GRC Analyst L3

Location: Bhubaneswar, Odisha
Department: Information security

Role summary

The IT Infrastructure Compliance L3 will be responsible for ensuring
that internal IT infrastructure and customer environments comply with
applicable security, regulatory, and industry standards. This includes
conducting internal audits, gap analyses, and documentation for both internal
company policies and external customer requirements. The role will bridge
technical implementation and formal compliance, ensuring that evidence and
controls are consistently maintained and verifiable.

Key responsibilities

·       Plan, execute, and document
internal IT infrastructure audits covering network, servers, cloud platforms,
identity management, endpoint security, and access controls.

·       Perform gap analyses against
frameworks such as PCI‑DSS, ISO 27001,
GDPR, DPDP or other customer‑specific
standards, identifying non‑compliance and
recommending remediation.

·       Maintain and update policy,
process, and control documentation for internal IT and security policies,
including SOC documentation, SOPs, and procedure manuals.

·       Coordinate with IT
administrators, security teams, and customer contacts to collect evidence,
validate control implementation, and prepare for external audits or customer
reviews.

·       Assist in preparing compliance
reports, dashboards, and artefacts (e.g., network diagrams, control matrices,
evidence packs) for internal stakeholders and customers.

·       Track and manage compliance
timelines, findings, and remediation for internal audits, customer assessments,
and regulatory reviews.

·       Support the implementation of
security controls around AD, Azure, MDM, DLP, EPP, and other relevant
technologies based on audit and compliance requirements.

·       Stay updated on emerging
regulations, standards, and best practices relevant to cloud, SaaS, and managed‑services environments.

Required skills and
qualifications

·       Bachelor’s degree in IT,
Computer Science, Cybersecurity, or related field.

·       4–6 years of experience in IT
infrastructure, security, or compliance, preferably in a services or MSP
environment.

·       Strong understanding of:

ü  IT compliance frameworks (e.g.,
PCI‑DSS, ISO 27001, SOC2, GDPR, DPDPA or
similar)

ü  Internal audit and gap‑analysis methodologies

ü  IT infrastructure components
(networking, servers, cloud, AD, identity, endpoint security)

·       Experience in documentation,
evidence collection, and preparing audit reports.

·       Ability to translate technical
configurations into compliance language and evidence.

·       Excellent written and verbal
communication skills to deal with internal teams, auditors, and customers.

Preferred qualifications

·       Certifications such as CISA,
CISSP, ISO 27001 Lead Auditor, PCI QSA, or similar.

·       Prior experience participating
in external audits or customer compliance reviews.

·       Familiarity with ticketing,
GRC, or audit‑management tools.