Job Description: Infosec Researcher & Product Analyst
Role Details
Position: Infosec Researcher & Product Analyst
Location: Remote
About SCRUT Automation
Scrut Automation is a one-stop shop for infosec compliance. It supports IT/ITES/SaaS companies in automating their information security compliance tasks and reduces manual work in maintaining compliance by ~70%. Founded by IIT/ISB/McKinsey alumni, the founding team has over 15 years of combined Infosec experience. Scrut is backed by Lightspeed Ventures and Endiya Partners, along with prominent angels from the global SaaS community.
The Scrut platform provides the fastest solution for achieving and maintaining compliance across global standards, including but not limited to SOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS, or CCPA, through its truly 'single window' operations. Scrut acts like an organization’s virtual CISO, so they can focus on their business and leave compliance to Scrut.
Overview of the Job Profile
This role sits at the intersection of Information Security, Compliance, and Product Development. You will be responsible for designing and maintaining a common control framework that powers multiple compliance standards (e.g., ISO 27001, SOC 2, PCI-DSS, GDPR, DPDPA) within our platform.
Working closely with product and engineering teams, this role requires strong collaboration with cross-functional teams and a keen interest in product development and building compliance automation solutions.
Responsibilities
- Design and maintain common control mappings across multiple frameworks (ISO 27001, SOC 2, PCI-DSS, NIST 800-53, GDPR, DPDPA, etc.).
- Collaborate with product and engineering teams to translate compliance requirements into product features and workflows.
- Contribute to the development of the platform’s control library, evidence library, and policy templates.
- Understanding the Policies and Procedures of the Client and suggesting improvement points related to Information Security.
- Understanding the setup of the Cloud Infrastructure of Clients and suggesting improvement points related to Information Security.
- Support internal and external audits (ISO 27001, SOC 2, etc.) from a framework and controls perspective.
- Stay updated with evolving regulations and standards, and incorporate changes into the product’s compliance architecture.
Requirements
- Degree in Engineering (Computer Science/IT) /MCA/ Business administration in a technology-related field required.
- Minimum of 2-3 years of experience in Information Security, Governance, Risk, and Compliance.
- Understanding of Unified/Secure Controls Framework.
- Exposure to one or more infosec audits, and the implementation of ISO 27001/SOC 2, GDPR, and PCI DSS, is a must.
- Professional security management certification (such as ISO 27001 Lead Auditor/Lead Implementer Certification, CISA, or CISSP) will be an added advantage.
- Knowledge of security controls of AWS / Microsoft Azure / GCP will be an added advantage.
- Excellent written and verbal communication skills and a high level of personal integrity.
- Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
Why should this job excite you?
- Opportunity to make an early impact on one of the most promising, high-growth SaaS startups in India.
- A high-performing action-oriented team.
- Immense exposure to the founders and the leadership.
- Opportunity to shape the future of B2B SaaS Customer Success with YOUR innovative ideas.
- The competitive compensation package, benefits, and employee-friendly work culture.
Note: Due to a high volume of applications, only the shortlisted candidates will be contacted by the HR team. We appreciate your interest and effort.