Business Analyst (SOC 2)

We are seeking a highly skilled Business Analyst with strong expertise in process assessment, compliance frameworks, and system mapping to support our SOC 2 compliance initiative. The ideal candidate will have a proven track record of analyzing business processes, identifying gaps, and driving process improvements across technology and business functions. This role will be central to bridging business, technology, and compliance requirements, ensuring successful execution of our SOC 2 program.

Key Responsibilities:

• Assessment & Scoping

Conduct inventory of systems, applications, and processes in scope. Map SOC 2 Trust Services Criteria to applicable systems/processes.

• Controls Mapping & Gap Analysis

Perform detailed analysis of current development practices vs. SOC 2 requirements. Document gaps and define actionable remediation plans.

• Process Design & Enhancement

Develop and document SOPs, control policies, and compliance workflows. Collaborate with development, IT, and compliance teams to refine processes.

• Implementation Support

Partner with teams to roll out compliance processes and tool configurations. Monitor adoption, identify challenges, and propose refinements.

• Evidence Collection & Management

Define mechanisms for capturing, storing, and tracking compliance evidence. Work with stakeholders to maintain dashboards/repositories linking controls to evidence.

• Monitoring & Continuous Improvement

Support internal audits, prepare compliance reports, and track KPIs. Recommend ongoing improvements to ensure evolving compliance effectiveness.

Required Skills & Qualifications:

• 8–10 years of experience in Business Analysis, Process Improvement, or IT Compliance.
• Strong knowledge of SOC 2 compliance frameworks (or equivalent: ISO 27001, HIPAA, PCI DSS).
• Proven ability to perform gap analysis, control design, and documentation.
• Hands-on experience with SDLC processes, automation platforms, and logging/monitoring tools.
• Excellent skills in requirements gathering and stakeholder management.
• Experience with process standards like ISO, CMMi, etc.
• Strong analytical mindset with ability to translate compliance needs into operational processes.
• Excellent communication skills – able to engage with technical and non-technical stakeholders.

Preferred Skills:

• Exposure to low-code/no-code platforms (e.g., Power Automate, Power Apps).
• Familiarity with evidence management tools, GRC platforms, or compliance dashboards.
• Experience working in regulated environments (BFSI, Healthcare, or SaaS).
• Certifications in CISA, CISM, or Business Analysis (CBAP/CCBA) are a plus.