Cloud Security & GRC Specialist

As a Security & Compliance Lead at the company, you will play a crucial role in owning and executing end-to-end security audits and compliance initiatives across applications, infrastructure, and organizational processes. Your responsibilities include: - Conducting technical assessments required by new BFSI clients, such as VRA and security checklists. - Analyzing and completing detailed cloud infrastructure security and compliance questionnaires. - Assisting in mapping customer security and regulatory requirements to internal controls. - Maintaining documentation and templates for commonly requested BFSI assessment artifacts. - Managing and completing security questionnaires from clients, vendors, and partners. - Evaluating vendor security and compliance by reviewing their responses and supporting documentation. - Identifying security risks within the company's IT infrastructure, applications, and services. - Ensuring compliance with security standards such as ISO 27001, GDPR, SOC 2, and other relevant frameworks. - Collaborating with internal teams to maintain compliance with legal and regulatory requirements. - Working with IT security, legal, and procurement teams to address concerns identified in security assessments. - Developing and maintaining internal security policies and procedures related to vendor assessments and third-party risk management. - Preparing detailed reports summarizing findings from security assessments and risk analysis. - Providing recommendations to improve security measures and compliance. - Educating internal staff and external partners about security best practices and compliance requirements. - Supporting pre-sales and onboarding teams with timely delivery of assessment documentation. - Staying updated with AWS best practices, shared responsibility model, and emerging cloud security trends. Qualifications that would be good to have for this role include: - Bachelor's degree in computer science, Information Security, Data Science, or a related field. - 5+ years of experience working with Audit/compliance, application security assessments, AWS cloud security preferably in the BFSI domain. - 2+ years of experience in AWS cloud security and risk assessments. - Strong exposure to AWS cloud infrastructure components such as Guard Duty, security hub, inspector, Firewall, IAM, EC2, VPC, S3, Security Groups, etc. - Familiarity with secure coding practices, vulnerability management, and threat modeling. - Experience with VRA templates, cloud security checklists, and assessment responses for enterprise or regulated clients. - Familiarity with information security standards such as ISO 27001, SOC 2, RBI cybersecurity framework. - Strong understanding of data protection and encryption methodologies. - Ability to interpret and explain security configurations and policies in layman's terms. - Experience with security controls, vulnerability scanning tools (e.g., Nessus, Wireshark), or SIEM. - Exposure to security tools such as network firewall, IPS/IDS is a plus.,