How to Apply:

Please submit your application to [email protected]

Job Title: Compliance Analyst

Location: Bangalore, India

Department: Corporate Global Information System

Position Summary:

The Compliance Analyst is a senior individual contributor within the PennEngineering IS Risk & Compliance team who supports the Compliance Program Owner by owning defined compliance sub-components, executing audits and assessments, and driving day-to-day compliance operations.

This role supports the Sr. IT Risk & Security Engineer and Sr. Compliance Analyst to ensure regulatory, audit, and governance requirements are met across the enterprise.

The Compliance Analyst reports to the Senior Manager, IT Risk, Security & Compliance.

Key Responsibility

Compliance Execution

• Support the execution and ongoing monitoring of assigned compliance controls and domains (e.g., access governance, data access reviews, system compliance checks, operational controls).
• Perform assigned reviews to validate that controls are operating as designed and documented.
• Support compliance reporting, tracking, metrics, and remediation status using Jira or other internal governance tools.
• Identify and report control gaps, risks, and systemic issues to the Compliance Program Owner with clear analysis and recommendations.

Varonis Platform

• Serve as the operational owner of the Varonis platform.
• Enhance and validate the use of Varonis to:
  • Monitor and review user access rights to sensitive data
  • Identify excessive, inappropriate, or anomalous access
  • Support periodic access reviews and audit evidence collection
  • Apply data classification labeling to relevant data
• Partner with Security Engineering to:
  • Improve Varonis alerting, reporting, and coverage to better support compliance objectives
  • Identify opportunities to automate or streamline compliance evidence using Varonis data
• Translate Varonis findings into:
  • Actionable remediation tasks
  • Audit-ready evidence
  • Clear risk summaries for the Compliance Program Owner
• Continuously evaluate how Varonis is being used and recommend enhancements to improve compliance visibility, control assurance, and audit readiness.

Audit Support & Sub-Audit Ownership

• Support internal and external audits, including:
  • Evidence collection and validation (including Varonis-based evidence)
  • Control walkthrough preparation
  • Interview preparation. documentation and coordination with system and process owners
• Assist with audit responses and remediation plans for assigned findings.
• Help track remediation progress through closure and report status to the Compliance Program Owner.
• Support the Program Owner during audit planning, auditor interactions, and final reporting.

Policy & Documentation Maintenance

• Assist with maintenance and policy updates under the direction of the Compliance Program Owner.
• Support policy gap assessments related to assigned systems or regulatory areas.
• Support policy revisions and documentation review and approval.
• Manage policy publication, attestation, and training coordination through platforms such as KnowBe4.

Vendor & Third-Party Risk Management

• Support assigned (sub) section of vendor security and compliance assessments.
• Collect vendor documentation (e.g., SOC reports, questionnaires).
• Assist with Vendor outreach and feedback for assigned reviews.

Training, Awareness & Operational Support

• Support security training initiatives by assisting with tracking completion, identifying non-compliance trends, and assisting with reporting and follow up communications.
• Maintain and review KnowBe4 users, groups and assigned training curriculum and campaign roll-outs.

Continuous Improvement & Team Collaboration

• Identify opportunities to improve compliance workflows, tooling usage, documentation quality, and reporting efficiency.
• Assist with implementation and optimization of compliance tooling and processes.
• Collaborate with and support compliance staff as needed.

Requirements:

• Bachelor’s degree in Information Systems, Cybersecurity, Risk Management, or related field (or equivalent experience).
• 3–5years of experience in IT compliance, audit and risk management.
• Hands-on experience and skills in using Varonis for access governance, monitoring, or audit support.
• Experience supporting audits and maintaining compliance controls.
• Strong documentation, analytical, and stakeholder communication skills.
• Demonstrated professional fluency in English (written and spoken) required for collaboration with global stakeholders and preparation of technical and compliance documentation

Preferred Qualifications:

• Experience with ISO 27001, TISAX SOC, or similar frameworks.
• Strong familiarity with Jira, GRC platforms (e.g Archer, Drata, Vanta), and compliance training tools (KnowBe4)
• Experience with Active Directory (LDAP), M365 Entra and Purview