Security Analyst

Position Summary

We are seeking a Security Analyst, Security & Compliance to support our global information security, compliance, and accessibility programs.

Reporting to the Senior Manager, Security & Compliance, you will help maintain an audit-ready control environment through hands-on security operations support, compliance and audit preparation, documentation management, customer security questionnaire assistance, and accessibility compliance tracking.

This role is well suited for someone early in their security career who wants broad exposure to GRC, security operations, SaaS compliance (PCI DSS, SOC 2, ISO 27001), and accessibility standards in a global, multi-tenant environment.

As the first Security Analyst on the team, you will help establish operational processes for a growing Security & Compliance function.

This position is based in India and supports stakeholders across North America, Europe, and other regions.

What Success Looks Like (First 12 Months)

• Provide reliable day-to-day support for security monitoring, vulnerability tracking, and remediation follow-up.
• Maintain organized, complete, and audit-ready compliance evidence for PCI DSS, SOC 2, and ISO 27001 activities.
• Support accessibility compliance tracking, VPAT maintenance, and remediation status reporting.
• Improve security awareness training participation and phishing simulation completion metrics.
• Help establish efficient processes for customer security questionnaires and vendor security reviews.
• Become a trusted operational partner to the Senior Manager and cross-functional teams.

Key Responsibilities

Security Operations Support

• Monitor security alerts and notifications from security platforms; triage and escalate potential issues per defined procedures.
• Assist with investigating security events and support incident response and post-incident analysis activities.
• Support vulnerability management, including tracking findings, owners, and remediation status through closure.
• Participate in periodic access reviews and identity management activities with Engineering, DevOps, and IT.
• Assist with security control reviews, internal assessments, and tabletop exercises as directed.
• Support coordination of penetration tests and track remediation of identified findings.

Compliance & Audit Support

• Assist with maintaining compliance programs, including PCI DSS, SOC 2, and ISO 27001.
• Collect, organize, label, and maintain audit evidence and control documentation.
• Support internal and external audit activities, including preparing materials for auditor requests.
• Track audit and assessment findings, remediation tasks, and due dates; provide status updates to the Senior Manager.
• Help maintain compliance calendars, control matrices, and related records.
• Support privacy and data protection activities (e.g., GDPR evidence collection) in coordination with the Senior Manager and Legal, as applicable.

Documentation & Risk Support

• Assist in maintaining security policies, standards, procedures, and operational runbooks under direction of the Senior Manager.
• Support risk assessments and help maintain the corporate risk register.
• Track policy review schedules, required updates, and version control.
• Ensure documentation repositories remain current, accurate, and audit-ready.
• Maintain inventories of security controls, tools, and compliance artifacts as needed.

Accessibility Compliance Support

• Support accessibility compliance initiatives led by the Senior Manager in partnership with Product, Engineering, UX/UI, and QA.
• Assist with accessibility assessments, testing coordination, and remediation tracking.
• Help maintain accessibility documentation, VPATs, and supporting evidence.
• Support compliance activities related to WCAG 2.1/2.2, ADA, Section 508, and regional requirements as applicable.

Security Awareness & Training

• Coordinate employee security awareness training logistics and completion tracking.
• Assist with phishing simulations and security awareness campaigns.
• Help develop and distribute security awareness communications.
• Support accessibility awareness initiatives across the organization, as assigned.

Customer, Vendor & External Support

• Assist in completing customer security questionnaires, RFPs, and assessments using approved templates and evidence.
• Gather and organize supporting documentation for customer and vendor security reviews.
• Support vendor risk assessment workflows, including documentation collection and status tracking.
• Maintain repositories of security and compliance content frequently requested by customers and internal teams.

Program Administration & Reporting

• Prepare recurring operational reports and metrics for the Senior Manager (e.g., open findings, training completion, audit readiness).
• Support scheduling and logistics for audits, assessments, and cross-functional security meetings.
• Help manage ticketing or task tracking for security and compliance work items.

Required Qualifications

• Bachelor's degree in Information Security, Information Technology, Computer Science, Cybersecurity, or a related field—or equivalent practical experience.
• 1–3 years of experience in information security, IT operations, compliance, risk management, or a related field.
• Foundational understanding of information security principles, risk management concepts, and common compliance controls.
• Basic familiarity with security monitoring, incident response workflows, and vulnerability management.
• Basic familiarity with cloud computing concepts; exposure to AWS and/or Azure is a plus.
• Strong organizational, documentation, and attention-to-detail skills.
• Strong analytical and problem-solving abilities.
• Excellent written and verbal communication skills.
• Ability to manage multiple tasks and priorities in a fast-paced environment.
• Ability to work effectively across global time zones, with regular overlap to US and/or EU business hours.

Preferred Qualifications

• CompTIA Security+, SSCP, or similar entry-level security certification.
• Exposure to PCI DSS, SOC 2, or ISO 27001 in an audit support or control operations capacity.
• Familiarity with WCAG accessibility standards and VPAT documentation.
• Hands-on experience with vulnerability management tools, SIEM or security monitoring platforms, or IAM systems.
• Experience working in a SaaS, cloud-hosted, or multi-tenant environment.
• Experience supporting compliance audits, security assessments, or customer security questionnaires.
• Experience in events, hospitality, or B2B SaaS industries.

Working Conditions

• Based in India; supports global operations and customer engagements.
• Regular collaboration hours overlapping US and/or European stakeholders.
• Travel: occasional, as needed for audits, customer meetings, or company events (estimated minimal).

About Aumni Techworks:

Aumni Techworks, established in 2016, is a Software Services Company that partners with Product companies to build and manage their dedicated teams in India. So, while you are working for a services company, you are working within a product team and growing with them. We do not take projects, and we have long term (open ended) contracts with our clients. When our clients sign up with us, they are looking at a multi-year relationship. For e.g. Some of the clients we signed up 8 or 6 years, are still with us. We do not move people across client teams and there is no concept of bench. At Aumni, we believe in quality work, and we truly believe that Indian talent is at par with someone in NY, London or Germany. 300+ and growing.

Benefits of working at Aumni Techworks:

• Our award-winning culture reminds us of our engineering days.

• Medical insurance (including Parents), Life and Disability insurance

• 24 leaves + 10 public holidays + leaves for Hospitalization, maternity, paternity and bereavement.

• On site Gym, TT, Carrom, Foosball and Pool table

• Hybrid work culture

• Fitness group / rewards