Specialist, Information Security & Privacy
On-site · Pune, Maharashtra, India or Bengaluru, Karnataka, India
Job Summary
The Specialist in Information Security & Privacy will own and manage controls across SOC 2 Type II, ISO 27001, GDPR, and HIPAA frameworks, ensuring audit readiness and compliance through documentation and evidence management. Key responsibilities include coordinating external audits, conducting internal compliance reviews, and participating in Vulnerability Assessment and Penetration Testing (VAPT). The role requires collaboration with various teams to implement and document security controls, manage corrective actions, and develop automated workflows for compliance tracking using Python. Knowledge of cloud security, vulnerability management, and GRC frameworks is essential, alongside programming skills in Python. Candidates should possess strong communication skills, a methodical approach, and the ability to manage multiple workstreams.
Required Qualifications
- 2–3 years of hands-on experience in information security, GRC (Governance, Risk and Compliance), or a security-adjacent technical role.
- Demonstrated experience working with at least one major compliance framework (SOC 2, ISO 27001, GDPR, or HIPAA) — including evidence collection, control testing, or audit support.
- 1+ year of programming experience, with practical Python skills for scripting, automation, or data processing tasks.
- Exposure to cloud platforms, with working knowledge of AWS services (IAM, S3, CloudTrail, Security Hub, or equivalent) and basic familiarity with GCP.
- Understanding of common vulnerability classes, OWASP Top 10, and secure development principles sufficient to contextualise findings and communicate them to engineering teams.
- Familiarity with VAPT processes — including scoping, findings review, and remediation validation.
- Basic understanding of network security concepts: TLS/SSL, DNS, firewalls, VPNs, and cloud-native security controls.
- Working knowledge of authentication and identity concepts: SSO, OAuth 2.0, SAML, IAM, RBAC, and MFA.
- Ability to read and interpret security findings from external platforms such as SecurityScorecard, Qualys, or similar security rating and scanning tools.
- Proficient in Google Workspace — comfortable using Sheets for control tracking and mapping, Drive and Docs for policy and evidence management, Gmail for formal communications and sign-offs, Calendar for compliance scheduling.
- Experience using Jira for cross-functional issue tracking and Slack for team collaboration.
- Comfortable writing Python scripts for automation, data extraction, API integrations, or report generation.
- Exposure to or genuine curiosity about AI tooling, LLMs, and agent-based workflows.
Desired Qualifications
- Certifications: CISA, CISSP, CEH, CompTIA Security+, or any recognised AI / machine learning certification.
- Experience building or interacting with AI agents, LLM-based pipelines, or automation using frameworks such as LangChain or LangGraph.
- Hands-on experience with AI-assisted development tools such as Cursor or Claude Code.
- Familiarity with third-party risk and security rating platforms (SecurityScorecard, Panorays, UpGuard, Whistic, ProcessUnity).
- Prior experience with GCP services for development or workflow automation.
- Understanding of data privacy principles under GDPR and HIPAA, including data classification, retention policies, and subject rights processes.
- Exposure to SAST/DAST tooling, container security, or cloud security posture management (CSPM).
Additional Requirements
- All qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, disability, protected veteran status, or any other characteristic protected by law.
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.