Information Security Analyst

Designation: Information Security Compliance Analyst Experience: 2 - 5 years Location: Hyderabad / Chennai - India (Hybrid) Employment Type: Full-Time, Permanent Work Mode: Hybrid Reports To: Head of IT About the Role EvonSys is looking for a practical, technically aware Information Security Compliance Analyst to help strengthen and sustain our compliance programmes across ISO/IEC 27001:2022, SOC 2 Type II, and ISO/IEC 27701 Privacy Information Management System (PIMS). This role sits at the intersection of compliance, engineering, DevOps, infrastructure, and IT operations. The successful candidate will translate control requirements into clear technical actions, work closely with engineers to implement those controls, and ensure the evidence we maintain is audit-ready, meaningful, and aligned with day-to-day operations.

This is not a tick-box compliance position. We are looking for someone who understands how security controls work in real environments and can make compliance practical, sustainable, and useful for the business. Experience with AI-assisted development, AI-enabled security tooling, compliance automation, or AI governance will be a strong advantage.

Key Responsibilities Bridge Compliance and Engineering Act as the main point of coordination between Compliance and technical teams, including engineering, DevOps, infrastructure, cloud, and IT operations. Translate ISO 27001, SOC 2, and ISO 27701 control requirements into practical technical specifications and implementation guidance. Work with technical teams to design, implement, and validate controls across IAM, encryption, logging and monitoring, vulnerability management, network segmentation, and secure SDLC / CI/CD practices.

Embed compliance-by-design into architecture reviews, change management, new system onboarding, and cloud service evaluations. Review technical evidence such as configuration exports, pipeline outputs, vulnerability scan results, log samples, access reviews, and monitoring records. Support compliance automation through policy-as-code, CI/CD control gates, configuration baselines, evidence workflows, and continuous control monitoring.

ISO/IEC 27001:2022 - Information Security Management Support the implementation, operation, and continuous improvement of the Information Security Management System (ISMS). Coordinate risk assessments, Statement of Applicability (SoA) reviews, Annex A control mapping, and risk treatment plans. Prepare and maintain ISMS documentation, registers, procedures, evidence packs, and audit records.

Support internal audits, certification audits, surveillance audits, and follow-up actions with certification bodies. Track nonconformities, observations, corrective actions, and improvement items through to timely closure. SOC 2 Type II - Trust Services Criteria Support the SOC 2 Type II audit lifecycle, from readiness assessment through evidence collection, auditor liaison, and report issuance.

Map applicable Trust Services Criteria to internal controls and maintain clear evidence of design and operating effectiveness. Coordinate with technical control owners to ensure controls operate consistently throughout the audit period. Maintain a year-round compliance posture through continuous control monitoring and structured evidence management.

ISO/IEC 27701 / PIMS - Privacy Information Management Support the implementation and maintenance of the Privacy Information Management System as an extension of the ISMS. Align privacy controls with GDPR, PDPA, CCPA, and other relevant multi-jurisdictional privacy requirements. Maintain privacy records such as RoPA, DPIAs, cross-border transfer documentation, and privacy control evidence.

Work with Legal, Compliance, business, and technical teams to embed privacy-by-design into systems and processes. AI-Assisted Compliance, Automation, and AIMS Use AI-assisted tools such as GitHub Copilot, Cursor, Claude, ChatGPT, or similar platforms to support compliance automation, dashboards, and evidence workflows. Apply AI-enabled security or compliance tooling for monitoring, anomaly detection, log analysis, and control validation where appropriate.

Stay informed on emerging AI governance frameworks, including ISO/IEC 42001, the EU AI Act, and the NIST AI RMF. Contribute to responsible AI practices, AI-assisted development controls, and internal governance guidance for secure and compliant use of AI tools. What You Will Bring Required Experience and Qualifications ISO/IEC 27001:2022 Lead Implementer or Lead Auditor certification is mandatory.

Formal ISO/IEC 27701 training, implementation knowledge, or equivalent privacy management experience. 2-3+ years of hands-on experience supporting ISO 27001 and SOC 2 compliance programmes, including SOC 2 Type II audit support and auditor coordination. Strong technical understanding of cloud platforms such as AWS, Azure, or GCP; networking; IAM; endpoint and server security; and modern DevOps practices. Practical exposure to CI/CD pipelines, version control, containerisation, vulnerability management, logging, monitoring, and secure configuration practices.

Experience working directly with engineering, DevOps, infrastructure, and IT operations teams to implement and operationalise security and compliance controls. Ability to convert compliance requirements into practical technical actions, and explain technical implementation clearly to auditors and leadership. Working knowledge of GDPR, PDPA, and CCPA, including how privacy requirements map to ISO/IEC 27701 controls.

Strong documentation, stakeholder management, follow-up, and prioritisation skills across multiple compliance workstreams. Preferred Experience ISO/IEC 27701 Lead Implementer, privacy certification, or equivalent practical PIMS implementation experience. SOC 2 readiness and audit experience across multiple Trust Services Criteria.

Hands-on experience with GRC platforms and evidence management tools. Experience building compliance dashboards, control monitoring reports, or automation scripts using AI-assisted development tools. Familiarity with AI governance frameworks such as ISO/IEC 42001, NIST AI RMF, and responsible AI control practices.

Why Join EvonSys? Be part of a team that treats compliance as a strategic business enabler, not a documentation exercise. Work across ISO 27001, SOC 2, ISO 27701, privacy, AI governance, and technical security controls in one integrated programme.

Collaborate closely with engineering and infrastructure teams to make controls practical, automated, and sustainable. Contribute to a modern compliance function that embraces AI, automation, continuous monitoring, and smarter evidence management. Grow your career through exposure to global compliance standards, audit programmes, certifications, and professional development opportunities.

EvonSys offers a competitive remuneration package, comprehensive benefits, and a professional environment where strong ownership, practical thinking, and continuous improvement are recognised.