Compliance Analyst

Aecom

Full-time Business Operations Specialists
Apply Now
Location
Bengaluru, Karnataka, India
Posted
July 01, 2026

Job Description

Role We are building our information security function from the ground up. As our first Information Security Manager / GRC Lead, you will be the operational owner of Flam's entire compliance programme and working hands-on in Scrut.Io to drive ISO 27001:2022 and SOC 2 Type I certification within 3–4 months. This is a high-impact, high-visibility role at a company whose core product is AI — meaning you will be helping define what responsible AI security looks like in practice, not just checking boxes. What You'll Own ISO 27001 & SOC 2 Implementation - Drive end-to-end implementation of ISO 27001:2022 across all 88 applicable Annex A controls and SOC 2 Trust Service Criteria, using Scrut.Io as the single source of truth - Own the Statement of Applicability (SoA), risk register, risk treatment plan, and all ISMS documentation - Coordinate evidence collection across Engineering, DevOps, HR, Finance, and Sales — translating control requirements into actionable tasks for each team - Manage th...