We are seeking a Compliance and Information Security Specialist to support and grow our compliance and privacy programs.

This role is hands-on; you will be responsible for implementing controls, monitoring compliance status, and supporting certifications across industry standards.

You'll also play a key role in helping us implement India's Digital Personal Data Protection (DPDP) Act and ensuring our security practices align with frameworks like CIS Benchmarks and NIST.

This is an excellent opportunity for someone with2-3 years of experience who wants to expand their career into compliance, security, and privacy within a high-growth company.

Compliance And Standards :

The core responsibilities for the job include the following :

- Support compliance programs across ISO, 27001 27017 27018 27701 SOC 2 Type II, CASA.

- Maintain trackers, evidence sheets, and control status dashboards.

- Flag delays or risks and proactively follow up with stakeholders.

DPDP (India) Implementation :

- Assist in implementing the Digital Personal Data Protection Act (DPDP) requirements.

- Help draft privacy notices, consent frameworks, and incident/breach response procedures.

- Track evolving DPDP updates and align practices accordingly.

Audit And Risk Management :

- Prepare documentation and evidence for audits (internal/external).

- Coordinate with auditors and certification bodies.

- Monitor corrective actions to closure.

- Apply CIS Benchmarks and NIST controls as baselines for system hardening and security posture.

Awareness And Culture :

- Conduct employee training on compliance, privacy, and security awareness.

- Work with IT, HR, and Engineering teams to integrate compliance into daily operations.

- Promote a compliance-first mindset across the company.

Requirements :

- 2 - 3 years of experience in compliance, security, or privacy roles.

- Working knowledge of at least one compliance framework (ISO 27001 SOC 2 CASA, GDPR, DPDP).

- Awareness of CIS Benchmarks (system hardening) and NIST frameworks(CSF, 800-series).

- Strong organizational and documentation skills.

- Ability to maintain trackers, evidence sheets, and communicate effectively with cross-functional teams.

- Proactive, detail-oriented, and comfortable following up with teams to keep processes on track.

Nice To Have :

- Entry-level certifications such as ISO 27001 Associate, CISA Foundation, or CompTIA Security+.

- Experience in fast-growing startups or mid-sized companies handling sensitive data.

Desired Skills and Experience : Application Security, Information Security, Vulnerability Assessment