Skip to main content
Back to jobs

Risk & Compliance Analyst

External
mimecast logoMimecast · India
Full-timeOn-siteToday
AWSCloud SecurityComplianceDocumentationInformation SecurityPenetration Testing
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

About the role

This role is based in our Bangalore office and reports to the Senior Manager, Framework Compliance within the Governance Compliance Office (GCO). We are seeking an experienced, self-driven IT Certification & Audit Specialist to plan, coordinate, and run multiple external audits across complex environments and challenging timelines. The ideal candidate is someone who can "pick up and run" with limited supervision, manage competing priorities, and engage confidently with stakeholders across the organization and externally. You will work independently on moderately complex projects, set objectives for your own area of responsibility to meet project goals, and communicate with contacts inside and outside your team to explain and interpret operational processes, practices, and procedures. You will exercise sound judgment within defined procedures and practices, with your results having a direct impact on the team and contributing to wider departmental outcomes.

Responsibilities

  • Support and help run multiple concurrent external audits (SOC 2, ISO 27001, and other ISO frameworks) within demanding timeframes.
  • Coordinate evidence collection, control walkthroughs, and remediation tracking across diverse teams and complex technical environments.
  • Serve as a point of contact for external auditors, managing expectations and ensuring smooth, timely audit delivery.
  • Assess and interpret technical controls covering access management, change management, vulnerability management, and penetration testing results.
  • Evaluate cloud security and compliance posture within AWS environments.
  • Identify control gaps, support remediation efforts, and provide pragmatic recommendations to stakeholders.
  • Communicate audit status, risks, and findings clearly to stakeholders at varying levels of seniority.
  • Recommend and contribute to enhancements in audit processes, documentation, and readiness as the compliance program scales.
  • Supports the delivery of GCO objectives.
  • Engage in continuous professional development, including retention of professional certifications and attending industry learning events regarding regulatory developments.
  • Required Qualifications
  • 5-7 years of experience in IT compliance, audit, or information security roles.
  • Active CISA certification.
  • Strong working knowledge of ISO 27001 (implementation and/or audit experience), including familiarity with related ISO standards.
  • Hands-on experience supporting or running SOC 2 and ISO 27001 audits.
  • Technical understanding of AWS services and cloud security controls.
  • Working knowledge of penetration testing concepts, vulnerability management, change management, and access controls.
  • Demonstrated ability to work independently and deliver under pressure.
  • Excellent verbal and written communication skills, with proven ability to engage diverse stakeholders.
  • Functional knowledge gained through experience; university degree or equivalent desirable, with relevant certifications and developing professional networks.

Requirements

  • Additional certifications (e.g., ISO 27001 Lead Auditor/Implementer, CISSP, CCSP, AWS certifications).
  • Experience in a fast-paced, multi-framework compliance environment.
  • Exposure to other ISO standards (e.g., ISO 27017, ISO 27018, ISO 22301).
  • Familiarity with the Drata compliance automation tool would be beneficial.
  • Is experienced working in a global team
  • A proactive, growth-minded professional who thrives in complexity, brings structure to ambiguity, and can independently drive audits to successful completion while building strong relationships with auditors and stakeholders across the organization.
  • What We Bring
  • Join us to accelerate your career while working with cutting-edge technologies and leading impactful initiatives for our customers. You will be immersed in a dynamic environment that recognises and celebrates your achievements.
  • Mimecast offers formal and on-the-job learning opportunities, maintains a comprehensive benefits package that helps our employees and their family members sustain a healthy lifestyle, and importantly, working in cross-functional teams to build your knowledge.
  • We believe in growth that's good, we have a culture that cares and we are on a mission that matters.
  • Belonging at Mimecast
  • Cybersecurity is a community effort. Th

Benefits

Health insuranceVision insurance

Additional Information

Risk & Compliance Analyst About Mimecast Mimecast is a global cybersecurity and data governance leader redefining how organizations secure human and AI risk. Since 2003, Mimecast has stopped bad things from happening to good organizations by enabling them to work protected. Our AI-powered, API-enabled connected human risk platform is purpose-built to protect organizations from the evolving threat landscape across email, collaboration tools, and emerging AI-driven attack surfaces. As we continue to scale globally, our compliance and audit function plays a vital role in maintaining the trust our customers place in us - and this role is central to that mission.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at mimecast? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect