IT Operations Analyst

Job Location - Kalyani Nagar, Pune or Chennai.

Role Overview:
The IT Compliance Analyst is a key contributor in ensuring the organization's IT infrastructure and operations align with internal and external audit and regulatory requirements. This role involves continuous monitoring, assessment, and implementation of compliance controls. The Analyst collaborates cross-functionally with IT Operations, DevSecOps, Security, Database, Hosting, GIS, etc. teams to execute audits, mitigate risks, and optimize compliance processes. The role also supports compliance integration within Agile workflows and drives improvements in compliance management practices across the organization.
Core Responsibilities:
1. Compliance Review and Analysis:

• Documenting and Standardizing Compliance Processes: Develop and maintain clear, detailed compliance documentation, including SOPs, guidelines, and process flows to ensure adherence to both internal and external regulatory standards.
• Gap Analysis: Regularly evaluate business and IT operations, including development processes, to identify any gaps in compliance with relevant regulations.
• Agile Integration: Actively participate in Agile ceremonies (e.g., sprint planning, daily standups) to ensure that compliance requirements (regulatory, SOC, NIST, PCI, etc.) are considered and integrated within the development lifecycle.
• Compliance Reporting: Assess and provide periodic reports on compliance performance, identifying areas of improvement, and implementing corrective actions.

2. Collaboration with Cross-Functional Teams:

• Audit & Compliance Support: Partner closely with the FCC ATP team to fulfill audit requirements as defined by the Business Unit (BU), management, and GIS.
• SOC Control Evidence Management: Work with the team to ensure SOC controls are appropriately designed, evidence is captured through Rainier tickets, and compliance tasks are completed within designated timeframes.
• Guidance on Compliance Backlogs: Provide compliance expertise to assist teams in translating regulatory requirements into actionable product backlog items for portfolio teams.
• Timely Risk Reporting: Identify and communicate risks, issues, and obstacles in a timely manner, facilitating mitigation actions.
• Compliance in Sprints: Provide compliance oversight and feedback during Agile sprints, ensuring regulatory and security requirements are integrated effectively.

3. Internal Audits and Assessments:

• Audit Execution: Lead and support periodic internal audits and assessments to verify adherence to compliance requirements across the FCC ATP portfolio.
• Tracking and Reporting: Identify and document compliance risks or issues in a centralized RAID log, recommend corrective actions, and ensure resolution through effective tracking and reporting.
• Documentation and Reporting: Maintain thorough records of audit results, including the identification of non-compliance issues, and report findings using Jira, Confluence, or other agreed-upon platforms.
• Leadership Reporting: Contribute to the monthly update deck for FCC ATP Leadership to illustrate the value stream and track compliance performance against goals.

4. Compliance Policy Documentation and Maintenance:

• Policy Development and Maintenance: Assist in the creation, review, and maintenance of IT compliance documentation, policies, and procedures, ensuring they remain aligned with evolving regulatory requirements and business objectives.
• Documentation Availability: Ensure that compliance documentation is readily available, up to date, and accessible to all relevant stakeholders.
• Test Documentation and Reporting: Support the documentation of test results, and report on non-compliance issues, along with recommendations for remediation.

5. Continuous Improvement and Process Enhancement:

• Process Optimization: Actively identify opportunities for process automation, efficiency improvements, and optimization of operational needs within the FCC ATP PMO & Compliance Team.
• Agile Process Enhancement: Propose and implement continuous improvement initiatives, promoting an Agile mindset and operational efficiency.
• Key Skills and Competencies:
• Agile Mindset: Maintain and promote an Agile mindset, with a strong understanding of how compliance can be integrated into Agile workflows.
• Compliance Integration: Ability to effectively integrate compliance requirements within various operational processes, ensuring minimal disruption to development timelines.
• Cross-Functional Collaboration: Excellent communication and collaboration skills, enabling effective teamwork across diverse functional teams (e.g., DevSecOps, Global Security, Database, Customers, Architecture, Engineering, etc.).
• Risk Identification & Analysis: Strong analytical skills, with a keen attention to detail for identifying compliance risks, vulnerabilities, and gaps.
• Regulatory Expertise: Deep understanding of key regulatory frameworks, such as SOC 2, NIST, PCI, and other industry-specific compliance standards.
• Audit and Compliance Testing: Proven experience in compliance auditing, risk management, and testing of SOC 2 controls, as well as familiarity with the IT audit & regulatory landscape.
• Continuous Improvement Orientation: Demonstrates a proactive approach to identifying and implementing process improvements and automation opportunities.
• Ownership & Accountability: Takes ownership of tasks and responsibilities, showing an entrepreneurial mindset toward problem-solving and task completion.

Education and Experience:
Education: Bachelor’s degree in Information Technology, Computer Science, or a related field (or equivalent work experience).
Certifications: Relevant certifications such as CISA, CISSP, CRISC, or equivalent are highly preferred.
Experience:

• 3 - 5+ years of experience in IT compliance, auditing, or risk management.
• Solid experience with SOC 1 or 2 controls, as well as familiarity with NIST, PCI, and other regulatory frameworks.
• Proven ability to integrate compliance requirements into Agile processes and IT operations.
• Working knowledge on some or all application & tools like - Jira, Confluence, Azure, AWS, CI/CD, Cloud/SaaS, IaC, & Containers, etc.
• Bonus points if you have working knowledge on Hyperproof or CyberArk.