Senior Security & Compliance Analyst

Senior Security & Compliance Analyst

Location : New Delhi, India

About ThrivePass :

At ThrivePass, were on a mission to help employees and businesses Thrivebecause benefits should be more than just checkboxes.

Through personalized benefits technology, data-driven insights, and meaningful experiences, we empower companies to support their teams in ways that truly matter.

We dont just talk about culturewe build it.

Everything we do is rooted in our CARE values :

- Courageous : We embrace new challenges and fresh ideas.

- Authentic : We show up as our true selves and value transparency.

- Resourceful : We find creative solutions and make things happen.

- Excellent : We hold ourselves accountable and take pride in our work.

At ThrivePass, performance isnt just about hitting goalsits about how you show up. We invest in our employees growth and encourage bold thinking, collaboration, and continuous learning.

Join us in shaping the future of employee benefits!

About the Role :

This role plays a critical part in shaping our security policies, preparing for audits, and fostering a culture of compliance across the company.

Youll work closely with cross-functional teams, external auditors, and vendors to ensure our operations meet regulatory and customer expectations.

Responsibilities :

Compliance & Risk Management :

- Stay up to date with all relevant regulatory and compliance frameworks, including but not limited to SOC 2 Type II, GDPR, HIPAA, CCPA & PCI DSS.

- Ensure continuous compliance with all applicable frameworks through regular assessments, gap analysis, and remediation plans.

- Coordinate and prepare for third-party audits, penetration tests, and compliance assessments.

- Own and manage policy creation and documentation aligned with the latest standards and regulations.

- Lead Business Continuity and Disaster Recovery (BCDR) testing and facilitate regular security incident response simulations.

- Support and complete vendor security questionnaires using tools like Vanta AI, while supplementing with manual responses as needed.

Security Operations & Incident Response :

- Lead root cause analysis, stakeholder coordination, and response for security incidents and events.

- Manage SIEM tools (e.g., Azure Sentinel) to ensure actionable logging, threat detection, and reporting.

- Conduct internal and external audits including vulnerability assessments and risk analysis to proactively identify threats.

Cross-Functional Collaboration :

- Partner with engineering, product, IT, and legal teams to embed security best practices across all technical and operational workflows.

- Act as a strategic partner, ensuring compliance efforts are enablingnot blockingbusiness innovation.

- Champion security awareness across the company through training and enablement programs.

Reporting & Program Ownership :

- Own and maintain KPIs to track and improve compliance and security performance.

- Drive projects from initiation to completion using strong project management methodologies.

- Make compliance approachable and easy to understand for all employees.

Requirements :

Must-Have :

- Proven experience in a dedicated security, compliance, or information security role.

- Deep knowledge of key compliance standards (SOC 2, GDPR, HIPAA, CCPA, PCI DSS).

- Hands-on experience with SIEM tools (preferably Azure Sentinel).

- Strong understanding of security incident management and root cause analysis.

- Experience running audits, coordinating penetration tests, and managing risk registers.

- Proficiency in drafting and maintaining security policies.

- Excellent verbal and written communication skillscomfortable interfacing with both technical and non-technical audiences.

- Demonstrated ability to work cross-functionally and drive security initiatives from start to finish.

Nice-to-Have :

- Familiarity with compliance automation platforms (e.g., Vanta) and security awareness training tools (e.g., KnowBe4).

- Understanding of AI/automation workflows to improve compliance processes.

- Experience leading or mentoring other team members.

- Industry certifications: CISSP, CISA, CISM, CRISC, or equivalent.

- Strong analytical skills and a continuous improvement mindset.

Why Youll Love Working :

- Work in a fast-paced, innovative environment where your contributions will directly impact operations and scalability.

- Collaborate with forward-thinking teams that value efficiency, creativity, and experimentation.

- Be at the forefront of AI and automation adoption, learning and working with the latest tools and technologies.

- A culture that values courageousness, authenticity, resourcefulness, and excellence (we dont just say itwe live it).

- An inclusive and welcoming environment for all.

ThrivePass is committed to fostering a workplace where everyone feels valued and respected.