Compliance And Audit Lead

IT Compliance & Audit Lead ZS Governance, Risk & Compliance (GRC) Team

• Lead the development and execution of ZSs Continuous Compliance Monitoring (CCM) program across infrastructure, applications, and third-party vendors
• Collaborate cross-functionally with internal security, privacy, engineering, and operations teams to drive remediation and maturity of compliance gaps
• Serve as SME for security audits, helping interpret and implement compliance controls (e.g., ISO 27001, SOC 2 Type 2, NIST CSF, HIPAA, ESG reporting frameworks)
• Design and implement automated compliance checks and control testing routines aligned with risk appetite and audit requirements
• Conduct and support internal and external audits, including pre-audit readiness assessments, evidence collection, and issue remediation oversight
• Contribute to enterprise risk assessments, security profiling, and threat modeling to improve ZSs security posture
• Drive security incident post-mortems and track audit findings to closure with technical leads and business owners
• Assist in the maintenance and enhancement of security policies, procedures, and standards to reflect evolving risk and regulatory requirements
• Create training and awareness content related to policy adoption, audit preparedness, and security control responsibilities
• Provide metrics and executive-level reporting on compliance posture, audit outcomes, and CCM maturity
• Serve as a technical consultant in areas such as SIEM tuning, bounty hunting initiatives, and threat intelligence integration

Qualifications

• Bachelor's degree in Computer Science, Information Systems, or a related field
• 4+ years of hands-on experience in Information Security, Audit, Compliance, or GRC roles with technical depth
• Proven experience implementing or maturing compliance frameworks like ISO 27001, SOC 2 Type 2, HIPAA, NIST CSF, etc.
• Strong understanding of security tooling and architecture, including:
• SIEM platforms (e.g., Splunk, Sentinel, QRadar)
• Threat modeling and profiling tools
• Vulnerability management platforms
• Cloud security configurations (AWS, Azure, GCP)

• Experience with bug bounty programs or threat hunting initiatives is a plus
• Excellent communication skills; ability to articulate risk and compliance requirements to technical and non-technical stakeholders
• Certifications preferred: CISA, CISSP, CRISC, CISM, ISO Lead Auditor/Implementer, CEH

NO AGENCY CALLS, PLEASE.

• Like ZS in India on

  Facebook

• Follow ZS in India on

  Twitter

  and

  Instagram

• Follow ZS on

  LinkedIn

  for more job opportunities
• Subscribe to the ZS in India

  YouTube

  channel
• Explore the

  Life at ZS

  blog

ZSs accolades