Location: Pune, India

Employment Type: Full-time

About the Role

- We are seeking a Compliance & Information Security Specialist to support and grow our compliance and privacy programs.

- This role is hands-on you will be responsible for implementing controls, monitoring compliance status, and supporting certifications across industry standards.

- Youll also play a key role in helping us implement Indias Digital Personal Data Protection (DPDP) Act and ensuring our security practices align with frameworks like CIS Benchmarks and NIST.

- This is an excellent opportunity for someone with 23 years of experience who wants to expand their career into compliance, security, and privacy within a high-growth company.

Key Responsibilities:

Compliance & Standards:

- Support compliance programs across ISO 27001, 27017, 27018, 27701, SOC 2 Type II, CASA.

- Maintain trackers, evidence sheets, and control status dashboards.

- Flag delays or risks and proactively follow up with stakeholders.

DPDP (India) Implementation:

- Assist in implementing Digital Personal Data Protection Act (DPDP) requirements.

- Help draft privacy notices, consent frameworks, and incident/breach response procedures.

- Track evolving DPDP updates and align practices accordingly.

Audit & Risk Management:

- Prepare documentation and evidence for audits (internal/external).

- Coordinate with auditors and certification bodies.

- Monitor corrective actions to closure.

- Apply CIS Benchmarks and NIST controls as baselines for system hardening and security posture.

Awareness & Culture:

- Conduct employee training on compliance, privacy, and security awareness.

- Work with IT, HR, and Engineering teams to integrate compliance into daily operations.

- Promote a compliance-first mindset across the company.

Requirements:

- 2- 3 years of experience in compliance, security, or privacy roles.

- Working knowledge of at least one compliance framework (ISO 27001, SOC 2, CASA, GDPR, DPDP).

- Awareness of CIS Benchmarks (system hardening) and NIST frameworks (CSF, 800-series).

- Strong organizational and documentation skills.

- Ability to maintain trackers, evidence sheets, and communicate effectively with cross-functional teams.

- Proactive, detail-oriented, and comfortable following up with teams to keep processes on track.

Nice to Have:

- Entry-level certifications such as ISO 27001 Associate, CISA Foundation, or CompTIA Security+.

- Experience in fast-growing startups or mid-sized companies handling sensitive data.

What Success Looks Like:

- Compliance records are always audit-ready and up to date.

- DPDP requirements are successfully rolled out across policies, processes, and systems.

- CIS/NIST baselines are applied across IT and cloud infrastructure.

- External audits and assessments are passed smoothly with minimal findings