We’re Hiring Information Security & Compliance Analyst

Information Security & Compliance AnalystIn Office | Full-Time | Gurugram, IndiaDepartmentInformation Security & ComplianceReports ToInformation Security LeadExperience2–4 years in GRC / Compliance / Internal AuditEducationBachelor’s in Information Security, Computer Science, IT, or related fieldAbout the RoleWe are a healthcare services and technology company serving 270+ healthcare organizations across the US. Our Information Security program is in a high-growth phase, with active certification and compliance initiatives underway across HITRUST, SOC 2, and ISO 27001.We are looking for a hands-on compliance execution specialist who will drive our day-to-day security compliance operations. You will work under the direction of our Information Security Lead (a senior consultant with deep healthcare security expertise) and alongside a dedicated Security Operations team. This role focuses on audit readiness, evidence management, vendor compliance, and policy lifecycle management. Our compliance operations run on the Sprinto GRC platform.ResponsibilitiesAudit Readiness & Evidence ManagementOwn the end-to-end evidence collection pipeline for HITRUST, SOC 2, and ISO 27001 auditsMaintain and organize the evidence repository (via Sprinto) with zero gaps and audit-trail integrityCoordinate with cross-functional teams (IT, HR, Operations) to gather evidence on schedulePrepare audit working papers and support internal and external audit engagementsTrack audit findings, remediation action items, and closure timelinesPolicy & Compliance Lifecycle ManagementDraft, review, and maintain security policies aligned to NIST CSF, ISO 27001, and HIPAA requirementsManage policy version control, approval workflows, and acknowledgment trackingMonitor regulatory changes (HIPAA updates, state privacy laws, emerging standards) and flag implicationsRespond to customer compliance questionnaires and security assessments accurately and on timeManage BAA (Business Associate Agreement) compliance documentationRisk Assessment & Vendor ComplianceSupport quarterly risk assessments — data collection, evidence gathering, risk scoringMaintain the risk register and track remediation progress against target timelinesConduct vendor security assessments as part of the third-party risk management programTrack vendor compliance status, BAA execution, and security posture documentationSupport DLP (Data Loss Prevention) controls monitoring and reportingSecurity Awareness & ReportingDevelop and coordinate security awareness training content (HIPAA, data handling, incident reporting)Track training completion rates and phishing simulation performance metricsSupport incident response documentation and post-incident reportingPrepare monthly compliance status reports for managementEarly Impact OpportunitiesThis role offers the chance to make a visible contribution from day one. Within your first six months, you will be directly supporting active HITRUST and SOC 2 certification efforts, building evidence pipelines from the ground up, and establishing the compliance processes that the organization will run on going forward. You will have a front-row seat to three concurrent certification programs — a rare level of exposure at this career stage.Scope & FocusThis role sits squarely in the governance, risk, and compliance (GRC) domain. Security strategy and architecture are owned by the Information Security Lead, while technical security operations (vulnerability management, incident response, access controls) are handled by a separate team. Your focus is on keeping the compliance engine running — evidence, documentation, audit readiness, policy lifecycle, and vendor compliance. If you enjoy building structured, repeatable processes and take pride in keeping things organized and audit-ready, this is the right fit.Must-Have Qualifications2–4 years of experience in GRC, compliance, or internal audit — preferably in healthcare or a regulated industryWorking knowledge of HIPAA/HITECH compliance requirements with hands-on audit or compliance program experienceExperience with at least one GRC platform (Sprinto, Vanta, Drata, OneTrust, or similar). Sprinto experience is a strong plus.Hands-on experience with evidence collection, audit preparation, and working with external auditorsFamiliarity with ISO 27001, SOC 2, or HITRUST frameworks (direct experience with at least one required)Strong documentation and written communication skillsSelf-driven execution style — you take direction well and proactively identify what needs to happen nextNice-to-HaveCertifications: ISO 27001 Lead Implementer/Internal Auditor, CISA, CRISC, or HITRUST CCSFPExperience in a BPO/KPO or healthcare services environment with multi-geography operationsExposure to vendor risk management and third-party security assessmentsExperience supporting HITRUST validated or certified assessmentsFamiliarity with NIST CSF frameworkWhy Join UsWork directly with a senior security consultant who will mentor your growth in healthcare complianceExposure to three concurrent certification programs (HITRUST, SOC 2, ISO 27001) — accelerated learning curveClear growth path to Compliance Manager / GRC Manager within 24–36 months based on performanceMulti-geography exposure across US, India, and Philippines operationsPerformance-linked bonus tied to certification milestones and operational delivery

Apply Now


Discover more from Whitehattoolbox Jobs

Subscribe to get the latest posts sent to your email.

By Admin

Leave a Reply