GRC & Cyber Security Specialist - Cloud & Audit

About the RoleWe are looking for a technically proficient and audit-savvy Compliance Specialist to strengthen our PCI and SOC programs. This role will solve for key gaps in technical control implementation, cloud environment understanding, audit automation, and end-to-end SOC program execution. You will bring strong execution skills, audit experience, and the ability to work cross-functionally with engineering, DevOps, and risk teams to build a scalable, automation-first compliance program.

Skills & ExperienceMust-Have:Minimum 4-7 years of experience in GRC, cloud security, or compliance roles (preferably in SaaS)Hands-on knowledge of PCI DSS and/or ISO27001/ SOC 1/ SOC 2 compliance frameworks and Implementation knowledge

Strong working knowledge of AWS services and their security configuration

Experience working with auditors and managing evidence for certification processes

Ability to analyze control gaps and recommend technical or process-based remediations

Strong documentation and project management skills

Good to Have:Familiarity with compliance automation tools (Drata, Vanta, Wiz, etc.)Prior experience automating compliance tasks using AWS-native services or scripts

Certifications: CISSP , CISA, ISO 27001, PCI ISA, CCSK, or AWS Security SpecialtyKey Responsibilities1. Technical Compliance ImplementationDevelop a strong control framework based on ISO 27001, PCI, SOC 1, and SOC 2 standards, and implement it across the organization. This includes setting up processes to continuously monitor, assess, and improve technical and process controls.

Review, collaborate to build and audit technical controls across AWS environments (IAM, CloudTrail, Config, S3, RDS, etc.)Translate compliance requirements (ISO 27001 , PCI DSS, SOC 1, SOC 2) into actionable engineering controls

Support secure configuration, logging, encryption, and access management reviews in collaboration with CloudOpsBuild a process to track, investigate, and manage compliance issues driving timely remediation and documentation.2. PCI Program ExecutionOwn day-to-day Control Monitoring activities across PCI DSS (evidence gathering, control testing, remediation tracking)Support annual assessments with QSAs and coordinate stakeholders

Drive automation for audit evidence using tools like AWS Config, Security Hub, or platforms like Drata/Vanta and others3. ISO 27001 , SOC 1 & SOC 2 Program ManagementWork closely with various departments (e.g., Engineering, Security, Cloud) to ensure audit controls are well communicated, clearly understood, and effectively implemented across relevant systems and processes.Act as the project coordinator for ISO and SOC audits, working with internal control owners and external auditors

Maintain updated audit artifacts and documentation across audit periods

Track remediation items and support testing of effectiveness4. Audit Automation & OptimizationBuild compliance evidence pipelines and automate control testing/reporting where possible

Integrate compliance monitoring into CI/CD pipelines and cloud asset inventory

Support adoption and optimization of compliance platforms (e.g., Drata, Vanta, Wiz, or Prisma Cloud)5. Documentation & Policy ManagementMaintain and enhance policies, SOPs, control descriptions, and test plans

Collaborate with the compliance manager to operationalize new frameworks and updates

Information :

• Company : Chargebee
• Position : GRC & Cyber Security Specialist - Cloud & Audit
• Location : Bangalore, Karnātaka
• Country : IN