How to Apply:

Please submit your application to [email protected]

Job Title: Senior Compliance Analyst

Location: Bangalore, India

Department: Corporate Global Information System

Position Summary:

The Senior Compliance Analyst is a senior individual contributor within the PennEngineering IS Risk & Compliance team who supports the Compliance Program Owner by owning defined compliance sub-components, executing audits and assessments, and driving day-to-day compliance operations.

This role partners closely with the Sr. IT Risk & Security Engineer to ensure regulatory, audit, and governance requirements are met across the enterprise. While the Senior Compliance Analyst independently leads assigned compliance activities, overall program strategy, final risk decisions, and external accountability remain with the Program Owner.

The Senior Compliance Analyst reports to the Senior Manager, IT Risk, Security & Compliance.

Key Responsibility

Compliance Execution & Control Ownership

• Own the execution and ongoing monitoring of assigned compliance controls and domains (e.g., access governance, data access reviews, system compliance checks, operational controls).
• Perform independent reviews to validate that controls are operating as designed and documented.
• Maintain compliance tracking, metrics, and remediation status using Jira or other internal governance tools.
• Escalate control gaps, risks, and systemic issues to the Compliance Program Owner with clear analysis and recommendations.

Audit Support & Sub-Audit Ownership

• Lead assigned portions of internal and external audits, including:
  • Evidence collection and validation
  • Control walkthrough preparation
  • Interview preparation, execution and coordination with system and process owners
• Draft audit responses and remediation plans for assigned findings.
• Track remediation progress through closure and report status to the Compliance Program Owner.
• Support the Program Owner during audit planning, auditor interactions, and final reporting.

Policy & Documentation Maintenance

• Maintain and update assigned policies, standards, and procedures under the direction of the Compliance Program Owner.
• Perform policy gap assessments related to assigned systems or regulatory areas.
• Draft policy revisions and supporting documentation for review and approval.
• Support policy publication, attestation, and training coordination through platforms such as KnowBe4.

Vendor & Third-Party Risk Management

• Support and/or execute assigned vendor assessment activities and communications.
• Validate and review submitted vendor documentation (e.g., SOC reports, questionnaires).
• Asses and document identified risks and provide clear summaries and recommendations to the Compliance Program Owner.
• Track vendor responses, remediation actions and other follow up activities.

Training, Awareness & Operational Support

• Support security training initiatives by tracking completion, identifying non-compliance trends, and assisting with reporting and follow up communications.
• Ensure all newly onboarded users receive and complete the mandatory new user Security Awareness Training through KnowBe4.
• Support responses to, and research internal compliance and security related inquiries and requests.
• Where appropriate, participate in change management, security review, and compliance meetings as a subject-matter contributor.

Continuous Improvement & Team Collaboration

• Identify opportunities to improve compliance workflows, tooling usage, documentation quality, and reporting efficiency.
• Assist with implementation and optimization of compliance tooling and processes.
• Collaborate with and support other compliance staff as needed.
• Stay current on regulatory and compliance developments relevant to assigned responsibilities.

Requirements:

• Bachelor’s degree in Information Systems, Cybersecurity, Risk Management, or related field (or equivalent experience).
• 5+ years of experience in IT compliance, audit and risk management.
• Experience with ISO 27001, SOC, or similar frameworks.
• Experience supporting external audits, conducting internal audits, and maintaining compliance controls.
• Strong documentation, analytical, and stakeholder communication skills.
• Demonstrated professional fluency in English (written and spoken) required for collaboration with global stakeholders and preparation of technical and compliance documentation

Preferred Qualifications:

• Experience with TISAX, GDPR and other frameworks.
• Strong familiarity with Jira, GRC platforms (e.g Archer, Drata, Vanta), and compliance training tools, Varonis and KnowBe4
• Experience with Third Party Risk Management (TPRM)
• Relevant professional certifications such as CISA, CRISC, or CISSP.
• Experience with Active Directory (LDAP), M365 Entra and Purview.