Startup Jobs
Post a Job
Diligent Corporation

Senior Staff Security Governance & Compliance Analyst

Bengaluru , India
Hybrid

AI overview

Own the technical side of compliance programs by designing automation solutions that continually verify security controls and ensure audit readiness using AI tools.

About the Role

We are looking for a sharp, automation-first Compliance Engineer to join our Governance, Risk & Compliance (GRC) team. In this role, you will own the technical side of our compliance programme — designing and operating systems that continuously verify our security controls, collect evidence automatically, and keep us audit-ready at all times.

You will work at the intersection of security engineering and regulatory compliance, leveraging AI-powered and agentic tooling to replace manual, point-in-time audit work with real-time, scalable assurance. If you love turning compliance from a periodic scramble into an always-on engineering discipline, this role is built for you.

Key Responsibilities

Compliance Automation & Continuous Assurance

  • Design, build, and maintain automated pipelines for controls testing across SOC 2 Type II, ISO 27001, and other applicable frameworks.
  • Develop scripts, integrations, and workflows that continuously collect, validate, and store compliance evidence from cloud infrastructure, SaaS tools, CI/CD pipelines, and endpoint systems.
  • Implement AI and agentic tools (e.g., LLM-based classification, autonomous agents) to interpret data, flag control deviations, and draft audit narratives — reducing manual effort.
  • Build and maintain a compliance-as-code library so controls are versioned, testable, and auditable.

Frameworks & Audit Readiness

  • Serve as an internal SME for SOC 2 (Trust Services Criteria) and ISO 27001 / 27701 control mapping.
  • Maintain a continuously updated control inventory and evidence repository ready for external auditor review at any point in the year.
  • Coordinate with external auditors during annual assessments; own the evidence pack preparation and auditor Q&A.
  • Identify control gaps through automated gap assessments and drive remediation with engineering and product teams.

GRC Programme Development

  • Contribute to the design and evolution of the company's internal assurance programme, including risk assessment methodologies and control effectiveness metrics.
  • Develop dashboards and executive-level reporting that show real-time compliance posture across all frameworks.
  • Advise on vendor and third-party risk assessments, including security questionnaire automation.
  • Stay current on emerging regulations and integrate new requirements into the automation stack.

Required Qualifications

Experience

  • 5+ years of experience in information security, with a minimum of 3 years focused on GRC, compliance engineering, or security assurance.
  • Demonstrable experience designing or operating a SOC 2 or ISO 27001 compliance programme, including evidence collection and audit support.
  • Hands-on experience writing automation scripts (Python, NodeJS, or similar) to interact with cloud APIs (AWS, GCP, or Azure), SaaS platforms, or SIEM/log aggregation tools.
  • Experience integrating AI or ML tooling into operational workflows — including working with LLM APIs, prompt engineering, or building agentic pipelines using frameworks.

Certifications (at least one required)

  • CISSP — Certified Information Systems Security Professional
  • CISA — Certified Information Systems Auditor
  • CISM — Certified Information Security Manager
  • ISO 27001 Lead Auditor or Lead Implementer
  • CompTIA Security+ or equivalent (acceptable as a secondary certification)

Technical Skills

  • Proficiency in Python for automation; familiarity with REST APIs, webhooks, and data pipelines.
  • Working knowledge of cloud-native security services (AWS Config, AWS Security Hub, Azure Policy, GCP SCC) and how they map to compliance controls.
  • Experience with GRC platforms (Vanta, Drata, Tugboat Logic, OneTrust, or equivalent) — and ideally extending them via API or custom integrations.
  • Understanding of IAM, encryption, logging, vulnerability management, and change management controls in a cloud-first environment.

Preferred Qualifications

  • Experience building agentic workflows where an AI system autonomously gathers evidence, tests controls, and surfaces exceptions with minimal human intervention.
  • Background in a high-growth SaaS, fintech, or B2B technology company where compliance was a commercial differentiator.
  • Experience with Infrastructure-as-Code tools (Terraform) and how policy guardrails integrate with deployment pipelines.

About Us

Diligent is the AI leader in governance, risk and compliance (GRC) SaaS solutions, helping more than 1 million users and 700,000 board members to clarify risk and elevate governance. The Diligent One Platform gives practitioners, the C-Suite and the board a consolidated view of their entire GRC practice so they can more effectively manage risk, build greater resilience and make better decisions, faster. 

At Diligent, we're building the future with people who think boldly and move fast.  Whether you're designing systems that leverage large language models or part of a team reimaging workflows with AI, you'll help us unlock entirely new ways of working and thinking.  Curiosity is in our DNA, we look for individuals willing to ask the big questions and experiment fearlessly - those who embrace change not as a challenge, but as an opportunity.  The future belongs to those who keep learning, and we are building it together.  At Diligent, you’re not just building the future - you’re an agent of positive change, joining a global community on a mission to make an impact.

Learn more at diligent.com or follow us on LinkedIn and Facebook

 

What Diligent Offers You 

  • Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
  • We care about our people. Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
  • We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney.
  • Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.

Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place. 

Headquartered in New York, Diligent has offices in Washington D.C.,  London, Galway, Budapest, Vancouver, Bengaluru, Munich, Singapore and Sydney.   To foster strong collaboration and connection, this role will follow a hybrid work model. If you are within a commuting distance to one of our Diligent office locations, you will be expected to work onsite at least 50% of the time. We believe that in-person engagement helps drive innovation, teamwork, and a strong sense of community.

 

We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and Know Your Rights. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at [email protected].

To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.

Perks & Benefits Extracted with AI

  • Flexible Work Hours: Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few
Diligent Corporation
Website LinkedIn
View all jobs
Ace your job interview

Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

Compliance Analyst Q&A's
Report this job
Apply for this job