Infosec Researcher
Scrut Automation · India
- Hybrid
- Full-time
- $100,000 / year
- India
Job highlights
- Infosec Researcher & Product Analyst role.
- Design compliance frameworks for SaaS.
- Collaborate with product/engineering teams.
- Support security audits and client needs.
- Remote position with competitive benefits.
About the role
Infosec Researcher & Product Analyst
Role Details
Position: Infosec Researcher & Product Analyst
Location: Remote
About SCRUT Automation
Scrut Automation is a one-stop shop for infosec compliance. It supports IT/ITES/SaaS companies in automating their information security compliance tasks and reduces manual work in maintaining compliance by ~70%. Founded by IIT/ISB/McKinsey alumni, the founding team has over 15 years of combined Infosec experience. Scrut is backed by Lightspeed Ventures and Endiya Partners, along with prominent angels from the global SaaS community.
The Scrut platform provides the fastest solution for achieving and maintaining compliance across global standards, including but not limited to SOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS, or CCPA, through its truly 'single window' operations. Scrut acts like an organization’s virtual CISO, so they can focus on their business and leave compliance to Scrut.
Overview Of The Job Profile
This role sits at the intersection of Information Security, Compliance, and Product Development. You will be responsible for designing and maintaining a common control framework that powers multiple compliance standards (e.g., ISO 27001, SOC 2, PCI-DSS, GDPR, DPDPA) within our platform. Working closely with product and engineering teams, this role requires strong collaboration with cross-functional teams and a keen interest in product development and building compliance automation solutions.
Responsibilities
- Design and maintain common control mappings across multiple frameworks (ISO 27001, SOC 2, PCI-DSS, NIST 800-53, GDPR, DPDPA, etc.).
- Collaborate with product and engineering teams to translate compliance requirements into product features and workflows.
- Contribute to the development of the platform’s control library, evidence library, and policy templates.
- Understanding the Policies and Procedures of the Client and suggesting improvement points related to Information Security.
- Understanding the setup of the Cloud Infrastructure of Clients and suggesting improvement points related to Information Security.
- Support internal and external audits (ISO 27001, SOC 2, etc.) from a framework and controls perspective.
- Stay updated with evolving regulations and standards, and incorporate changes into the product’s compliance architecture.
Requirements
- Degree in Engineering (Computer Science/IT) /MCA/ Business administration in a technology-related field required.
- Minimum of 2-3 years of experience in Information Security, Governance, Risk, and Compliance.
- Understanding of Unified/Secure Controls Framework.
- Exposure to one or more infosec audits, and the implementation of ISO 27001/SOC 2, GDPR, and PCI DSS, is a must.
- Professional security management certification (such as ISO 27001 Lead Auditor/Lead Implementer Certification, CISA, or CISSP) will be an added advantage.
- Knowledge of security controls of AWS / Microsoft Azure / GCP will be an added advantage.
- Excellent written and verbal communication skills and a high level of personal integrity.
- Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
Why should this job excite you?
- Opportunity to make an early impact on one of the most promising, high-growth SaaS startups in India.
- A high-performing action-oriented team.
- Immense exposure to the founders and the leadership.
- Opportunity to shape the future of B2B SaaS Customer Success with YOUR innovative ideas.
- The competitive compensation package, benefits, and employee-friendly work culture.
Note: Due to a high volume of applications, only the shortlisted candidates will be contacted by the HR team. We appreciate your interest and effort.
Key skills/competency
- Information Security
- Compliance Frameworks
- Product Development
- Risk Management
- Audit Support
- Cloud Security (AWS, Azure, GCP)
- ISO 27001
- SOC 2
- GDPR
- PCI DSS
Skills & topics
- Infosec Researcher
- Product Analyst
- Information Security
- Compliance
- GRC
- SaaS
- Remote
- ISO 27001
- SOC 2
- GDPR
How to get hired
- Tailor your resume: Highlight experience in Information Security, GRC, and specific compliance standards like ISO 27001, SOC 2, GDPR, and PCI DSS. Quantify achievements in automating compliance tasks.
- Showcase product acumen: Emphasize any experience translating compliance requirements into product features or workflows, demonstrating your interest in product development.
- Prepare for technical questions: Be ready to discuss your understanding of unified/secure controls frameworks and cloud security controls (AWS, Azure, GCP).
- Highlight leadership and communication: Provide examples of innovative thinking, leadership in cross-functional teams, and excellent written/verbal communication skills.
- Research Scrut Automation: Understand their mission to automate infosec compliance and their target market. Mentioning their investors like Lightspeed Ventures can show engagement.
Technical preparation
Master common control frameworks.,Understand cloud security controls (AWS/Azure/GCP).,Familiarize with infosec audit processes.,Practice translating requirements into features.
Behavioral questions
Describe a time you improved security processes.,How do you stay updated on regulations?,How do you collaborate with engineering teams?,Give an example of innovative thinking.
Frequently asked questions
- What specific compliance frameworks does Scrut Automation focus on for their Infosec Researcher & Product Analyst role?
- The Infosec Researcher & Product Analyst role at Scrut Automation focuses on designing and maintaining common control mappings across multiple frameworks including ISO 27001, SOC 2, PCI-DSS, NIST 800-53, GDPR, and DPDPA. Your expertise in these areas will be crucial.
- What is the expected level of experience for the Infosec Researcher & Product Analyst position at Scrut Automation?
- For the Infosec Researcher & Product Analyst role, Scrut Automation requires a minimum of 2-3 years of experience in Information Security, Governance, Risk, and Compliance. Experience with specific audits and implementations like ISO 27001/SOC 2, GDPR, and PCI DSS is a must.
- Is the Infosec Researcher & Product Analyst role at Scrut Automation remote or on-site?
- Yes, the Infosec Researcher & Product Analyst position at Scrut Automation is a remote role, offering flexibility in location for qualified candidates.
- What kind of product development involvement is expected in the Infosec Researcher & Product Analyst role?
- The Infosec Researcher & Product Analyst will collaborate closely with product and engineering teams to translate compliance requirements into tangible product features and workflows. You will contribute to the platform's control library and policy templates, playing a key role in product enhancement.
- Are certifications like CISA or CISSP required for the Infosec Researcher & Product Analyst job at Scrut Automation?
- While not strictly required, professional security management certifications such as ISO 27001 Lead Auditor/Lead Implementer, CISA, or CISSP are considered an added advantage for the Infosec Researcher & Product Analyst role at Scrut Automation.
- What is Scrut Automation's unique selling proposition as mentioned in the job description for the Infosec Researcher & Product Analyst role?
- Scrut Automation's unique selling proposition is being a one-stop shop for infosec compliance, automating tasks and significantly reducing manual work for IT/ITES/SaaS companies, acting as a virtual CISO.