Associate Compliance Manager

About the Team

• Lead and own the end-to-end security compliance and certification charter.
• Define, roll out, and enforce Information Security policies and procedures.
• Define and ensure adherence to data privacy and data protection laws (e.g., DPDP).
• Collaborate with third-party vendors to maintain robust third-party security practices.
• Ensure compliance with IT Act, e-commerce guidelines, and regulations related to cryptography, information security, and data privacy.
• Conduct periodic information security awareness training programs for employees.
• Oversee information security risk management and privacy impact assessments.
• Develop and maintain Business Continuity Plans (BCP) and conduct Business Impact Assessments (BIA) to ensure organizational resilience
• Draft and enforce Data Protection Agreements and Information Security Agreements.
• Manage and coordinate internal and external audit-related activities.
• Collect and present audit evidence to ensure successful compliance assessments.
• Develop, implement, and maintain internal audit policies and procedures in line with standards such as ISO 27001, SOC 2, PCI DSS, or any other opted frameworks.
• Audit data, systems, and processes for policy and regulatory compliance.
• Provide actionable insights and reporting on the effectiveness of compliance programs.
• Conduct vendor audits and produce comprehensive reports.
• Plan and execute ad-hoc audits as necessary.

What you will need

• Educational Qualification

  : Bachelor's/Master's degree in Computer Science, Information Security, or a related technical field.

• Experience

  :

  4-7 years in information security, compliance, or audit roles.

• Demonstrated experience in startup environments or knowledge of regulatory frameworks (e.g., PCI DSS, ISO 27001).
• Strong problem-solving skills and hands-on experience implementing compliance standards.
• Familiarity with frameworks like ISO27001, NIST, Cyber Kill Chain, and MITRE ATT&CK.
• Working knowledge of cloud platforms (AWS, GCP) is highly advantageous.
• Excellent project planning, stakeholder management, and communication skills.
• Ability to adapt to evolving regulatory landscapes and implement best practices.
• Certifications like ISO Lead Auditor/Implementer, CISSP, CISM, CISA, or CCSP are a plus.