Responsibilities

We are looking for an exceptional Senior GRC Analyst to join our growing team. In this role, you will lead compliance assessments for frameworks such as NIST 800-171, ISO 27001, NIST 800-53 (FedRAMP), PCI, MLPS and IRAP, while also driving broader security compliance efforts. The ideal candidate will use strong analytical, communication, and problem-solving skills to evaluate controls, identify gaps, and recommend improvements across security domains. You will also be responsible for:

• Lead and participate in both internal and external audits for frameworks including ISO 27001/27701, PCI-DSS, NIST 800-171, NIST 800-53 (FedRamp), and IRAP

• Experience using or exploring AI/automation tools to enhance, streamline, or scale Governance, Risk, and Compliance (GRC) processes and workflows

• Manage and oversee risk, compliance, and governance initiatives across teams

• Coordinate with process owners, control owners, auditors, and consultants to ensure findings are tracked and addressed

• Conduct risk assessments, security audits, and third-party/vendor risk reviews

• Review contracts to ensure security and compliance requirements are met

• Identify process gaps and recommend improvements to enhance the organization’s security posture

• Communicate risks and compliance requirements clearly to both technical and non-technical stakeholders

• Perform regular user access reviews

• Develop and track remediation plans for identified risks and issues

• Maintain and update the risk register

• Oversee vendor security assurance processes

• Collaborate with stakeholders to design and implement effective internal controls aligned with regulatory standards

• Support risk and security discussions across cross-functional teams

• Build strong working relationships across departments

• Take on additional responsibilities as needed

Requirements

Qualifications / Experience / Technical Skills

Please note that the working hours for this position are from 2:00 PM to 11:00 PM IST (overlap with U.S. Pacific Time required)

• 8+ years of experience in cybersecurity programs, audits, risk management, compliance, or remediation

• Experience working with cloud platforms such as AWS, Azure, or Google Cloud

• Proven ability to negotiate and prioritize risk remediation with internal stakeholders

• Bachelor’s degree in Information Systems, Computer Science, Information Security, or a related field

• Strong understanding of security controls, including cloud environments, firewalls, IDS/IPS, and vulnerability management

• Familiarity with NIST 800-171 and NIST Risk Management Framework (NIST 800-53)

• Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701

• Relevant certifications (CISSP, CISA, PCI ISA, ISO, or similar) are preferred

• Ability to manage multiple priorities independently with minimal supervision

Soft Skills / Personal Characteristics

• Strong communication skills with the ability to translate compliance requirements into technical actions

• High energy and adaptability in a fast-paced environment

• Strong collaboration and a knowledge-sharing mindset

• Excellent time management and organizational skills

• High attention to detail, integrity, and ethical standards

• Willingness to learn and take on new challenges

Additional requirements

• May involve some international travel

• This position requires overlap with U.S. Pacific Time (PST) working hours. Candidates should be available and flexible to work from 2:00 PM to 11:00 PM IST.

• Strong hands-on experience with PCI audits, ISO 27001, NIST 800-171, FedRamp, SOC 2, and potentially IRAP is required.

To help your application stand out, please take time to answer the Job Application Questions below clearly and concisely. All submissions are reviewed by our Hiring Team, not evaluated by AI.

(REQ ID: 2760)

Responsibilities

We are looking for an exceptional Senior GRC Analyst to join our growing team. In this role, you will lead compliance assessments for frameworks such as NIST 800-171, ISO 27001, NIST 800-53 (FedRAMP), PCI, MLPS and IRAP, while also driving broader security compliance efforts. The ideal candidate will use strong analytical, communication, and problem-solving skills to evaluate controls, identify gaps, and recommend improvements across security domains. You will also be responsible for:

• Lead and participate in both internal and external audits for frameworks including ISO 27001/27701, PCI-DSS, NIST 800-171, NIST 800-53 (FedRamp), and IRAP

• Experience using or exploring AI/automation tools to enhance, streamline, or scale Governance, Risk, and Compliance (GRC) processes and workflows

• Manage and oversee risk, compliance, and governance initiatives across teams

• Coordinate with process owners, control owners, auditors, and consultants to ensure findings are tracked and addressed

• Conduct risk assessments, security audits, and third-party/vendor risk reviews

• Review contracts to ensure security and compliance requirements are met

• Identify process gaps and recommend improvements to enhance the organization’s security posture

• Communicate risks and compliance requirements clearly to both technical and non-technical stakeholders

• Perform regular user access reviews

• Develop and track remediation plans for identified risks and issues

• Maintain and update the risk register

• Oversee vendor security assurance processes

• Collaborate with stakeholders to design and implement effective internal controls aligned with regulatory standards

• Support risk and security discussions across cross-functional teams

• Build strong working relationships across departments

• Take on additional responsibilities as needed

Requirements

Qualifications / Experience / Technical Skills

Please note that the working hours for this position are from 2:00 PM to 11:00 PM IST (overlap with U.S. Pacific Time required)

• 8+ years of experience in cybersecurity programs, audits, risk management, compliance, or remediation

• Experience working with cloud platforms such as AWS, Azure, or Google Cloud

• Proven ability to negotiate and prioritize risk remediation with internal stakeholders

• Bachelor’s degree in Information Systems, Computer Science, Information Security, or a related field

• Strong understanding of security controls, including cloud environments, firewalls, IDS/IPS, and vulnerability management

• Familiarity with NIST 800-171 and NIST Risk Management Framework (NIST 800-53)

• Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701

• Relevant certifications (CISSP, CISA, PCI ISA, ISO, or similar) are preferred

• Ability to manage multiple priorities independently with minimal supervision

Soft Skills / Personal Characteristics

• Strong communication skills with the ability to translate compliance requirements into technical actions

• High energy and adaptability in a fast-paced environment

• Strong collaboration and a knowledge-sharing mindset

• Excellent time management and organizational skills

• High attention to detail, integrity, and ethical standards

• Willingness to learn and take on new challenges

Additional requirements

• May involve some international travel

• This position requires overlap with U.S. Pacific Time (PST) working hours. Candidates should be available and flexible to work from 2:00 PM to 11:00 PM IST.

• Strong hands-on experience with PCI audits, ISO 27001, NIST 800-171, FedRamp, SOC 2, and potentially IRAP is required.

To help your application stand out, please take time to answer the Job Application Questions below clearly and concisely. All submissions are reviewed by our Hiring Team, not evaluated by AI.

(REQ ID: 2760)

Responsibilities

We are looking for an exceptional Senior GRC Analyst to join our growing team. In this role, you will lead compliance assessments for frameworks such as NIST 800-171, ISO 27001, NIST 800-53 (FedRAMP), PCI, MLPS and IRAP, while also driving broader security compliance efforts. The ideal candidate will use strong analytical, communication, and problem-solving skills to evaluate controls, identify gaps, and recommend improvements across security domains. You will also be responsible for:

• Lead and participate in both internal and external audits for frameworks including ISO 27001/27701, PCI-DSS, NIST 800-171, NIST 800-53 (FedRamp), and IRAP

• Experience using or exploring AI/automation tools to enhance, streamline, or scale Governance, Risk, and Compliance (GRC) processes and workflows

• Manage and oversee risk, compliance, and governance initiatives across teams

• Coordinate with process owners, control owners, auditors, and consultants to ensure findings are tracked and addressed

• Conduct risk assessments, security audits, and third-party/vendor risk reviews

• Review contracts to ensure security and compliance requirements are met

• Identify process gaps and recommend improvements to enhance the organization’s security posture

• Communicate risks and compliance requirements clearly to both technical and non-technical stakeholders

• Perform regular user access reviews

• Develop and track remediation plans for identified risks and issues

• Maintain and update the risk register

• Oversee vendor security assurance processes

• Collaborate with stakeholders to design and implement effective internal controls aligned with regulatory standards

• Support risk and security discussions across cross-functional teams

• Build strong working relationships across departments

• Take on additional responsibilities as needed

Requirements

Qualifications / Experience / Technical Skills

Please note that the working hours for this position are from 2:00 PM to 11:00 PM IST (overlap with U.S. Pacific Time required)

• 8+ years of experience in cybersecurity programs, audits, risk management, compliance, or remediation

• Experience working with cloud platforms such as AWS, Azure, or Google Cloud

• Proven ability to negotiate and prioritize risk remediation with internal stakeholders

• Bachelor’s degree in Information Systems, Computer Science, Information Security, or a related field

• Strong understanding of security controls, including cloud environments, firewalls, IDS/IPS, and vulnerability management

• Familiarity with NIST 800-171 and NIST Risk Management Framework (NIST 800-53)

• Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701

• Relevant certifications (CISSP, CISA, PCI ISA, ISO, or similar) are preferred

• Ability to manage multiple priorities independently with minimal supervision

Soft Skills / Personal Characteristics

• Strong communication skills with the ability to translate compliance requirements into technical actions

• High energy and adaptability in a fast-paced environment

• Strong collaboration and a knowledge-sharing mindset

• Excellent time management and organizational skills

• High attention to detail, integrity, and ethical standards

• Willingness to learn and take on new challenges

Additional requirements

• May involve some international travel

• This position requires overlap with U.S. Pacific Time (PST) working hours. Candidates should be available and flexible to work from 2:00 PM to 11:00 PM IST.

• Strong hands-on experience with PCI audits, ISO 27001, NIST 800-171, FedRamp, SOC 2, and potentially IRAP is required.

To help your application stand out, please take time to answer the Job Application Questions below clearly and concisely. All submissions are reviewed by our Hiring Team, not evaluated by AI.

(REQ ID: 2760)

Toast creates technology to help restaurants and local businesses succeed in a digital world, helping business owners operate, increase sales, engage customers, and keep employees happy.

We are seeking a highly motivated Senior Corporate Security Analyst to join Toast’s Corporate Security team in Bangalore. This role is focused on hands-on corporate security execution and risk reduction across endpoints, identities, SaaS platforms, vendors, and data — not SOC monitoring or shift-based operations.

The ideal candidate has strong experience working in enterprise corporate security environments, understands how to balance security controls with business needs, and is comfortable partnering with IT, GRC, Procurement, Legal, and Engineering teams. You will own multiple CorpSec programs end-to-end and act as a senior individual contributor, while mentoring junior analysts and helping scale security practices across the organization.

A Day in Life (Responsibilities)

1. Corporate Security Execution & Risk Management

• Own and operate key corporate security controls across endpoint, SaaS, identity, vendor, and data security.
• Perform security risk assessments for business initiatives and translate findings into actionable remediation plans.
• Act as a security advisor to internal stakeholders, focusing on practical risk reduction.

2. Endpoint & SaaS Security

• Lead day-to-day security oversight for corporate endpoints and SaaS applications, including:
• EDR/XDR, device hardening, encryption, MDM/UEM
• Shadow IT discovery and SaaS risk reviews
• Partner with IT Operations and Governance teams to resolve alerts, misconfigurations, and policy gaps.
• Conduct periodic reviews of high-risk applications, browser extensions, and endpoint findings.

3. Vulnerability Management (Corporate Scope)

• Drive vulnerability management for corporate endpoints and internal business systems.
• Triage and prioritize vulnerabilities based on business impact and exploitability.
• Track remediation with IT teams and validate closure.

4. Identity & Access Management (IAM)

• Support enterprise IAM governance, including:
• Joiner / mover / leaver processes
• Access reviews and least-privilege enforcement
• MFA, SSO, device trust, and privileged access (PAM)
• Assist in access investigations and high-risk access exception reviews.

5. Vendor & Third-Party Security

• Conduct vendor security assessments for onboarding and periodic reviews.
• Review SOC 2 reports, security questionnaires, and supporting evidence.
• Track vendor risks, remediation actions, and re-assessments.
• Partner with Procurement, Legal, and GRC teams to ensure security requirements are met.

6. Data Protection & DLP

• Support data protection initiatives across Google Workspace, Slack, and other collaboration platforms.
• Assist with the design, tuning, and enforcement of DLP controls.
• Participate in investigations related to data exposure or misuse.

7. Security Awareness & Process Improvement

• Support security awareness training and phishing simulation programs.
• Maintain CorpSec policies, SOPs, and runbooks.
• Identify opportunities to improve efficiency through automation and tooling.

8. Mentorship & Ownership

• Mentor P2-level security analysts and provide technical guidance.
• Take ownership of CorpSec initiatives and deliver them end-to-end with minimal supervision.

9. Contractor Security Oversight

• Establish and enforce contractor access standards, ensuring strict security controls during onboarding and offboarding.
• Conduct periodic contractor access and activity audits, identifying and mitigating associated risks.

Work Mode: This role follows a hybrid work model, requiring a minimum of 2 days per week in the office.

What We’re Looking For

Required

• 6–10 years of experience in information security with strong corporate security exposure.
• Hands-on experience with:
• Endpoint security and EDR tools (e.g., CrowdStrike)
• Vendor security assessments and SOC 2 reviews
• IAM concepts (Okta, PAM, access reviews)
• SaaS and Shadow IT security
• Strong understanding of security frameworks (NIST CSF, ISO 27001, CIS Controls).
• Experience working closely with IT and governance teams.
• Strong written and verbal communication skills.

Preferred

• Experience with Google Workspace security and DLP.
• Exposure to GRC processes or platforms (ServiceNow GRC, OneTrust).
• Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree preferred.
• Proven experience in developing and implementing security policies, procedures, and frameworks.Demonstrated experience in developing and delivering security awareness training and phishing exercises.
• Possess excellent skills and experience in leveraging AI tools for threat detection, incident response, vulnerability management, and other security functions.
• Familiarity with Google Workspace security features.
• Proficiency with security tools such as Reco.AI, Torq, Splunk, DataDog, bug bounty platforms, Okta Device Trust, BeyondTrust, BeyondCorp, and other SIEM, SOAR and Security tools commonly used in the market.
• Ability to work autonomously and prioritize multiple tasks in a fast-paced environment.
• Excellent verbal and written communication skills, with the ability to effectively communicate technical information to both technical and non-technical audiences. Proven ability to collaborate effectively with cross-functional teams.
• Quick learner and adaptable to new security tools and technologies as they are procured and implemented.
• Ability to adapt to environments, understand requirements, and actively collaborate within the team, with other teams, and with vendors.
• Provide technical guidance and mentorship to P2 security analysts, fostering their professional growth and ensuring alignment with corporate security objectives.
• Take initiative in leading projects and driving security initiatives.
• Relevant security certifications are a plus.

AI at Toast

At Toast, one of our company values is that we're hungry to build and learn. We believe learning new AI tools empowers us to build for our customers faster, more independently, and with higher quality. We provide these tools across all disciplines, from Engineering and Product to Sales and Support, and are inspired by how our Toasters are already driving real value with them. The people who thrive here are those who embrace changes that let us build more for our customers; it’s a core part of our culture.

Our Total Rewards Philosophy 
We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.

Job Title: Staff / Senior Staff - SOC Analyst

Location: Netradyne, Bangalore.

Experience – 6 to 13 years

About Netradyne -

Netradyne is a leader in cutting-edge AI-powered safety and fleet management technology. We strive to enhance driver safety, operational efficiency, and overall user experience. As an innovative and rapidly growing company, we are committed to securing a connected future for the transportation industry through technological advancements.

Role Overview

The SOC Analyst will be responsible for monitoring, detecting, investigating, and responding to cybersecurity threats across enterprise systems, cloud infrastructure, SaaS platforms, and applications. The role supports the Security Operations Center in protecting company assets, customer data, and platform availability.

Key Responsibilities

Security Monitoring

• Monitor alerts and logs from SIEM, EDR, and cloud security platforms
• Investigate security alerts and perform initial incident triage
• Monitor logs from endpoint, network, identity, and email security systems

Incident Detection & Response

• Analyze suspicious activities and determine severity
• Escalate incidents as per SOC response playbooks
• Support incident investigation, containment, and root cause analysis

Threat Hunting & Intelligence

• Perform proactive threat hunting
• Analyze Indicators of Compromise (IOCs)
• Monitor emerging cybersecurity threats

Cloud & SaaS Security Monitoring
Monitor security events across platforms such as:

• Amazon Web Services (AWS)
• Microsoft Azure
• Microsoft 365
• Salesforce

Focus areas include:

• Identity misuse
• Unauthorized access attempts
• Cloud misconfigurations
• Data exfiltration alerts

Alert Triage & Documentation

• Review alerts and create incident tickets
• Document investigations and findings
• Maintain SOC playbooks and runbooks

SOC Automation & Improvement

• Support SOC workflow automation
• Improve detection rules and monitoring coverage
• Contribute to SOC maturity initiatives

Required Skills

Technical Skills

• Experience with SIEM tools (Splunk, Sentinel, Wazuh)
• Cloud security monitoring
• Networking and security fundamentals
• Log analysis and incident investigation
• Knowledge of MITRE ATT&CK framework
• Endpoint security
• Identity and access management
• Email security
• Threat detection

Soft Skills

• Strong analytical and problem-solving skills
• Good documentation and reporting abilities
• Ability to work in 24×7 SOC shift environment
• Collaboration with IT, DevOps, and engineering teams