Compliance & Audit Lead

We are seeking a dynamic IT Compliance & Audit Lead to join our Governance, Risk & Compliance (GRC) team in Pune. This role will be pivotal in driving the implementation and evolution of ZSs Continuous Compliance Monitoring (CCM) program. The ideal candidate will bring hands-on technical security expertise, a strong audit and risk management mindset, and the ability to collaborate across technical and business stakeholders.

What youll do:

• Lead the development and execution of ZSs Continuous Compliance Monitoring (CCM) program across infrastructure, applications, and third-party vendors
• Collaborate cross-functionally with internal security, privacy, engineering, and operations teams to drive remediation and maturity of compliance gaps
• Serve as SME for security audits, helping interpret and implement compliance controls (e.g., ISO 27001, SOC 2 Type 2, NIST CSF, HIPAA, ESG reporting frameworks)
• Design and implement automated compliance checks and control testing routines aligned with risk appetite and audit requirements
• Conduct and support internal and external audits, including pre-audit readiness assessments, evidence collection, and issue remediation oversight
• Contribute to enterprise risk assessments, security profiling, and threat modeling to improve ZSs security posture
• Drive security incident post-mortems and track audit findings to closure with technical leads and business owners
• Assist in the maintenance and enhancement of security policies, procedures, and standards to reflect evolving risk and regulatory requirements
• Create training and awareness content related to policy adoption, audit preparedness, and security control responsibilities
• Provide metrics and executive-level reporting on compliance posture, audit outcomes, and CCM maturity
• Serve as a technical consultant in areas such as SIEM tuning, bounty hunting initiatives, and threat intelligence integration

What youll bring:

• Bachelor's degree in Computer Science, Information Systems, or a related field
• 4+ years of hands-on experience in Information Security, Audit, Compliance, or GRC roles with technical depth
• Proven experience implementing or maturing compliance frameworks like ISO 27001, SOC 2 Type 2, HIPAA, NIST CSF, etc.
• Strong understanding of security tooling and architecture, including:
• SIEM platforms (e.g., Splunk, Sentinel, QRadar)
• Threat modeling and profiling tools
• Vulnerability management platforms
• Cloud security configurations (AWS, Azure, GCP)
• Experience with bug bounty programs or threat hunting initiatives is a plus
• Excellent communication skills; ability to articulate risk and compliance requirements to technical and non-technical stakeholders
• Certifications preferred: CISA, CISSP, CRISC, CISM, ISO Lead Auditor/Implementer, CEH