165 Security Compliance jobs in Hyderabad

Job Description

We're seeking a full-time, phenomenal Compliance Analyst to ensure Phenom's adherence to regulatory and industry information security and privacy standards. This role involves conducting audits, managing compliance initiatives, assessing risk, and collaborating with teams across the organization to enforce compliance policies and standards. The Security Compliance Analyst will be pivotal in maintaining certifications and ensuring Phenom remains compliant with frameworks such as ISO 27001 or SOC 2.

What You’ll Do

• Develop, implement, and maintain security policies, procedures, and controls to comply with regulatory and industry standards (e.G., SOC 2, ISO 27001, ISO 27017, ISO 27018, ISO 27701, SOC2, and others).
• Manage compliance initiatives, ensuring timely updates and certifications for applicable frameworks.
• Coordinate internal and external audits, including collecting evidence, managing documentation, and responding to auditor inquiries.
• Perform internal compliance assessments to identify gaps and recommend remediation strategies.
• Conduct regular risk assessments to identify processes, systems, and technology vulnerabilities.
• Collaborate with stakeholders to develop and implement mitigation strategies.
• Monitor compliance with security policies and standards, ensuring adherence across departments.
• Work closely with the sales, legal, and technical teams to respond to customer security questionnaires, RFPs, and due diligence requests.
• To streamline responses, maintain a library of frequently requested documentation, such as certifications, policies, and security process descriptions.
• Ensure responses align with the organization's security posture, compliance frameworks, and contractual obligations.
• Create and present reports on compliance status, audit results, and risk management metrics to leadership.
• Develop and deliver compliance training programs to educate employees on regulatory requirements and best practices.
• Promote a culture of compliance and security awareness across the organization.
• Assess the compliance posture of vendors and third-party partners, ensuring contractual obligations align with security and privacy standards.
• Manage vendor risk assessments and ensure ongoing monitoring of third-party relationships.
• Draft, review, and update security and privacy policies in alignment with regulatory requirements.
• Stay updated on regulatory and industry standards changes, recommending adjustments to policies and procedures as needed.

Must Have

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent work experience.
• 4-6 years of experience in information security, compliance, or risk management roles.

Specialized Knowledge

• Knowledge of regulatory and industry frameworks such as ISO 27001, SOC 2, and NIST CSF.
• Familiarity with GRC (Governance, Risk, and Compliance) tools such as OneTrust or similar.
• Basic understanding of security technologies (e.G., firewalls, SIEM, encryption) and their role in compliance.
• Proficiency with documentation tools and audit management software.
• Relevant certifications, such as Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP), are highly desirable.

Designation/ Role: Compliance – Senior Manager

Experience: 12 to 15 years of experience in Compliance, Information Security and BCM Domains

Department: Compliance & Information Security

Work Timing: 9 hours/day;
5 days a week flexible shift timing between 10 am to 12 am IST. Should be ready to work as per US/UK shift timings as and when needed.

Qualifications: Graduate / B.E.

Professional Certifications: ISO27001 Lead Auditor/PCI DSS/CEH-EC council/CISA.

Key Skills: ISO 27001:2022 (ISMS), HIPAA, SOC 2 Type II, HITRUST, PCI DSS, VAPT and Cyber Security Assessments, Vulnerability Management, Third-party Risk management, Creating New Policies/SOPs, Filling the client questionnaire, Dark Web Monitoring, and Attack Surface Monitoring.

Experience

• Mandatory
• Expertise working with ISO 27001:2022, PCI DSS Certifications and HIPAA Assessments.
• Internal and External audit experience of ISO standards ISO 27001.
• Sound knowledge and audit experience of HIPAA compliance and HITRUST requirements.
• Good hands-on experience in VAPT, Vulnerability management, Dark Web Monitoring, Attack Surface Monitoring, and cyber security management.
• Should have hands-on experience in responding to Client’s RFP questionnaires/documents and performing Third-party Risk Management.
• Should have hands-on experience working on SOC 2 Type II/ HITRUST/PCI DSS certification requirements.
• Good knowledge of basic ITGC controls/Information Security.
• Good written and verbal communication skills.
• Experience in coordinating with vendors, external auditors and internal stakeholders for different compliance and information security tasks.
• Experience in handling cybersecurity audits/assessments.
• 12+years of relevant experience in the same field.

• Desired

1. Certified Lead Auditor for ISMS and Certified PCI DSS implementor.

Job Summary:

Compliance and Information Security Senior Manager will be a part of the core compliance team and will help drive, manage, implement, and evaluate the certification and compliance standards Infinx is certified for i.E., ISO 9001, ISO 27001, HIPAA, SOC2, VAPT, PCI DSS, HITRUST, Cyber Security Assessments, Dark Web Monitoring, Attack Surface Monitoring, VAPT Assessment, Third-Party Vendor Management, and Filling up of client security questionnaires/RFP documents.

Duties and responsibilities:

• Communicate with internal and external stakeholders for all compliance related activities.
• Participate in Compliance audit programs both internal and external for ISO, HIPAA, SOC2, VAPT, PCI DSS, HITRUST, Cyber Security assessments, etc., as and when needed.
• Develop and review company policies and procedures, handle training programs and monitor compliance related matters.
• Educate stakeholders to implement corrective actions.
• Ensure corrective actions have been implemented for all identified compliance deficiencies.
• Promote awareness related to privacy, and security and enforce compliance across the enterprise.
• Support Implement and manage compliance programs effectively.
• Report MR/CISO/Management about the status of compliance and information security in the organization through detailed reports.
• Create, manage, and track effective action plans in response to audit observations and compliance violations.
• Manage and perform internal audits to identify possible weaknesses or risks to the company’s information security management system.
• Perform additional audits as and when required.
• Assess the organization’s processes to determine the compliance risk and formulate necessary risk mitigation plans.
• Ensure all employees are aware of their compliance responsibilities.
• Working with the vendors and external auditors on all audits and assessments related tasks and ensuring to close the loop with them.
• Work with the vendors in performing the third-party audits based on the frequency.
• Handling Dark Web Monitoring / Attack Surface Monitoring tools and ensuring to mitigate the risks for the organization.
• Work with internal stakeholders in filling up the client questionnaires and RFP documents for submitting them timely.
• Ensure to send awareness mailers to users.
• Experience in handling Phishing Simulation campaigns across the organization.

Job Description

We're seeking a full-time, phenomenal Compliance Analyst to ensure Phenom's adherence to regulatory and industry information security and privacy standards. This role involves conducting audits, managing compliance initiatives, assessing risk, and collaborating with teams across the organization to enforce compliance policies and standards. The Security Compliance Analyst will be pivotal in maintaining certifications and ensuring Phenom remains compliant with frameworks such as ISO 27001 or SOC 2.

What You’ll Do

• Develop, implement, and maintain security policies, procedures, and controls to comply with regulatory and industry standards (e.G., SOC 2, ISO 27001, ISO 27017, ISO 27018, ISO 27701, SOC2, and others).
• Manage compliance initiatives, ensuring timely updates and certifications for applicable frameworks.
• Coordinate internal and external audits, including collecting evidence, managing documentation, and responding to auditor inquiries.
• Perform internal compliance assessments to identify gaps and recommend remediation strategies.
• Conduct regular risk assessments to identify processes, systems, and technology vulnerabilities.
• Collaborate with stakeholders to develop and implement mitigation strategies.
• Monitor compliance with security policies and standards, ensuring adherence across departments.
• Work closely with the sales, legal, and technical teams to respond to customer security questionnaires, RFPs, and due diligence requests.
• To streamline responses, maintain a library of frequently requested documentation, such as certifications, policies, and security process descriptions.
• Ensure responses align with the organization's security posture, compliance frameworks, and contractual obligations.
• Create and present reports on compliance status, audit results, and risk management metrics to leadership.
• Develop and deliver compliance training programs to educate employees on regulatory requirements and best practices.
• Promote a culture of compliance and security awareness across the organization.
• Assess the compliance posture of vendors and third-party partners, ensuring contractual obligations align with security and privacy standards.
• Manage vendor risk assessments and ensure ongoing monitoring of third-party relationships.
• Draft, review, and update security and privacy policies in alignment with regulatory requirements.
• Stay updated on regulatory and industry standards changes, recommending adjustments to policies and procedures as needed.

Must Have

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent work experience.
• 4-6 years of experience in information security, compliance, or risk management roles.

Specialized Knowledge

• Knowledge of regulatory and industry frameworks such as ISO 27001, SOC 2, and NIST CSF.
• Familiarity with GRC (Governance, Risk, and Compliance) tools such as OneTrust or similar.
• Basic understanding of security technologies (e.G., firewalls, SIEM, encryption) and their role in compliance.
• Proficiency with documentation tools and audit management software.
• Relevant certifications, such as Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP), are highly desirable.

About Us:

Marriott International Inc., headquartered in Bethesda, Maryland, USA, was founded in May 1927 by J. Willard Marriott and Alice S. Marriott with a modest nine-seat A&W root beer stand. Guided by the family's leadership and core principles, Marriott International today has grown into a global hospitality giant, operating approximately 9,000 properties and over 30 leading brands in more than 140 countries and territories.

From such humble beginnings to becoming the world’s largest hotel company, Marriott International has never stopped searching for inventive ways to serve its customers, provide opportunities for its associates, and grow their business. At Marriott Tech Accelerator center (MTA), Hyderabad, India, Marriott is exploring the world we live in and all its possibilities. At Marriott Tech Accelerator, we are a team of passionate engineering minds dedicated to creating and building cutting-edge solutions that streamline operations and elevate guest experiences.

Marriott Tech Accelerator center is fully owned and operated by ANSR. All associates at Marriott Tech Accelerator will be ANSR employees, delivering services exclusively to ANSR's client, Marriott International.

To know more about us, please visit Marriott Tech Accelerator careers page

Role Title: Senior Engineer II – Security & Compliance

Position Summary:

The Senior Security & Compliance Engineer represents a challenging opportunity to lead, design, and implement solutions critical to securing cloud infrastructure core to Marriott’s mission. Apply to this position if you have a software development background, have expertise in areas of Cloud Security, DevOps, and infrastructure automation with a focus on integrating security best practices. The core responsibilities are to contribute to a team working to improve technical security best practices through identifying and developing security standards through automated technical security patterns and pipelines, developing automations to strengthen configurations within our public and private clouds, and developing processes to automate manual processes.

The Cloud Infrastructure Security & Compliance team is where the rubber meets the road as to translating information security policy into enterprise standards, practices, and automations. You will use Cloud and DevOps SME skills to participate as a leading contributor to designing, implementing, arbitrating, and influencing security best practices across a complex organization.

Job Responsibilities:

• Improve cloud security posture through script and pipeline development using technologies like python, boto3, Ansible, Harness, and Jenkins
• Participate, lead, and adjudicate best practices secure application and infrastructure architecture
• Research and publish standards for use of security technologies such as secrets management, key management, or rehydration patterns
• Utilize understanding of progressive infrastructure practices such as containers, Kubernetes, and DevOps to implement security automation within these systems and associated processes
• Develop techniques, strategies, and script automation to discover and implement hardening to Public cloud resources and services (AWS, Azure, GCP, Alibaba Cloud)
• Support cloud and virtual machine image hardening and delivery
• Support custom tool development using software development languages such as Python or NodeJS
• Provide and presents status, analysis and reporting to internal stakeholders, Executive Management and Senior Leadership
• Train and/or mentors other team members, and peers as appropriate
• Identify opportunities to enhance the service delivery, operations, and continual service improvement processes
• Perform other compliance-related functions as required

About Client:

Our client is a global digital solutions and technology consulting company headquartered in Mumbai, India. The company generates annual revenue of over $4.29 billion (₹35,517 crore), reflecting a 4.4% year-over-year growth in USD terms. It has a workforce of around 86,000 professionals operating in more than 40 countries and serves a global client base of over 700 organizations.

Client: LTIMINDTREE

Job Type: C2H

Role: Senior Infrastructure Security & Compliance Engineer

Experience: 8-12y

Work Location:Bangalore

Payroll on : People Prime World Wide

Notice :0-15days

Job Description:

Senior Infrastructure Security & Compliance Engineer (Zero-Touch GPU Cloud – GitOps-Driven Compliance & Resilience)

We are seeking a Senior Infrastructure Security & Compliance Engineer with 10+ years of experience in infrastructure and platform automation to drive the Zero-Touch Build, Upgrade, and Certification pipeline for our on-prem GPU cloud environment. This role is focused on integrating security scanning, policy enforcement, compliance validation, and backup automation into a fully GitOps-managed GPU cloud stack, spanning hardware → OS → Kubernetes → platform layers.

Key Responsibilities

• Design and implement GitOps-native workflows to automate security, compliance, and backup validation as part of the GPU cloud lifecycle.
• Integrate Trivy into CI/CD pipelines for container and system image vulnerability scanning.
• Automate kube-bench execution and remediation workflows to enforce Kubernetes security benchmarks (CIS/STIG).
• Define and enforce policy-as-code using OPA/Gatekeeper to validate cluster and workload configurations.
• Deploy and manage Velero to automate backup and disaster recovery operations for Kubernetes workloads.
• Ensure that all compliance, scanning, and backup logic is declarative and auditable through Git-backed repositories.
• Collaborate with infrastructure, platform, and security teams to define security baselines, enforce drift detection, and integrate automated guardrails.
• Drive remediation automation and post-validation gates across build, upgrade, and certification pipelines.
• Monitor evolving security threats and ensure tooling is regularly updated to detect vulnerabilities, misconfigurations, and compliance drift.

Required Skills & Experience

• 10+ years of hands-on experience in infrastructure, platform automation, and systems security.
• Primary key skills required are Python/Go/Bash scripting, OPA Rego policy writing, CI integration for Trivy & kube-bench, GitOps
• Strong knowledge and practical experience with:
• Trivy for container, filesystem, and configuration scanning
• kube-bench for Kubernetes CIS benchmark compliance
• Velero for Kubernetes-native backup and disaster recovery
• OPA/Gatekeeper for policy-as-code and admission control
• Deep understanding of GitOps workflows (e.G., Argo CD, Flux) and how to integrate security tools declaratively.
• Proven experience automating security, compliance, and backup validation in CI/CD pipelines.
• Solid foundation in Kubernetes internals, RBAC, pod security, and multi-tenant best practices.
• Familiarity with vulnerability management lifecycles and security risk remediation strategies.
• Experience with Linux systems administration, OS hardening, and secure bootstrapping.
• Proficiency in scripting languages such as Python, Go, or Bash for automation and tooling integration.
• Bonus:
• Experience with SBOMs, image signing, or container supply chain security
• Exposure to regulated environments (e.G., PCI-DSS, HIPAA, FedRAMP)
• Contributions to open-source security/compliance projects

• Seniority Level
• Mid-Senior level
• Industry
• IT Services and IT Consulting
• Software Development
• Employment Type
• Contract
• Job Functions
• Information Technology
• Skills
• Infrastructure Security
• Compliance Engineering

About McDonald’s:

One of the world’s largest employers with locations in more than 100 countries, McDonald’s Corporation has corporate opportunities in Hyderabad. Our global offices serve as dynamic innovation and operations hubs, designed to expand McDonald's global talent base and in-house expertise. Our new office in Hyderabad will bring together knowledge across business, technology, analytics, and AI, accelerating our ability to deliver impactful solutions for the business and our customers across the globe.

Position Summary:

Privacy, Security, & Risk Specialist: (Supervisor, Data Governance_G3_EDAA0104)

As a Data Risk & Compliance Analyst within the Enterprise Data Governance (EDG) team, you will play a key role in supporting data risk management, privacy, and compliance efforts across the organization. You will operationalize and enhance processes that support secure data practices, regulatory alignment, and the protection of sensitive data assets. Working cross-functionally with business, legal, privacy, and cybersecurity teams, you will help ensure that data governance capabilities are implemented with integrity and transparency.

This role combines technical acumen, risk assessment, and compliance management to support data discovery, access controls, data classification, and privacy risk assessments.

Who we’re looking for:

Primary Responsibilities:

• Risk & Privacy Controls Execution : Maintain and support risk and privacy controls across key processes such as data retention, access monitoring, and records destruction.
• Data Discovery & Classification Enablement : Help drive the implementation of data discovery, tagging, and classification activities by identifying structured data with privacy and regulatory implications.
• Governance Platform Integration : Collaborate in testing and integrating data governance capabilities with risk and compliance systems (e.G., GRC tools, OneTrust, ServiceNow IRM).

Key Responsibilities:

• Partner with the privacy, legal, and security teams to operationalize privacy-by-design, records management, and access governance.
• Support the creation, enhancement, and enforcement of data handling policies, including ROPA, data classification, and regulatory reporting.
• Maintain and analyze Records of Processing Activities (ROPA) and ensure accuracy and traceability of critical data elements.
• Assist with privacy and compliance risk assessments, tracking mitigation plans, and supporting enterprise audit requests.
• Align with Identity and Access Management teams to manage privileged access appropriately, supporting the governance of access control and provisioning.
• Assist in developing data quality metrics, health indices, and access provisioning dashboards.
• Provide expert guidance to EDG councils and data stewards regarding privacy, data protection, and compliance requirements.
• Support the organization in addressing questions about security classification, data-sharing agreements, and retention schedules.

Skill:

• Bachelor’s degree in information technology, Computer Science, or a related field.
• 5+ years of experience in data governance, privacy, information risk, and compliance.
• Familiarity with NIST CSF, NIST Privacy Framework, and ISO 27001.
• Hands-on experience with GRC and privacy tools like OneTrust, RSA Archer, Collibra, or ServiceNow IRM.
• Strong understanding of data discovery and classification technologies;
  ability to define policies and regex rules.
• Knowledge of information governance, access control, and secure records lifecycle management.
• Excellent analytical and communication skills with the ability to work across technical and business teams.
• Cybersecurity certifications preferred (e.G., CISSP, CISA).

Work location: Hyderabad, India

Work pattern: Full time role.

Work mode: Hybrid.

About Client:

Our client is a global digital solutions and technology consulting company headquartered in Mumbai, India. The company generates annual revenue of over $4.29 billion (₹35,517 crore), reflecting a 4.4% year-over-year growth in USD terms. It has a workforce of around 86,000 professionals operating in more than 40 countries and serves a global client base of over 700 organizations.

Client: LTIMINDTREE

Job Type: C2H

Role: Senior Infrastructure Security & Compliance Engineer

Experience: 8-12y

Work Location:Bangalore

Payroll on : People Prime World Wide

Notice :0-15days

Job Description:

Senior Infrastructure Security & Compliance Engineer (Zero-Touch GPU Cloud – GitOps-Driven Compliance & Resilience)

We are seeking a Senior Infrastructure Security & Compliance Engineer with 10+ years of experience in infrastructure and platform automation to drive the Zero-Touch Build, Upgrade, and Certification pipeline for our on-prem GPU cloud environment. This role is focused on integrating security scanning, policy enforcement, compliance validation, and backup automation into a fully GitOps-managed GPU cloud stack, spanning hardware → OS → Kubernetes → platform layers.

Key Responsibilities

• Design and implement GitOps-native workflows to automate security, compliance, and backup validation as part of the GPU cloud lifecycle.
• Integrate Trivy into CI/CD pipelines for container and system image vulnerability scanning.
• Automate kube-bench execution and remediation workflows to enforce Kubernetes security benchmarks (CIS/STIG).
• Define and enforce policy-as-code using OPA/Gatekeeper to validate cluster and workload configurations.
• Deploy and manage Velero to automate backup and disaster recovery operations for Kubernetes workloads.
• Ensure that all compliance, scanning, and backup logic is declarative and auditable through Git-backed repositories.
• Collaborate with infrastructure, platform, and security teams to define security baselines, enforce drift detection, and integrate automated guardrails.
• Drive remediation automation and post-validation gates across build, upgrade, and certification pipelines.
• Monitor evolving security threats and ensure tooling is regularly updated to detect vulnerabilities, misconfigurations, and compliance drift.

Required Skills & Experience

• 10+ years of hands-on experience in infrastructure, platform automation, and systems security.
• Primary key skills required are Python/Go/Bash scripting, OPA Rego policy writing, CI integration for Trivy & kube-bench, GitOps
• Strong knowledge and practical experience with:
• Trivy for container, filesystem, and configuration scanning
• kube-bench for Kubernetes CIS benchmark compliance
• Velero for Kubernetes-native backup and disaster recovery
• OPA/Gatekeeper for policy-as-code and admission control
• Deep understanding of GitOps workflows (e.g., Argo CD, Flux) and how to integrate security tools declaratively.
• Proven experience automating security, compliance, and backup validation in CI/CD pipelines.
• Solid foundation in Kubernetes internals, RBAC, pod security, and multi-tenant best practices.
• Familiarity with vulnerability management lifecycles and security risk remediation strategies.
• Experience with Linux systems administration, OS hardening, and secure bootstrapping.
• Proficiency in scripting languages such as Python, Go, or Bash for automation and tooling integration.
• Bonus:
• Experience with SBOMs, image signing, or container supply chain security
• Exposure to regulated environments (e.g., PCI-DSS, HIPAA, FedRAMP)
• Contributions to open-source security/compliance projects

• Seniority Level
• Mid-Senior level
• Industry
• IT Services and IT Consulting
• Software Development
• Employment Type
• Contract
• Job Functions
• Information Technology
• Skills
• Infrastructure Security
• Compliance Engineering