29 days ago
Information Security and Compliance Analyst
INDmoney
On Site
Full Time
₹800,000
Gurugram, Haryana, India
Job Overview
Job TitleInformation Security and Compliance Analyst
Job TypeFull Time
Offered Salary₹800,000
LocationGurugram, Haryana, India
Who's the hiring manager?
Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.
Job Description
Information Security & Compliance Analyst - CISO Office
INDmoney is a regulated fintech company (ISO 27001:2022, PCI-DSS v4.0.1) operating in a multi-framework, high-audit environment. We are seeking an execution-focused Information Security & Compliance Analyst to support the CISO Office. This role requires strong structure, coordination, and the ability to handle multiple audits, offering high accountability and deep exposure to India’s fintech regulatory landscape.
Key Responsibilities:
Audit Coordination & Execution
- End-to-end audit coordination (internal/external across all frameworks).
- Drive evidence collection with cross-functional teams; ensure timely submissions.
- Maintain a master audit calendar (timelines, dependencies, parallel audits).
- Track findings, ensure closure, and escalate blockers.
- Manage audit logistics, kick-offs, and status reporting.
Compliance Monitoring & Control Tracking
- Maintain live compliance trackers; monitor control effectiveness.
- Conduct internal reviews/gap assessments for audit readiness.
- Track remediation and report status to CISOs.
- Support audit readiness and evidence planning.
Evidence & Artefact Management
- Own a structured, audit-ready evidence repository.
- Standardize templates for recurring audits.
- Ensure artefact completeness, accuracy, and version control.
- Periodically review the repository for freshness.
Policy & Documentation Management
- Maintain/update policies, SOPs, and standards.
- Ensure alignment with actual practices and audit requirements.
- Manage versioning, approvals, and distribution.
Third-Party & Partner Audit Support
- Coordinate TPSA/TPRS and partner audits.
- Manage security questionnaires and due diligence.
- Act as SPOC for auditors and internal teams.
Risk & Finding Management
- Maintain a central risk & findings register (audits, VAPT, reviews).
- Track remediation, flag high-risk/aged items, and escalate.
- Support risk assessment and prioritization.
VAPT & Technical Audit Support
- Coordinate VAPT for cloud, APIs, and mobile apps.
- Track findings, drive closure, and validate remediation.
- Maintain VAPT history and reporting.
Qualifications:
- Bachelor’s in Computer Science / IT / Information Security or related field.
- 2–5 years’ experience in InfoSec, IT audit, GRC, or compliance, preferably in regulated fintech/financial services.
- Hands-on exposure to at least 2–3 frameworks: ISO 27001, PCI-DSS, RBI IS, SEBI, IRDAI.
- Experience in external audit coordination and evidence management.
- Proficiency with Excel/Sheets, Confluence, Jira, or GRC/project tools.
Preferred Qualifications:
- Working knowledge of AWS security (IAM, VPC, logging, security groups).
- Understanding of application security, VAPT lifecycle, vulnerability management.
- Exposure to third-party/vendor risk assessments.
- Certifications (ISO 27001 LA/LI, CISA or equivalent) are a plus.
- Experience in multi-regulatory compliance environments strongly preferred.
Key Skills & Competencies:
- Audit & Compliance Acumen: Ability to interpret regulations, map to controls, and collect relevant evidence.
- Structured Tracking: Able to manage & prioritise concurrent audit activities without dropping threads.
- Attention to Detail: Precise in documentation, evidence labelling, & artefact quality.
- Stakeholder Communication: Confidently engages with internal teams and external auditors.
- Process Discipline: Adheres to structured timelines, escalation paths, and documentation standards.
- Problem Solving: Identifies gaps, anticipates audit risks, and drives practical remediation.
Role Positioning & Expectations:
- This is an execution-heavy role with high operational ownership across audits.
- It offers high visibility with direct CISO exposure.
- Expect a strong learning curve across India’s fintech regulatory landscape.
- You will be accountable for timelines, quality, and compliance outcomes.
Key skills/competency:
- Information Security
- Compliance
- Audit Coordination
- GRC
- ISO 27001
- PCI-DSS
- Risk Management
- VAPT
- Fintech
- AWS Security
How to Get Hired at INDmoney
- Tailor your resume: Highlight your experience in fintech compliance, ISO 27001, and PCI-DSS. Quantify achievements in audit coordination and evidence management.
- Showcase GRC skills: Emphasize your proficiency with tools like Jira, Confluence, or GRC platforms and your structured approach to tracking.
- Prepare for technical questions: Be ready to discuss AWS security, VAPT lifecycle, and common fintech regulatory frameworks.
- Demonstrate communication: Practice explaining complex compliance issues clearly and concisely for both technical and non-technical stakeholders.
- Understand INDmoney: Research their regulated fintech status and commitment to security standards like ISO 27001 and PCI-DSS.
Frequently Asked Questions
Find answers to common questions about this job opportunity
01What frameworks is INDmoney compliant with, and how does this role support them?
02What is the day-to-day involvement of an Information Security & Compliance Analyst at INDmoney?
03What kind of experience is most valuable for this Information Security & Compliance Analyst role at INDmoney?
04How does INDmoney support professional development for its Information Security & Compliance Analysts?
05What technical skills are important for the Information Security & Compliance Analyst position?
06What does 'execution-heavy' mean for this role at INDmoney?
07How important is experience with multiple frameworks for this role?
Explore similar opportunities that match your background