Information Security & Compliance Analyst at INDmoney | Apply at INDmoney | Jobs near Gurugram

About the role

Information Security & Compliance Analyst - CISO Office

INDmoney is a regulated fintech company (ISO 27001:2022, PCI-DSS v4.0.1) operating in a multi-framework, high-audit environment. We are seeking an execution-focused Information Security & Compliance Analyst to support the CISO Office. This role requires strong structure, coordination, and the ability to handle multiple audits, offering high accountability and deep exposure to India’s fintech regulatory landscape.

Key Responsibilities:

Audit Coordination & Execution

End-to-end audit coordination (internal/external across all frameworks).
Drive evidence collection with cross-functional teams; ensure timely submissions.
Maintain a master audit calendar (timelines, dependencies, parallel audits).
Track findings, ensure closure, and escalate blockers.
Manage audit logistics, kick-offs, and status reporting.

Compliance Monitoring & Control Tracking

Maintain live compliance trackers; monitor control effectiveness.
Conduct internal reviews/gap assessments for audit readiness.
Track remediation and report status to CISOs.
Support audit readiness and evidence planning.

Evidence & Artefact Management

Own a structured, audit-ready evidence repository.
Standardize templates for recurring audits.
Ensure artefact completeness, accuracy, and version control.
Periodically review the repository for freshness.

Policy & Documentation Management

Maintain/update policies, SOPs, and standards.
Ensure alignment with actual practices and audit requirements.
Manage versioning, approvals, and distribution.

Third-Party & Partner Audit Support

Coordinate TPSA/TPRS and partner audits.
Manage security questionnaires and due diligence.
Act as SPOC for auditors and internal teams.

Risk & Finding Management

Maintain a central risk & findings register (audits, VAPT, reviews).
Track remediation, flag high-risk/aged items, and escalate.
Support risk assessment and prioritization.

VAPT & Technical Audit Support

Coordinate VAPT for cloud, APIs, and mobile apps.
Track findings, drive closure, and validate remediation.
Maintain VAPT history and reporting.

Qualifications:

Bachelor’s in Computer Science / IT / Information Security or related field.
2–5 years’ experience in InfoSec, IT audit, GRC, or compliance, preferably in regulated fintech/financial services.
Hands-on exposure to at least 2–3 frameworks: ISO 27001, PCI-DSS, RBI IS, SEBI, IRDAI.
Experience in external audit coordination and evidence management.
Proficiency with Excel/Sheets, Confluence, Jira, or GRC/project tools.

Preferred Qualifications:

Working knowledge of AWS security (IAM, VPC, logging, security groups).
Understanding of application security, VAPT lifecycle, vulnerability management.
Exposure to third-party/vendor risk assessments.
Certifications (ISO 27001 LA/LI, CISA or equivalent) are a plus.
Experience in multi-regulatory compliance environments strongly preferred.

Key Skills & Competencies:

Audit & Compliance Acumen: Ability to interpret regulations, map to controls, and collect relevant evidence.
Structured Tracking: Able to manage & prioritise concurrent audit activities without dropping threads.
Attention to Detail: Precise in documentation, evidence labelling, & artefact quality.
Stakeholder Communication: Confidently engages with internal teams and external auditors.
Process Discipline: Adheres to structured timelines, escalation paths, and documentation standards.
Problem Solving: Identifies gaps, anticipates audit risks, and drives practical remediation.

Role Positioning & Expectations:

This is an execution-heavy role with high operational ownership across audits.
It offers high visibility with direct CISO exposure.
Expect a strong learning curve across India’s fintech regulatory landscape.
You will be accountable for timelines, quality, and compliance outcomes.

Key skills/competency:

Information Security
Compliance
Audit Coordination
GRC
ISO 27001
PCI-DSS
Risk Management
VAPT
Fintech
AWS Security

How to get hired

Tailor your resume: Highlight your experience in fintech compliance, ISO 27001, and PCI-DSS. Quantify achievements in audit coordination and evidence management.
Showcase GRC skills: Emphasize your proficiency with tools like Jira, Confluence, or GRC platforms and your structured approach to tracking.
Prepare for technical questions: Be ready to discuss AWS security, VAPT lifecycle, and common fintech regulatory frameworks.
Demonstrate communication: Practice explaining complex compliance issues clearly and concisely for both technical and non-technical stakeholders.
Understand INDmoney: Research their regulated fintech status and commitment to security standards like ISO 27001 and PCI-DSS.

Frequently asked questions

What frameworks is INDmoney compliant with, and how does this role support them?

INDmoney is compliant with ISO 27001:2022 and PCI-DSS v4.0.1. As an Information Security & Compliance Analyst, you will be instrumental in coordinating and executing audits for these and other relevant frameworks (like RBI IS, SEBI, IRDAI), tracking compliance, managing evidence, and ensuring remediation efforts are effective.

What is the day-to-day involvement of an Information Security & Compliance Analyst at INDmoney?

Your typical day will involve coordinating with various teams to gather evidence for ongoing audits, updating compliance trackers, managing the evidence repository, addressing security questionnaires from partners, and tracking the closure of audit findings. You'll work closely with the CISO Office.

What kind of experience is most valuable for this Information Security & Compliance Analyst role at INDmoney?

The most valuable experience includes 2-5 years in InfoSec, IT audit, GRC, or compliance, particularly within regulated fintech or financial services. Hands-on experience with ISO 27001, PCI-DSS, and managing external audits with strong evidence collection skills are crucial.

How does INDmoney support professional development for its Information Security & Compliance Analysts?

This role offers deep exposure to India's fintech regulatory landscape and direct CISO interaction. While specific programs aren't detailed, the high accountability and cross-functional collaboration inherent in the position provide significant learning opportunities. Certifications like ISO 27001 LA/LI or CISA are considered a plus, suggesting a supportive environment for professional growth.

What technical skills are important for the Information Security & Compliance Analyst position?

Essential technical skills include proficiency with Excel/Sheets, Confluence, and Jira. Preferred skills include working knowledge of AWS security (IAM, VPC, logging), understanding of application security, and the VAPT lifecycle. Experience with GRC or project management tools is also beneficial.

What does 'execution-heavy' mean for this role at INDmoney?

'Execution-heavy' implies that this role is very hands-on and focused on driving tasks to completion. You'll be responsible for the practical implementation and management of audit coordination, evidence collection, compliance tracking, and remediation efforts, rather than purely strategic planning.

How important is experience with multiple frameworks for this role?

Experience with multiple frameworks (ISO 27001, PCI-DSS, RBI IS, SEBI, IRDAI) is strongly preferred. INDmoney operates in a multi-framework environment, so your ability to understand, track, and manage compliance across various regulations will be key to your success in this role.

Information Security & Compliance Analyst

Job highlights