Skip to main content
Posted 17 June, 2026

Information Security Analyst

EvonSys
Chennai, TN, IN Full Time
Reference: 73e87e165b3c83f0

Job Description

Designation: Information Security Compliance Analyst\nExperience: 2 - 5 years\nLocation: Hyderabad / Chennai - India (Hybrid)\nEmployment Type: Full-Time, Permanent\nWork Mode: Hybrid\nReports To: Head of IT\n\nAbout the Role\nEvonSys is looking for a practical, technically aware Information Security Compliance Analyst to help strengthen and sustain our compliance programmes across ISO/IEC 27001:2022, SOC 2 Type II, and ISO/IEC 27701 Privacy Information Management System (PIMS).\nThis role sits at the intersection of compliance, engineering, DevOps, infrastructure, and IT operations. The successful candidate will translate control requirements into clear technical actions, work closely with engineers to implement those controls, and ensure the evidence we maintain is audit-ready, meaningful, and aligned with day-to-day operations.\nThis is not a tick-box compliance position. We are looking for someone who understands how security controls work in real environments and can make compliance practical, sustainable, and useful for the business.\nExperience with AI-assisted development, AI-enabled security tooling, compliance automation, or AI governance will be a strong advantage.\n\nKey Responsibilities\nBridge Compliance and Engineering\nAct as the main point of coordination between Compliance and technical teams, including engineering, DevOps, infrastructure, cloud, and IT operations.\nTranslate ISO 27001, SOC 2, and ISO 27701 control requirements into practical technical specifications and implementation guidance.\nWork with technical teams to design, implement, and validate controls across IAM, encryption, logging and monitoring, vulnerability management, network segmentation, and secure SDLC / CI/CD practices.\nEmbed compliance-by-design into architecture reviews, change management, new system onboarding, and cloud service evaluations.\nReview technical evidence such as configuration exports, pipeline outputs, vulnerability scan results, log samples, access reviews, and monitoring records.\nSupport compliance automation through policy-as-code, CI/CD control gates, configuration baselines, evidence workflows, and continuous control monitoring.

ISO/IEC 27001:2022 - Information Security Management\nSupport the implementation, operation, and continuous improvement of the Information Security Management System (ISMS).\nCoordinate risk assessments, Statement of Applicability (SoA) reviews, Annex A control mapping, and risk treatment plans.\nPrepare and maintain ISMS documentation, registers, procedures, evidence packs, and audit records.\nSupport internal audits, certification audits, surveillance audits, and follow-up actions with certification bodies.\nTrack nonconformities, observations, corrective actions, and improvement items through to timely closure.\n\nSOC 2 Type II - Trust Services Criteria\nSupport the SOC 2 Type II audit lifecycle, from readiness assessment through evidence collection, auditor liaison, and report issuance.\nMap applicable Trust Services Criteria to internal controls and maintain clear evidence of design and operating effectiveness.\nCoordinate with technical control owners to ensure controls operate consistently throughout the audit period.\nMaintain a year-round compliance posture through continuous control monitoring and structured evidence management.\n\nISO/IEC 27701 / PIMS - Privacy Information Management\nSupport the implementation and maintenance of the Privacy Information Management System as an extension of the ISMS.\nAlign privacy controls with GDPR, PDPA, CCPA, and other relevant multi-jurisdictional privacy requirements.\nMaintain privacy records such as RoPA, DPIAs, cross-border transfer documentation, and privacy control evidence.\nWork with Legal, Compliance, business, and technical teams to embed privacy-by-design into systems and processes.\n\nAI-Assisted Compliance, Automation, and AIMS\nUse AI-assisted tools such as GitHub Copilot, Cursor, Claude, ChatGPT, or similar platforms to support compliance automation, dashboards, and evidence workflows.\nApply AI-enabled security or compliance tooling for monitoring, anomaly detection, log analysis, and control validation where appropriate.\nStay informed on emerging AI governance frameworks, including ISO/IEC 42001, the EU AI Act, and the NIST AI RMF.\nContribute to responsible AI practices, AI-assisted development controls, and internal governance guidance for secure and compliant use of AI tools.\n\nWhat You Will Bring\nRequired Experience and Qualifications\nISO/IEC 27001:2022 Lead Implementer or Lead Auditor certification is mandatory.\nFormal ISO/IEC 27701 training, implementation knowledge, or equivalent privacy management experience.\n2-3+ years of hands-on experience supporting ISO 27001 and SOC 2 compliance programmes, including SOC 2 Type II audit support and auditor coordination.\nStrong technical understanding of cloud platforms such as AWS, Azure, or GCP; networking; IAM; endpoint and server security; and modern DevOps practices.\nPractical exposure to CI/CD pipelines, version control, containerisation, vulnerability management, logging, monitoring, and secure configuration practices.\nExperience working directly with engineering, DevOps, infrastructure, and IT operations teams to implement and operationalise security and compliance controls.\nAbility to convert compliance requirements into practical technical actions, and explain technical implementation clearly to auditors and leadership.\nWorking knowledge of GDPR, PDPA, and CCPA, including how privacy requirements map to ISO/IEC 27701 controls.\nStrong documentation, stakeholder management, follow-up, and prioritisation skills across multiple compliance workstreams.\n\nPreferred Experience\nISO/IEC 27701 Lead Implementer, privacy certification, or equivalent practical PIMS implementation experience.\nSOC 2 readiness and audit experience across multiple Trust Services Criteria.\nHands-on experience with GRC platforms and evidence management tools.\nExperience building compliance dashboards, control monitoring reports, or automation scripts using AI-assisted development tools.\nFamiliarity with AI governance frameworks such as ISO/IEC 42001, NIST AI RMF, and responsible AI control practices.\n\nWhy Join EvonSys?\nBe part of a team that treats compliance as a strategic business enabler, not a documentation exercise.\nWork across ISO 27001, SOC 2, ISO 27701, privacy, AI governance, and technical security controls in one integrated programme.\nCollaborate closely with engineering and infrastructure teams to make controls practical, automated, and sustainable.\nContribute to a modern compliance function that embraces AI, automation, continuous monitoring, and smarter evidence management.\nGrow your career through exposure to global compliance standards, audit programmes, certifications, and professional development opportunities.\n\nEvonSys offers a competitive remuneration package, comprehensive benefits, and a professional environment where strong ownership, practical thinking, and continuous improvement are recognised.

Apply to this Job

Sign up for Job Alerts

By clicking Create Alert, you agree to the Global Terms of Use Agreement and acknowledge that you have read and understand the Global Privacy Policy.