Sr Compliance

While technology is the heart of our business, a global and diverse culture is the heart of our success. We love our people and we take pride in catering them to a culture built on transparency, diversity, integrity, learning and growth.
If working in an environment that encourages you to innovate and excel, not just in professional but personal life, interests you- you would enjoy your career with Quantiphi!

Job Description
Role: Compliance/Security Specialist
Experience Level: 6+ Years
Work location: Bangalore, Mumbai (Hybrid)

As a Compliance/Security Specialist, you will be the architect of trust and security standards for our enterprise clients. Your primary mission is to design, implement, and maintain robust security frameworks that align with global regulatory requirements and industry best practices. You will bridge the gap between technical security protocols and business compliance, ensuring that the organization’s digital assets are protected while meeting all legal and contractual obligations.

What You'll Do:

• Standardization & Framework Creation: Lead the design and rollout of comprehensive Information Security Management Systems (ISMS). You will develop internal security standards and policies based on global frameworks such as ISO 27001, NIST CSF, and SOC 2.
• Security Protocol Development: Define and standardize security protocols for identity management (MFA/IAM), data encryption, network security, and cloud environments (AWS/Azure/GCP).
• Experience in security governance, security risk management, security operations, security architecture, and/or cyber incident response programs for cloud
• Gap Analysis & Risk Assessment: Conduct deep-dive assessments to identify vulnerabilities in existing processes. You will translate these technical gaps into business risks and provide actionable remediation
• roadmaps.
• Audit Readiness & Management: Act as the primary liaison for internal and external auditors. You will manage the lifecycle of audit findings, ensuring that non-compliance issues are tracked and closed within stipulated timelines.
• Third-Party Risk Management (TPRM): Evaluate the security and compliance posture of vendors and third-party partners to ensure they meet the organization’s rigorous security benchmarks.
• Regulatory Monitoring: Stay ahead of the curve on emerging global regulations (GDPR, CCPA, Digital Personal Data Protection) and update organizational frameworks to ensure continuous compliance.

What You'll Need:

• Education: Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• Experience: 5+ years of experience in cybersecurity compliance, ideally within a GSI or professional services environment.
• Certifications (Preferred): * Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• ISO 27001 Lead Auditor/Implementer
• Certified in Risk and Information Systems Control (CRISC)
• Expert knowledge of ISO/IEC 27001, NIST 800-53, SOC 2 Type II, PCI-DSS, and HIPAA.
• Knowledge in GCP, including Google Cloud Professional Certifications (Security, Architect) and other industry certifications (CISSP, CCSP etc)
• Deep understanding of SSL/TLS, IPsec, OAuth 2.0, Zero Trust Architecture, and Endpoint Protection protocols.
• Hands-on experience with GRC platforms like ServiceNow GRC, MetricStream, or OneTrust.
• Familiarity with cloud-native compliance tools (e.g., Azure Purview, AWS Artifact, Google Cloud Compliance Reports).