**Job Role and Responsibility** The Senior Information Security Analyst should ensure the following : Identify, assess, evaluate and maintain appropriate security governance within the cloud and internally controlled environments (policy, procedures, baselines, and monitoring); assessment of required security controls, and testing of adherence to required policies, procedures and monitoring. will collaborate with other members of the Security and IT Infra teams to define appropriate and effective information security controls and will work with the various business units to implement them. will also be responsible for performing gap analysis exercises while working collaboratively with Functional Business Unit like HR, Sales, Marketing, Infra and IT teams to implement required remediation effectively. **Essential functions for this role include** Perform a deficiency analysis and implement required ISO 27001 controls, ITGC controls to meet IT Policy and Regulatory Compliance requirements in the Signzy environment. Escalate and resolve security risks and issues as required. Develop and track towards the overall mission and GRC Roadmap Develop metrics and reporting to demonstrate information security compliance status. Communicate the compliance effectiveness to Management on a scheduled basis. Test for adherence to policy and regulatory controls, procedures, and standards. Work closely with both Internal and External audit teams and coordinate security compliance audits Prepare for engagement reviews and quality assurance activities. Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure appropriate remediation measures have been achieved timely. Perform impact analysis as needed where controls fail or are considered ineffective. Track mitigation steps and ensure that risks are managed appropriately and in a timely manner. Assist with other GRC activities as required. Provide ongoing guidance and consultation to the organization to promote a progressive and sustainable GRC compliance initiative. Assist with integrating policy and regulatory compliance requirements into the organization’s processes (e.g., change control, mergers, and acquisitions) and life cycle activities. Manages timelines, resources, project plans, action item logs, status reports, and statistics to ensure milestones, goals, and commitments are met. Lead control integration efforts with new or existing systems and supporting architecture **Required Skills** 3-5 years of Compliance, Security, or IT Audit experience preferably. Working experience in Cloud Security Assessment, SOX ITGC, SOC 2, Privacy regulations- GDPR/CCPA/ PDPB(India Bill), ISO 27001:2013, NIST 800-53, Understanding of UIDAI, RBI - SEBI Security Guidelines, Biometrics regulatory experience is mandatory. Working knowledge of 3rd party assessment and filling 3rd party security questionnaires. Strong understanding of the application, network, operating system, and core infrastructure security concepts. Excellent written and verbal communication skills. Effective negotiating and problem-solving skills. Experience working with Internal and External Audit teams Proactive and detail orientated team player. Familiarity with common compliance frameworks such as ITIL, COBIT, COSO, ISO 27001, and industry-recognized guidance such as NIST a plus Strong analytical, diagnostic, critical thinking skills Ability to work efficiently and independently with minimal supervision Strong ability to represent data in graphical form