Senior Compliance Analyst

Signzy is a digital trust system. We provide identification, background checks, forgery detection

and contract management systems which enable contracting in a trustable, safe, legal, and

convenient manner. Our biometric user authentication system and blockchain-based digital trail

ensure non-repudiation. This increases compliance and enforceability in the court of law. We

consist of a tech-savvy team and are backed by investors who are enthusiastic about creating

solutions with technology.

Working at Signzy

● At Signzy we breathe software and exploit the latest technologies to create the most

amazing products. We comprise a tech-savvy team and are backed by investors who are

enthusiastic about creating solutions using technology.

● Signzy is looking for an Compliance Analyst. If you think you have what it

takes to get the job done, this is an invitation to be a part of the future!

JD for role of Compliance Analyst - II

Responsibilities

• Development, implementation, and management of security policies, standards, guidelines, and procedures to ensure the ongoing improvement and maintenance of security posture in line with ISO 27001, SOC2 Type 2, PCI DSS etc.,
• Understand technical implementation details necessary to assess general and situational Information Security risk.
• Coordinate with multiple teams across the organization for the Audits
• Lead the Third Party Risk Management audits conducted by Banks and other Authorities
• Closely interact and work with Clients[Banks, Fintechs etc] in ensuring smooth audit process and TPRM
• Coordinate internal and external audits, ensuring timely collection of artifacts and responses.
• Manage the end-to-end vendor/partner onboarding risk process - due diligence, risk assessment, contract compliance, and continuous monitoring.
• Maintain and improve the enterprise GRC framework aligned to ISO 27001/27701, SOC 2, PCI-DSS
• Support risk assessments (operational, cyber, privacy) and maintain risk registers.
• Design, implement, maintain, and improve programs to address key company risks and prepare internal teams for independent assessments against a wide variety of regulatory and compliance frameworks.
• Demonstrated experience with common compliance frameworks (SOX, GDPR, CCPA, PCI, ISO27000, NIST Cybersecurity Framework, NIST SP800-53)
• Understanding of security best practices (Password security, device security etc) in the context of Security Training and Awareness
• Conduct internal control testing and compliance reviews across infrastructure, applications, and processes.
• Establishing appropriate levels of security controls, systems monitoring, and security audits.
• Assisting in the security engineering team with prioritizing patches and security fixes.
• Improve controls for internal systems, processes, and policies.
• Support the execution of multiple audit programs internally and externally.
• Provide clear expectations and direction to security and engineering teams on audit requirements.

Requirements

Must Have

• 3+ years of proven experience in information security, audit, compliance, risk assessment, and management.
• Hands-on experience in managing and driving security compliance mainly ISO 27001, PCI DSS, Data Localization and Bank Audits
• Ability to prioritise, manage, and deliver on multiple projects simultaneously and partner with management in support of key initiatives and projects.
• Knowledge of pragmatic security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
• Experience developing and producing security metrics and reports that are meaningful and actionable across various audiences.
• In-depth understanding of the regulatory requirements and trends in the FinTech domain.
• Ability to communicate to management, technical, and non-technical persons about the risk associated with the business.
• Defining and maintaining the policies as per ISMS framework
• Monitor third-party risk assessments and assist in performing internal risk assessments.

Good to Have

• Certifications such as ISO27001 Lead Auditor/Implementer
• CISA/CISM certification would be a plus
• Ability to use basic automation/scripting (Python, SQL) for evidence collection.
• Experience with SIEM/SOC outputs to validate alerts as audit evidence.
• Knowledge of data governance/DLP tools.
• Awareness of AI/ML governance and evolving regulatory frameworks.
• Skills in continuous compliance (CI/CD, IaC scanning).
• Well-versed with data security and data privacy.
• Strong team player, but can work and execute independently
• Brilliant written, verbal communication, and interpersonal skills