300 Security Compliance jobs in Bengaluru

About Sagility

Sagility is a tech-enabled BPM services provider, a thought partner providing a broad spectrum of transformational services, to enable our clients provide efficient and hi-quality care across the healthcare system. Sagility combines industry-leading technology and transformation-driven BPM services with decades of healthcare domain expertise to help clients draw closer to their members. We optimize the entire member/patient experience through service offerings for clinical, case management, member engagement, provider solutions, payment integrity, claims cost containment, and analytics.

Leading industry analyst firms have consistently cited our service excellence, breadth of offerings, and ability to execute. The most recent being recognized as a leader for Healthcare Payer Operations in 2022 & 2023 as a part The Healthcare Payer Operations PEAK Matrix® Assessment report by Everest Group. To learn more about our recognitions please visit our AWARDS SECTION

We have 40,000+ employees in 15 cities across 5 countries – India, Philippines, USA, Jamaica, and Colombia.

Role Overview

The InfoSec GRC Officer will be responsible for driving and maintaining the organization’s governance, risk, and compliance framework. This includes ensuring robust account hygiene practices, managing account-level GRC reporting, aligning with HiTrust certification requirements, overseeing governance processes, and mitigating third-party risks. The role demands a proactive and detail-oriented professional with strong analytical and communication skills.

Key Responsibilities

Account Hygiene & GRC Reporting

- Monitor and enforce account hygiene standards across infrastructure and application layers.

- Develop and maintain dashboards and reports for account-level GRC metrics.

- Collaborate with IT and security teams to ensure timely remediation of hygiene issues.

- Conduct periodic reviews and audits of account configurations and access controls.

Governance, Risk & Compliance (GRC)

- Implement and maintain GRC frameworks aligned with industry standards and regulatory requirements.

- Support internal and external audits, including evidence collection and gap remediation.

- Maintain risk registers and track mitigation plans across business units.

- Facilitate risk assessments and control testing activities.

HiTrust Compliance

- Lead initiatives to align with HiTrust CSF requirements.

- Coordinate with stakeholders to ensure documentation, controls, and evidence meet HiTrust standards.

- Support readiness assessments and certification processes.

Governance Processes

- Define and document governance policies, procedures, and workflows.

- Ensure consistent application of governance principles across projects and operations.

- Conduct training and awareness sessions on governance best practices.

Third Party Risk Management

- Evaluate and monitor third-party vendors for InfoSec compliance and risk exposure.

- Conduct due diligence, risk assessments, and periodic reviews of vendor security posture.

- Maintain third-party risk inventory and ensure contractual obligations are met.

Qualifications & Skills:

- Bachelor’s degree in information security, Risk Management, or related field.

- 5+ years of experience in GRC, cybersecurity, or IT compliance roles.

- Strong understanding of HiTrust CSF, ISO 27001, NIST, and other regulatory frameworks.

- Experience with GRC tools (e.G., Archer, ServiceNow GRC, MetricStream).

- Excellent analytical, documentation, and communication skills.

- Ability to work independently and collaboratively in a fast-paced environment.

Preferred Certifications

- Certified Information Systems Auditor (CISA)

- Certified in Risk and Information Systems Control (CRISC)

- HiTrust Certified Professional (HCP)

- ISO 27001 Lead Implementer or Auditor

Signzy is a digital trust system. We provide identification, background checks, forgery detection

and contract management systems which enable contracting in a trustable, safe, legal, and

convenient manner. Our biometric user authentication system and blockchain-based digital trail

ensure non-repudiation. This increases compliance and enforceability in the court of law. We

consist of a tech-savvy team and are backed by investors who are enthusiastic about creating

solutions with technology.

Working at Signzy

● At Signzy we breathe software and exploit the latest technologies to create the most

amazing products. We comprise a tech-savvy team and are backed by investors who are

enthusiastic about creating solutions using technology.

● Signzy is looking for an Compliance Analyst. If you think you have what it

takes to get the job done, this is an invitation to be a part of the future!

JD for role of Compliance Analyst - II

Responsibilities

• Development, implementation, and management of security policies, standards, guidelines, and procedures to ensure the ongoing improvement and maintenance of security posture in line with ISO 27001, SOC2 Type 2, PCI DSS etc.,
• Understand technical implementation details necessary to assess general and situational Information Security risk.
• Coordinate with multiple teams across the organization for the Audits
• Lead the Third Party Risk Management audits conducted by Banks and other Authorities
• Closely interact and work with Clients(Banks, Fintechs etc) in ensuring smooth audit process and TPRM
• Coordinate internal and external audits, ensuring timely collection of artifacts and responses.
• Manage the end-to-end vendor/partner onboarding risk process - due diligence, risk assessment, contract compliance, and continuous monitoring.
• Maintain and improve the enterprise GRC framework aligned to ISO 27001/27701, SOC 2, PCI-DSS
• Support risk assessments (operational, cyber, privacy) and maintain risk registers.
• Design, implement, maintain, and improve programs to address key company risks and prepare internal teams for independent assessments against a wide variety of regulatory and compliance frameworks.
• Demonstrated experience with common compliance frameworks (SOX, GDPR, CCPA, PCI, ISO27000, NIST Cybersecurity Framework, NIST SP800-53)
• Understanding of security best practices (Password security, device security etc) in the context of Security Training and Awareness
• Conduct internal control testing and compliance reviews across infrastructure, applications, and processes.
• Establishing appropriate levels of security controls, systems monitoring, and security audits.
• Assisting in the security engineering team with prioritizing patches and security fixes.
• Improve controls for internal systems, processes, and policies.
• Support the execution of multiple audit programs internally and externally.
• Provide clear expectations and direction to security and engineering teams on audit requirements.

Requirements

Must Have

• 3+ years of proven experience in information security, audit, compliance, risk assessment, and management.
• Hands-on experience in managing and driving security compliance mainly ISO 27001, PCI DSS, Data Localization and Bank Audits
• Ability to prioritise, manage, and deliver on multiple projects simultaneously and partner with management in support of key initiatives and projects.
• Knowledge of pragmatic security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
• Experience developing and producing security metrics and reports that are meaningful and actionable across various audiences.
• In-depth understanding of the regulatory requirements and trends in the FinTech domain.
• Ability to communicate to management, technical, and non-technical persons about the risk associated with the business.
• Defining and maintaining the policies as per ISMS framework
• Monitor third-party risk assessments and assist in performing internal risk assessments.

Good to Have

• Certifications such as ISO27001 Lead Auditor/Implementer
• CISA/CISM certification would be a plus
• Ability to use basic automation/scripting (Python, SQL) for evidence collection.
• Experience with SIEM/SOC outputs to validate alerts as audit evidence.
• Knowledge of data governance/DLP tools.
• Awareness of AI/ML governance and evolving regulatory frameworks.
• Skills in continuous compliance (CI/CD, IaC scanning).
• Well-versed with data security and data privacy.
• Strong team player, but can work and execute independently
• Brilliant written, verbal communication, and interpersonal skills

About Skyhigh Security:

Skyhigh Security is a dynamic, fast-paced, cloud company that is a leader in the security industry. Our mission is to protect the world’s data, and because of this, we live and breathe security. We value learning at our core, underpinned by openness and transparency.

Since 2011, organizations have trusted us to provide them with a complete, market-leading security platform built on a modern cloud stack. Our industry-leading suite of products radically simplifies data security through easy-to-use, cloud-based, Zero Trust solutions that are managed in a single dashboard, powered by hundreds of employees across the world. With offices in Santa Clara, Aylesbury, Paderborn, Bengaluru, Sydney, Tokyo and more, our employees are the heart and soul of our company.

Skyhigh Security Is more than a company;
here, when you invest your career with us, we commit to investing in you. We embrace a hybrid work model, creating the flexibility and freedom you need from your work environment to reach your potential. From our employee recognition program, to our ‘Blast Talks' learning series, and team celebrations (we love to have fun!), we strive to be an interactive and engaging place where you can be your authentic self.

The Role:

• You will serve as a critical member of the team who expertly blends technical security knowledge with strategic compliance management.
• You will be the primary driver of our corporate compliance program. This involves independently managing the full lifecycle of internal and external audits for key certifications like ISO 27001, SOC 2, FedRAMP, and PCI-DSS.
• You will handle audit preparation, coordinate with auditors, and meticulously gather all required evidence and documentation.
• You will take direct ownership of developing, maintaining, and communicating our Information Security Management System (ISMS) documentation and policies.
• You will ensure compliance is not an afterthought by actively reviewing operational controls and participating in IT change management. You will work directly with technical teams to integrate compliance requirements into their workflows and CI/CD pipelines.
• While compliance is the focus, you will leverage your security engineering knowledge to provide valuable insights. You will personally guide the secure design of systems and translate vulnerability findings into actionable, risk-based remediation plans that align with our compliance framework.

Qualifications:

• 5-10 years of combined experience IT Audit, IT Compliance, or a related Security Engineering role with a strong compliance focus. You are a seasoned professional with deep knowledge of industry-leading security principles and frameworks.
• Hands-on experience managing audits for multiple standards, particularly ISO 27001, SOC 2, or FedRAMP. You are an expert in independently gathering evidence and presenting a compelling case for certification.
• Ability to perform both analytical, compliance-focused work and technical, hands-on tasks when needed. Your exceptional analytical, documentation, and organizational skills allow you to manage complex projects with meticulous detail.
• Excellent communicator with a proven ability to convey complex technical and compliance issues to a wide range of audiences. You excel at collaborating with cross-functional teams to drive process maturity and operational efficiency, serving as a subject matter expert and trusted advisor.
• Familiar with cloud environments (e.G., AWS, Azure, GCP) and understand the role of DevOps tools (e.G., GitLab, Jenkins) in a modern security and compliance program. You are comfortable thriving in a fast-paced, evolving global environment.

Position : Security & Compliance Specialist

Reports to: Manager InfoSec, GRC

Department: Information Security (InfoSec)

Location: Bangalore

Work Mode : Hybrid

Key Responsibilities

This role oversee the development, evaluation and implementation of governance, risk and compliance.

This role provides operational and conformance checking of information security implemented. The role will undertake specific audits tasks directly and will work with identified stakeholders to ensure that audit lifecycle is in compliance.

Additionally, this role will undertake regular conformance checking tasks to ensure compliance is met to acceptable security levels in different audits.

This role will also undertake a number of critical asks and requests from security projects which manages to successful delivery of projects and the associated resources.

Further, this role will work with all departments across Technology, Business and Third Party vendors/partners and manages inter-dependencies / work-streams and across multiple projects to ensure that Projects are delivered on time:

• Provide consulting services for Technology & Business team for Audit Security process and implementation of controls.
• Define Security assessment scope, requirements, time lines and goals.
• Pro-actively reviews all gaps found on audits related to systems and types of access controls on various risks like Cyber Threats, Data Security and compliance and communicate for timely actions to mitigate them.
• Supports in managing all type of internal and external InfoSec audits (end to end), status of Security assessment, Report Observations and remediation with all the agreed timelines.
• Works with end customer SPOC to ensure all the desired requirements are delivered by liaising with all the business stakeholders.
• Delivers Security Assessments projects on time, and at the expected quality, have root- cause analysis with clear action plan and obtain sign-off with all relevant parties.

Preferred Skills

• Ensure the organization complies with local, federal and international regulatory and legal requirements
• Stay up to date on all major privacy and data protection laws, GDPR, CCPA, DPA, PIPEDA etc.
• Experience in handling various Security Assessments, regulatory requirements but not limited to PCI- DSS, ISO27001, ISO9001, GDPR, CCPA, SOC2 and privacy shield.
• Practical understanding of security standards, Processes and risk frameworks.
• Has good understanding of audit frameworks and various datasheet involved in preparing for the external audits.
• Knowledge of current industry best practices and standards, local/international security and compliance guidance.
• Broad, and commensurately high-level knowledge of Security technology, such as: PKI, firewalls, access management, encryption, IDS & IPS, Cyber threats, encryption, and identity management.
• Strong time management, communication and prioritization skills.
• Ability to work with Technical and Non- Technical business owners.
• Practical understanding of security processes and risk frameworks.
• Partners with External consultants/ internal stakeholders on Regulatory Changes to ensure regulatory changes are added within the system of record.
• Drive integration with Compliance teams aligned to Business Units for all the related audits (end to end).
• Knowledge of current industry best practices and standards, local/international security and compliance guidance.
• Conducting deep dives into specific areas of focus based on Risk and Regulatory priorities as and when needed.
• Proficiency in reviewing and assessing process flows to detect potential risks, deficient controls, duplicated effort, extravagance, and fraud, non-compliance with laws, regulations, and management policies.
• Partners with other Operations Managers to ensure timely and effective delivery for all audit requirements.
• Contribute to the Group ISMS content development, maintenance and maturity.
• Take the interface between custom authorities and colleagues/partners on customs Audits.
• Drive matrixed project planning and execution to deliver and sustain privacy compliance

Required Qualifications

• Bachelor/Master of Science degree. Computer Science, Engineering, Telecommunications or management degree(would be advantage)
• 6/6+ years’ experience in audits and compliance management
• Excellent planning, multi-tasking, organization and problem solving skills.
• Knowledge of certifications and framework like NIST, HIPAA, ISO 27K, PCI-DSS and SOC2.
• Excellent communication skills.
• Hold certifications like ISO9001, ISO 27001 and Green belt(added advantage)

Position : Security & Compliance Specialist

Reports to: Manager InfoSec, GRC

Department: Information Security (InfoSec)

Location: Bangalore

Work Mode : Hybrid

Key Responsibilities

This role oversee the development, evaluation and implementation of governance, risk and compliance.

This role provides operational and conformance checking of information security implemented. The role will undertake specific audits tasks directly and will work with identified stakeholders to ensure that audit lifecycle is in compliance.

Additionally, this role will undertake regular conformance checking tasks to ensure compliance is met to acceptable security levels in different audits.

This role will also undertake a number of critical asks and requests from security projects which manages to successful delivery of projects and the associated resources.

Further, this role will work with all departments across Technology, Business and Third Party vendors/partners and manages inter-dependencies / work-streams and across multiple projects to ensure that Projects are delivered on time:

• Provide consulting services for Technology & Business team for Audit Security process and implementation of controls.
• Define Security assessment scope, requirements, time lines and goals.
• Pro-actively reviews all gaps found on audits related to systems and types of access controls on various risks like Cyber Threats, Data Security and compliance and communicate for timely actions to mitigate them.
• Supports in managing all type of internal and external InfoSec audits (end to end), status of Security assessment, Report Observations and remediation with all the agreed timelines.
• Works with end customer SPOC to ensure all the desired requirements are delivered by liaising with all the business stakeholders.
• Delivers Security Assessments projects on time, and at the expected quality, have root- cause analysis with clear action plan and obtain sign-off with all relevant parties.

Preferred Skills

• Ensure the organization complies with local, federal and international regulatory and legal requirements
• Stay up to date on all major privacy and data protection laws, GDPR, CCPA, DPA, PIPEDA etc.
• Experience in handling various Security Assessments, regulatory requirements but not limited to PCI- DSS, ISO27001, ISO9001, GDPR, CCPA, SOC2 and privacy shield.
• Practical understanding of security standards, Processes and risk frameworks.
• Has good understanding of audit frameworks and various datasheet involved in preparing for the external audits.
• Knowledge of current industry best practices and standards, local/international security and compliance guidance.
• Broad, and commensurately high-level knowledge of Security technology, such as: PKI, firewalls, access management, encryption, IDS & IPS, Cyber threats, encryption, and identity management.
• Strong time management, communication and prioritization skills.
• Ability to work with Technical and Non- Technical business owners.
• Practical understanding of security processes and risk frameworks.
• Partners with External consultants/ internal stakeholders on Regulatory Changes to ensure regulatory changes are added within the system of record.
• Drive integration with Compliance teams aligned to Business Units for all the related audits (end to end).
• Knowledge of current industry best practices and standards, local/international security and compliance guidance.
• Conducting deep dives into specific areas of focus based on Risk and Regulatory priorities as and when needed.
• Proficiency in reviewing and assessing process flows to detect potential risks, deficient controls, duplicated effort, extravagance, and fraud, non-compliance with laws, regulations, and management policies.
• Partners with other Operations Managers to ensure timely and effective delivery for all audit requirements.
• Contribute to the Group ISMS content development, maintenance and maturity.
• Take the interface between custom authorities and colleagues/partners on customs Audits.
• Drive matrixed project planning and execution to deliver and sustain privacy compliance

Required Qualifications

• Bachelor/Master of Science degree. Computer Science, Engineering, Telecommunications or management degree(would be advantage)
• 6/6+ years’ experience in audits and compliance management
• Excellent planning, multi-tasking, organization and problem solving skills.
• Knowledge of certifications and framework like NIST, HIPAA, ISO 27K, PCI-DSS and SOC2.
• Excellent communication skills.
• Hold certifications like ISO9001, ISO 27001 and Green belt(added advantage)

Position : Security & Compliance Specialist

Reports to: Manager InfoSec, GRC

Department: Information Security (InfoSec)

Location: Bangalore

Work Mode : Hybrid

Key Responsibilities

This role oversee the development, evaluation and implementation of governance, risk and compliance.

This role provides operational and conformance checking of information security implemented. The role will undertake specific audits tasks directly and will work with identified stakeholders to ensure that audit lifecycle is in compliance.

Additionally, this role will undertake regular conformance checking tasks to ensure compliance is met to acceptable security levels in different audits.

This role will also undertake a number of critical asks and requests from security projects which manages to successful delivery of projects and the associated resources.

Further, this role will work with all departments across Technology, Business and Third Party vendors/partners and manages inter-dependencies / work-streams and across multiple projects to ensure that Projects are delivered on time:

• Provide consulting services for Technology & Business team for Audit Security process and implementation of controls.
• Define Security assessment scope, requirements, time lines and goals.
• Pro-actively reviews all gaps found on audits related to systems and types of access controls on various risks like Cyber Threats, Data Security and compliance and communicate for timely actions to mitigate them.
• Supports in managing all type of internal and external InfoSec audits (end to end), status of Security assessment, Report Observations and remediation with all the agreed timelines.
• Works with end customer SPOC to ensure all the desired requirements are delivered by liaising with all the business stakeholders.
• Delivers Security Assessments projects on time, and at the expected quality, have root- cause analysis with clear action plan and obtain sign-off with all relevant parties.

Preferred Skills

• Ensure the organization complies with local, federal and international regulatory and legal requirements
• Stay up to date on all major privacy and data protection laws, GDPR, CCPA, DPA, PIPEDA etc.
• Experience in handling various Security Assessments, regulatory requirements but not limited to PCI- DSS, ISO27001, ISO9001, GDPR, CCPA, SOC2 and privacy shield.
• Practical understanding of security standards, Processes and risk frameworks.
• Has good understanding of audit frameworks and various datasheet involved in preparing for the external audits.
• Knowledge of current industry best practices and standards, local/international security and compliance guidance.
• Broad, and commensurately high-level knowledge of Security technology, such as: PKI, firewalls, access management, encryption, IDS & IPS, Cyber threats, encryption, and identity management.
• Strong time management, communication and prioritization skills.
• Ability to work with Technical and Non- Technical business owners.
• Practical understanding of security processes and risk frameworks.
• Partners with External consultants/ internal stakeholders on Regulatory Changes to ensure regulatory changes are added within the system of record.
• Drive integration with Compliance teams aligned to Business Units for all the related audits (end to end).
• Knowledge of current industry best practices and standards, local/international security and compliance guidance.
• Conducting deep dives into specific areas of focus based on Risk and Regulatory priorities as and when needed.
• Proficiency in reviewing and assessing process flows to detect potential risks, deficient controls, duplicated effort, extravagance, and fraud, non-compliance with laws, regulations, and management policies.
• Partners with other Operations Managers to ensure timely and effective delivery for all audit requirements.
• Contribute to the Group ISMS content development, maintenance and maturity.
• Take the interface between custom authorities and colleagues/partners on customs Audits.
• Drive matrixed project planning and execution to deliver and sustain privacy compliance

Required Qualifications

• Bachelor/Master of Science degree. Computer Science, Engineering, Telecommunications or management degree(would be advantage)
• 6/6+ years’ experience in audits and compliance management
• Excellent planning, multi-tasking, organization and problem solving skills.
• Knowledge of certifications and framework like NIST, HIPAA, ISO 27K, PCI-DSS and SOC2.
• Excellent communication skills.
• Hold certifications like ISO9001, ISO 27001 and Green belt(added advantage)

Position : Security & Compliance Specialist

Reports to: Manager InfoSec, GRC

Department: Information Security (InfoSec)

Location: Bangalore

Work Mode : Hybrid

Key Responsibilities

This role oversee the development, evaluation and implementation of governance, risk and compliance.

This role provides operational and conformance checking of information security implemented. The role will undertake specific audits tasks directly and will work with identified stakeholders to ensure that audit lifecycle is in compliance.

Additionally, this role will undertake regular conformance checking tasks to ensure compliance is met to acceptable security levels in different audits.

This role will also undertake a number of critical asks and requests from security projects which manages to successful delivery of projects and the associated resources.

Further, this role will work with all departments across Technology, Business and Third Party vendors/partners and manages inter-dependencies / work-streams and across multiple projects to ensure that Projects are delivered on time:

• Provide consulting services for Technology & Business team for Audit Security process and implementation of controls.
• Define Security assessment scope, requirements, time lines and goals.
• Pro-actively reviews all gaps found on audits related to systems and types of access controls on various risks like Cyber Threats, Data Security and compliance and communicate for timely actions to mitigate them.
• Supports in managing all type of internal and external InfoSec audits (end to end), status of Security assessment, Report Observations and remediation with all the agreed timelines.
• Works with end customer SPOC to ensure all the desired requirements are delivered by liaising with all the business stakeholders.
• Delivers Security Assessments projects on time, and at the expected quality, have root- cause analysis with clear action plan and obtain sign-off with all relevant parties.

Preferred Skills

• Ensure the organization complies with local, federal and international regulatory and legal requirements
• Stay up to date on all major privacy and data protection laws, GDPR, CCPA, DPA, PIPEDA etc.
• Experience in handling various Security Assessments, regulatory requirements but not limited to PCI- DSS, ISO27001, ISO9001, GDPR, CCPA, SOC2 and privacy shield.
• Practical understanding of security standards, Processes and risk frameworks.
• Has good understanding of audit frameworks and various datasheet involved in preparing for the external audits.
• Knowledge of current industry best practices and standards, local/international security and compliance guidance.
• Broad, and commensurately high-level knowledge of Security technology, such as: PKI, firewalls, access management, encryption, IDS & IPS, Cyber threats, encryption, and identity management.
• Strong time management, communication and prioritization skills.
• Ability to work with Technical and Non- Technical business owners.
• Practical understanding of security processes and risk frameworks.
• Partners with External consultants/ internal stakeholders on Regulatory Changes to ensure regulatory changes are added within the system of record.
• Drive integration with Compliance teams aligned to Business Units for all the related audits (end to end).
• Knowledge of current industry best practices and standards, local/international security and compliance guidance.
• Conducting deep dives into specific areas of focus based on Risk and Regulatory priorities as and when needed.
• Proficiency in reviewing and assessing process flows to detect potential risks, deficient controls, duplicated effort, extravagance, and fraud, non-compliance with laws, regulations, and management policies.
• Partners with other Operations Managers to ensure timely and effective delivery for all audit requirements.
• Contribute to the Group ISMS content development, maintenance and maturity.
• Take the interface between custom authorities and colleagues/partners on customs Audits.
• Drive matrixed project planning and execution to deliver and sustain privacy compliance

Required Qualifications

• Bachelor/Master of Science degree. Computer Science, Engineering, Telecommunications or management degree(would be advantage)
• 6/6+ years’ experience in audits and compliance management
• Excellent planning, multi-tasking, organization and problem solving skills.
• Knowledge of certifications and framework like NIST, HIPAA, ISO 27K, PCI-DSS and SOC2.
• Excellent communication skills.
• Hold certifications like ISO9001, ISO 27001 and Green belt(added advantage)