Information Security and Compliance Specialist (BFSI)

About the role:

We are seeking a hands-on Security & Compliance Lead to own and execute end-to-end security audits and compliance initiatives across applications, infrastructure, and organizational processes. This role ensures systems, applications, and business operations are secure, compliant, and aligned with both internal policies and regulatory requirements (e.g., RBI, ISO 27001, SOC 2 Type II).

Responsibilities:

• Conduct technical assessments (e.g., VRA, security checklists) required by new BFSI clients.
• Analyse and complete detailed cloud infrastructure security and compliance questionnaires.
• Assist in mapping customer security and regulatory requirements (e.g., ISO 27001, RBI, SOC 2 type II) to internal controls.
• Maintain documentation and templates for commonly requested BFSI assessment artifacts.
• Manage and complete security questionnaires from clients, vendors, and partners.
• Evaluate vendor security and compliance by reviewing their responses and
• supporting documentation.
• Identify security risks within the company’s IT infrastructure, applications and services.
• Ensure compliance with security standards such as ISO 27001, GDPR, SOC 2, or any other relevant frameworks.
• Work with internal teams to maintain compliance with legal and regulatory requirements.
• Collaborate with the IT security, legal, and procurement teams to address concerns identified in the security assessments.
• Develop and maintain internal security policies and procedures related to vendor assessments and third-party risk management.
• Prepare detailed reports summarizing findings from security assessments and risk analysis.
• Provide recommendations to improve security measures and compliance.
• Educate internal staff and external partners about security best practices and compliance requirements
• Support pre-sales and onboarding teams with timely delivery of assessment documentation.
• Stay updated with AWS best practices, shared responsibility model, and emerging cloud security trends.

Good to Have:

• Bachelor’s degree in computer science, Information Security, Data Science, or a related field
• 5+ years of experience working with Audit/compliance, application security assessments, AWS cloud security preferably BFSI domain
• 2+ yrs. of experience on AWS cloud security and risk assessments.
• Strong exposure to AWS cloud infrastructure (Guard Duty, security hub, inspector, Firewall, IAM, EC2, VPC, S3, Security Groups, etc.).
• Familiarity with secure coding practices, vulnerability management, and threat modelling.
• Experience with VRA templates, cloud security checklists, and assessment responses for enterprise or regulated clients.
• Familiarity with information security standards such as ISO 27001, SOC 2, RBI cybersecurity framework.
• Strong understanding of data protection, encryptions methodologies
• Ability to interpret and explain security configurations and policies in layman's terms.
• Experience with security controls, vulnerability scanning tools (e.g., Nessus, wire shark), or SIEM.
• Exposure with security tools such as network firewall, IPS/IDS is plus