Experience Required: 3-8 Years
Service Line: Platforms & Services Unit
Job Description
Infosys is seeking an experienced Compliance/Audit Specialist to join our team. In this role, you will be responsible for conducting compliance assessments, internal audits, risk analysis, and regulatory research to ensure that our products and services meet industry and regulatory standards. You will work closely with cross-functional teams, including product development, engineering, and implementation teams, to mitigate compliance risks throughout the product lifecycle.
Roles & Responsibilities
As a Compliance/Audit Specialist, you will:
- Compliance Research & Analysis: Conduct research and analysis to support compliance assessments of products and services.
- Compliance Documentation: Assist in the development and maintenance of compliance documentation, including policies, procedures, and risk assessments.
- Internal Audits & Assessments: Perform internal audits of product platforms and implementation processes to ensure compliance with regulatory standards such as GDPR, SOC 2, ISO 27001, HITRUST and internal controls.
- Audit Findings & Reporting: Analyze audit findings, prepare comprehensive reports, and track corrective action plans to ensure effective remediation.
- Risk Assessment & Mitigation: Conduct risk assessments, identify compliance gaps, and support teams in developing mitigation plans.
- Collaboration with Cross-Functional Teams: Work closely with product development, engineering, and implementation teams to identify and mitigate compliance risks throughout the product lifecycle.
- Regulatory Compliance & Best Practices: Stay updated on evolving regulatory data privacy, security, and compliance requirements (e.g., GDPR, HIPAA, CCPA, NIST Cybersecurity Framework). Provide recommendations based on best practices.
- Compliance Guidance & Training: Provide guidance and support to internal teams on compliance-related matters.
- External Audit Support: Proactively coordinate across multiple departments to support external audit activities.
- Process Improvement Initiatives: Participate in initiatives to improve platform-level compliance and security standards.
Technical & Professional Requirements
Must-Have Skills:
1. Strong knowledge of internal audits, compliance frameworks, and risk management.
2. Experience with regulatory frameworks such as:
- Healthcare Regulations (e.g., HIPAA, HITECH)
- Data Privacy Laws (e.g., GDPR, CCPA)
- Security Standards (e.g., ISO 27001, NIST Cybersecurity Framework, HITRUST CSF)
3. Experience in conducting risk assessments and developing mitigation plans.
4. Strong understanding of internal controls and compliance policies within technology or software companies.
5. Excellent analytical, problem-solving, and communication skills (both written and verbal).
Preferred Skills:
1. Domain Expertise: Environment, Health & Safety Compliance, Healthcare Compliance
2. Technology Experience: Healthcare EDI, EDIFECS
3. Certifications (preferred but not mandatory):
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- ISO Lead Auditor Certification
Educational Qualifications
Candidates should hold one of the following degrees:
- Master of Engineering (M.E.)
- MBA (Master of Business Administration)
- Bachelor of Computer Science (B.Sc./BCA/B.Tech in Computer Science)
- Bachelor of Engineering (B.E.)