Job Summary

Domain & Role: Onboarding Compliance Officer (OCO) – Manager / Senior Manager

Band & Sub Band: E3.1 / E3.2

Role Summary

Strategic compliance position responsible for execution of Risk & Compliance onboarding processes through robust risk management and control assurance. This role drives end-to-end governance of onboarding assessments, ensuring contractual, regulatory, and security obligations are embedded in the service delivery. By leveraging deep expertise in IT control frameworks and global standards (ISO 27001, SOC, SOX, PCI DSS, HIPAA, NIST etc), the position ensures audit readiness and risk transparency across IT environments including applications, infrastructure, and cloud environments.

Key Responsibilities

• Risk & Compliance assessments:
• Translate regulatory and business requirements into actionable security objectives and strategic initiatives.
• Execute risk assessments and integrate remediation efforts into risk management processes.
• Perform technical security assessments across infrastructure and cloud environments during onboarding phase.
• Audit & Governance Expertise:
• Hands-on experience with global compliance programs (ISO 27001, ITGC, PCI DSS, SOC 1/2, NIST etc.)
• Prepare and manage assessment reports, ensuring adherence to contractual security controls and company policies.
• Information Security & Privacy:
• Deep understanding of security controls across Applications, Infrastructure, and Cloud environments.
• Support Privacy and Business Continuity programs, ensuring compliance with legal and regulatory mandates.
• Stakeholder Engagement:
• Communicate risk effectively to non-IT business owners and senior leadership.
• Partner with delivery teams to enhance compliance awareness and manage risk to acceptable levels.
• Leadership & Collaboration:
• Lead cross-functional teams in virtual environments using modern collaboration tools.
• Provide guidance on risk mitigation strategies and security enhancements.

Core Competencies

• Information Risk Management & IT Audit
• ISO 27001 Implementation & Governance
• Technical Security Assessments & Control Validation
• Business Continuity & Privacy Compliance
• Vendor Risk Management & Regulatory Compliance

Strong analytical, communication, and interpersonal skills

Skill Requirements

Certifications

At least one of - CISA, CISSP, CRISC, ISO 27001, ISO 31000 (or equivalent security certifications)

Experience & Education

• Experience: 8–10 years in IT Audit / Information Security Risk Management
• Education: BE / B.Tech / BCA / BSc (Computer Science) or equivalent with IT specialization

Other Requirements

CV Screening Questions

• 8–10 years of proven experience in Information Risk Management, Information Security, or IT Audit, with a strong focus on compliance frameworks such as ISO 27001, SOC, SOX, PCI DSS, HIPAA, and NIST
• Contribution to engagement transitions from client to service organization environments, ensuring security and compliance requirements are embedded during onboarding
• Experience on performing technical security assessments across infrastructure and cloud environments
• Familiarity with interpreting Master Service Agreements (MSA) to identify information security obligations and contractual control requirements
• Experience in translating business, industry, and regulatory requirements into actionable information security objectives and strategic/tactical initiatives
• Experience on monitoring compliance with contractual security requirements, company policies, and procedures to maintain audit readiness for accounts
• Experience partnering with service delivery leadership to communicate risk posture and manage risk to acceptable levels across engagements
• Ability to work effectively in virtual teams using collaboration tools and technologies

Strong technical awareness and continuously update your knowledge of emerging information security and IT developments