Information Security Compliance Analyst

Role overview

EvonSys is hiring an Information Security Compliance Analyst to help run and improve its compliance programs across ISO/IEC 27001:2022, SOC 2 Type II, and ISO/IEC 27701 (PIMS). This position blends compliance with hands-on technical collaboration, working with engineering, DevOps, infrastructure, cloud, and IT operations teams to turn control requirements into practical actions and audit-ready evidence.

The role is based in Hyderabad or Chennai, India, with a hybrid work arrangement and full-time permanent employment. It reports to the Head of IT. The ideal candidate should be able to make security compliance workable in real environments rather than treating it as a checkbox exercise. Experience with AI-assisted development, AI security tools, compliance automation, or AI governance is a strong plus.

Bridge between compliance and technical teams

• Serve as the primary coordination point between compliance and technical groups such as engineering, DevOps, infrastructure, cloud, and IT operations.
• Convert ISO 27001, SOC 2, and ISO 27701 requirements into actionable technical guidance and implementation details.
• Partner with technical teams to design, deploy, and test controls covering IAM, encryption, logging and monitoring, vulnerability management, network segmentation, and secure SDLC/CI/CD practices.
• Build compliance into architecture reviews, change management, onboarding of new systems, and cloud service assessments.
• Evaluate technical evidence including configuration exports, pipeline results, vulnerability scans, log excerpts, access reviews, and monitoring records.
• Support automation efforts using policy-as-code, CI/CD control gates, configuration baselines, evidence workflows, and continuous control monitoring.

ISO/IEC 27001:2022 responsibilities

• Help implement, run, and continuously improve the Information Security Management System (ISMS).
• Coordinate risk assessments, Statement of Applicability reviews, Annex A mapping, and risk treatment plans.
• Prepare and maintain ISMS records, procedures, registers, evidence bundles, and audit documentation.
• Assist with internal, certification, and surveillance audits, including actions required after audits with certification bodies.
• Track nonconformities, observations, corrective actions, and improvement items through closure.

SOC 2 Type II responsibilities

• Support the SOC 2 Type II process from readiness review through evidence gathering, auditor coordination, and report completion.
• Map Trust Services Criteria to internal controls and maintain evidence showing both design and operating effectiveness.
• Work with control owners to confirm controls remain effective throughout the audit period.
• Maintain a steady year-round compliance posture through ongoing monitoring and organized evidence handling.

ISO/IEC 27701 / privacy management

• Assist with implementing and maintaining the Privacy Information Management System as part of the ISMS.
• Align privacy controls with GDPR, PDPA, CCPA, and other applicable cross-border privacy requirements.
• Maintain privacy documentation such as RoPA, DPIAs, cross-border transfer records, and privacy control evidence.
• Work with Legal, Compliance, business, and technical stakeholders to integrate privacy-by-design into systems and processes.

AI-assisted compliance and governance

• Use AI-enabled tools such as GitHub Copilot, Cursor, Claude, ChatGPT, or similar solutions to support compliance automation, dashboards, and evidence processes.
• Apply AI-based security or compliance tools for monitoring, anomaly detection, log review, and control validation where suitable.
• Keep up with emerging AI governance frameworks such as ISO/IEC 42001, the EU AI Act, and the NIST AI RMF.
• Contribute to responsible AI practices, controls for AI-assisted development, and internal guidance for secure and compliant use of AI tools.

Required background

This role requires an ISO/IEC 27001:2022 Lead Implementer or Lead Auditor certification. Candidates should also bring formal ISO/IEC 27701 training, implementation experience, or equivalent privacy management exposure. The expected experience level is around 2 to 5 years in information security compliance, with at least 2 to 3+ years of direct involvement in ISO 27001 and SOC 2 programs, including SOC 2 Type II audit support and auditor interaction.

A strong technical foundation is important, including familiarity with AWS, Azure, or GCP; networking; IAM; endpoint and server protection; and modern DevOps practices. Practical experience with CI/CD pipelines, version control, containers, vulnerability management, logging, monitoring, and secure configuration is needed. The candidate should be able to translate compliance requirements into concrete technical tasks and explain those choices clearly to auditors and leadership.

Working knowledge of GDPR, PDPA, and CCPA is expected, along with the ability to connect privacy obligations to ISO/IEC 27701 controls. Strong documentation, stakeholder management, follow-up, and prioritization skills are also essential.

Preferred background

• ISO/IEC 27701 Lead Implementer certification, privacy certification, or comparable PIMS implementation experience.
• Experience supporting SOC 2 readiness and audit work across multiple Trust Services Criteria.
• Hands-on use of GRC platforms and evidence management tools.
• Experience creating compliance dashboards, control monitoring reports, or automation scripts with AI-assisted tools.
• Familiarity with AI governance frameworks such as ISO/IEC 42001, NIST AI RMF, and responsible AI control practices.

Why this role stands out

• Join a team that treats compliance as a business enabler rather than a paperwork exercise.
• Work across ISO 27001, SOC 2, ISO 27701, privacy, AI governance, and technical security controls in one integrated program.
• Collaborate closely with engineering and infrastructure teams to make controls practical, automated, and sustainable.
• Help build a modern compliance function that uses AI, automation, continuous monitoring, and improved evidence management.
• Gain exposure to global compliance standards, audit programs, certifications, and professional development opportunities.

Company information

EvonSys helps leading organizations improve operations by using low-code platforms. Since 2015, the company has supported multinational banks, automotive manufacturers, insurance companies, retailers, and government organizations in automating operations, reducing risk, and improving people management through its solution suite. The business began with Pega and now operates across platforms including Mendix, OutSystems, and Salesforce.

Compensation and employment details

This is a full-time, permanent role in a hybrid work setup. The company states that it provides a competitive remuneration package, comprehensive benefits, and a professional environment where ownership, practical thinking, and continuous improvement are valued.