The Data Analyst – Compliance, Audit & GRC Analytics is responsible for analyzing large and diverse compliance datasets generated from IT audits, risk assessments, standards certifications, and privacy programs to identify trends, gaps, risks, and opportunities for continuous improvement.

The role focuses on applying advanced data analytics and GenAI-driven techniques to audit findings, control data, remediation metrics, and regulatory compliance evidence across multiple frameworks such as ISO, SOC, PCI DSS, and global privacy regulations. The analyst transforms structured and unstructured compliance data into actionable insights, predictively identifies potential control weaknesses, and supports data-driven decision-making across the IT Governance, Risk, Compliance, and Privacy landscape.

This position plays a critical role in strengthening audit readiness, improving control effectiveness, and proactively identifying improvement areas by leveraging analytics, automation, and GenAI tools under defined governance and guardrails.

Compliance & Audit Data Analytics

• Analyze datasets generated from internal and external audits, risk assessments, and compliance programs across frameworks such as ISO 27001, ISO 27701, ISO 22301, ISO 20000‑1, ISO 9001, SOC 1, SOC 2, PCI DSS, and enterprise IT risk assessments.
• Consolidate and normalize compliance data across multiple sources (audit reports, evidence repositories, risk registers, remediation trackers) to enable cross‑framework analysis.
• Identify patterns, trends, recurring non‑conformities, systemic control gaps, and high‑risk areas across audits and standards.
• Develop metrics to assess control maturity, remediation effectiveness, audit preparedness, and compliance health over time.

GenAI & Advanced Analytics Enablement

• Apply GenAI and AI‑assisted analytics to:
  • Analyze historical audit findings and observations to predict high‑risk focus areas.
  • Identify correlations between incidents, audit failures, and control weaknesses.
  • Detect improvement opportunities from unstructured data such as audit narratives, assessor comments, and evidence descriptions.
• Support use cases such as:
  • Intelligent classification and tagging of audit findings
  • Root cause analysis automation
  • Predictive risk scoring and trend forecasting
• Ensure responsible use of AI by aligning analytics activities with HCL governance, data protection, privacy, and ethical AI guidelines.

Insights, Dashboards & Reporting

• Design and maintain dashboards, analytical reports, and scorecards for leadership, auditors, and GRC stakeholders.
• Track KPIs and KRIs related to compliance posture, audit outcomes, remediation velocity, and control effectiveness.
• Present clear, data‑driven insights highlighting:
  • Priority improvement areas
  • Repeated audit failures
  • Framework‑specific and cross‑framework risks
• Enable evidence‑based decision‑making for leadership reviews, management sign‑offs, and regulatory reporting.

Mandatory Certifications

• ITIL v3 or ITIL 4
• ISO 27001 Lead Auditor
• At least one technical certification:
  • CCNA / MCSE / Network+ / Security+

Must‑Have Skills

• Compliance, Audit, and GRC Data Analysis
• Information Security & Technology Risk
• ISO Standards and Internal Audit Analytics
• ISO 31000 Risk Management Concepts
• IT Service Management (ITSM)
• Strong analytical thinking and problem‑solving skills
• Experience working with structured and unstructured compliance data

Good‑to‑Have Skills

• GenAI‑assisted analytics, AI/ML concepts for risk and compliance
• Dashboarding and visualization tools (e.g., Power BI, advanced Excel)
• Exposure to SOC, PCI DSS, and privacy compliance analytics
• Experience with GRC, audit, or risk management platforms
• Automation or scripting for data analysis and reporting

Behavioral Competencies

• Strong analytical mindset with a data‑driven approach to compliance
• High attention to detail, data accuracy, and quality
• Ability to interpret complex compliance data and derive insights
• Proactive and improvement‑oriented mindset
• Ability to influence outcomes through data and insights rather than authority
• Comfortable working in regulated and audit‑intensive environments