with external regulations such as SEBI & RBI regulations, SOX, and Data Privacy Laws, as well as internal policies. - Stay updated on regulatory changes and assist in assessing the impact of these changes on IT operations and compliance posture.

3. Compliance Risk Assessment

- Contribute to regular risk assessments to identify potential compliance risks and vulnerabilities within IT systems and processes.

- Assist in developing and implementing risk mitigation strategies to address identified risks effectively.

4. Compliance Project Delivery

- Work closely with IT teams across the organization to ensure compliance projects are scoped, documented, and executed effectively, meeting all regulatory and business requirements.

5. Audit and Reporting

- Assist in coordinating and supporting internal as well as external compliance audits such as Statutory audit, Sox audit, HDFC Bank Audit, Cyber Security audit, SEBI & NSE/BSE audit ensuring thorough examination of all IT systems and processes for compliance.

- Contribute to the preparation and submission of compliance reports to HDFC Bank, senior management, regulatory bodies, and other important stakeholders.

6. Training and Awareness

- Support in developing and delivering compliance training programs to educate employees on compliance policies, procedures, and their responsibilities.

- Stay informed about the latest regulatory changes and cybersecurity threats, contributing to adjustments in compliance strategies as needed.

7. Incident Management and Response

- Assist in establishing and managing a process for handling compliance incidents, including detection, investigation, reporting, and resolution.

- Support in ensuring timely reporting of compliance incidents to relevant authorities as required by law or regulation.

8. Vendor and Third-Party Compliance

- Participate in assessing and monitoring the compliance of third-party vendors and service providers with the organization's compliance requirements and standards.

- Assist in ensuring contractual agreements with vendors include necessary compliance clauses and obligations.

9. Stakeholder Engagement

- Collaborate with various stakeholders across HDFC group companies, sharing best practices and leveraging synergies in compliance efforts.

- Support in representing HDFC Securities in various group-level and external forums, contributing to industry-wide discussions on regulatory matters.

Qualifications, Experience & Expertise

- Bachelor’s or Master’s degree in Engineering, Technology, IT, Cybersecurity, or a related field.

- Minimum of 5 - 8 years of experience within the banking or capital markets sector, with a focus on IT and cybersecurity.

- Sound knowledge of the regulatory landscape governing Indian financial institutions, including SEBI and RBI guidelines.

- Strong project management skills, with the ability to collaborate effectively with cross-functional teams. - Excellent interpersonal and communication skills, with the ability to engage effectively with internal and external stakeholders.

- Certifications such as Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP), or equivalent, are highly desirable.

- Demonstrated leadership abilities and strategic thinking in driving compliance initiatives.

- Familiarity with relevant regulations and compliance standards pertaining to management of IT systems in a regulated environment.

Benefits

- Competitive salary and benefits package.

- Opportunity for career growth and development.

- Exposure to a wide range of internal audit and IT governance functions

Key Responsibilities :

Strategic Leadership

• Develop and implement the enterprise-wide information security strategy, policies, and frameworks.
• Provide thought leadership on emerging cyber risks, threats, and technologies.
• Establish an enterprise security architecture aligned with business objectives.
• Represent information security at executive leadership meetings and board-level discussions.

Governance, Risk & Compliance (GRC)

• Ensure compliance with relevant regulations, standards, and frameworks (e.G., ISO 27001, NIST CSF, GDPR, PCI DSS).
• Lead risk assessments, security audits, and penetration testing programs.
• Develop incident response, disaster recovery, and business continuity plans.
• Oversee vendor risk management and third-party security due diligence.

Leadership & People Management

• Build and lead a high-performing information security team, including SOC analysts, security engineers, and risk specialists.
• Define roles, responsibilities, and career development paths within the security function.
• Foster a culture of security awareness across the organization through training and communication.
• Collaborate with IT, Legal, Compliance, and Risk teams to integrate security into all business processes.

DevSecOps & Application Security

• Integrated security into CI/CD pipelines with automated tools:
• SSO SAST (e.G., SonarQube)
• DAST (e.G., OWASP ZAP)
• Dependency scanning (e.G., Snyk)
• Conducting secure code reviews, threat modelling, and application pen tests.
• Leding developer security awareness programs and secure coding bootcamps.

Threat Intelligence & Vulnerability Management

• Set up continuous vulnerability management workflows using the relevant VM tools.
• Consumed and actioned threat intelligence feeds (CTI) to proactively defend against APTs and fraud campaigns.
• Correlating TI with internal telemetry to identify emerging threats specific to fintech and digital banking.

Data Protection & Privacy

• Implemented technical and organizational measures (TOMs) for India DPDP compliance.
• Overseeing DLP, data classification, and encryption policies across Pay10 cloud environment.
• Preparing to conduct DPIAs and privacy-by-design assessments for new fintech products.
• Initiation of RoPA activities to document all records with Pay10 environment.

Stakeholder & External Engagement

• Serve as the primary point of contact for regulators, auditors, and external security partners.
• Engage with business leaders to balance security requirements with operational needs.
• Build strong relationships with law enforcement, cybersecurity forums, and industry associations.

Incident Response & Business Continuity

• Own the Incident Response Plan (IRP) and ensure proper training, testing, and refinement.
• Lead investigations into data breaches or security incidents and coordinate responses.
• Support business continuity and disaster recovery (BC/DR) planning and exercises.

Required Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• 12+ years of experience in cybersecurity.
• Proven experience in Financial services, FinTech, or other regulated environments.

Skills & Competencies

• Good understanding of security and privacy frameworks: NIST CSF, ISO 27001, SOC 2, PCI-DSS, OWASP Top 10, etc.
• Knowledge of fintech regulatory landscape under RBI.
• Experience in AWS security controls.
• Experience with application security in cloud-native environments.
• Familiarity with common FinTech architectures: microservices, APIs, mobile apps, open banking (e.G., PSD2).
• Strong communication and stakeholder management skills.
• Ability to translate technical risk into business language for executives and stakeholders.