Risk and Compliance Analyst

Job Description

Date

8 th Sept 2025

FLSA Status

Job Title

Risk & Compliance Analyst

Location

Bangalore, India

Purpose Of Job

The Risk & Compliance Analyst is an indirect customer-facing position, where the resource has ownership and is responsible for reviewing new and existing contracts form a risk, security, compliance perspective as they come in for review for sign-off before BlackBox enters a legal agreement with any other entity. The analysis required is for evaluating contents of the contract for IT Compliance to any global or local regulations and service expectations, Risks, business service expectations, security expectations and compliance keeping blackbox interests and capabilities in mind for delivery and adhering to defined business and IT service level expectations. The role will also be responsible for ensuring data privacy compliance like GDPR,CCPA, DPDP etc, maintaining organization policies, coordinating external customer/vendor IT Audits, ensuring adherence to IT controls, and coordinating external customer/vendor audit & control remediation activities – internally and externally. This position will take an advisory role in making sure data privacy and governance procedures contain the right level of controls and responsibilities to support risk and compliance oversight across the organization. A good understanding and experience / exposure to global industry standards, regulatory compliance requirements, data privacy laws, security standards etc. is required. Good written and spoken English essential for this position

Primary Roles & Responsibilities

Experience Required – Minimum 5 Years as IT-GRC Analyst

• Understand Blackbox Internal Business services and review proposed customer contracts for compliance, risks privacy, data privacy, GDPR, CCPA , DPDP etc, including other security and regulatory control areas.
• Ensure Blackbox compliance to data privacy laws like GDPR, CCPA , DPDP etc. including other security and regulatory control areas and establish process controls, documentation around its implementation, management and process upkeep.
• Coordinate external & Internal audits of the Blackbox IT environment and collate evidence submitted by technical team
• God understanding of security concepts, drivers of risk and mitigation control, BCP, DR, Risk Management 3 rd party vendor Audits and Management, policies and procedure writing and evaluations, IT – general and application controls
• Develop and maintain both continuous and spot check, autonomous and manual audit processes
• Educate users on IT controls processes and play an advisory role internally.
• Perform end – to end contracts evaluation for risk, compliance, and security evaluations and expectations.
• Report on compliance results & metrics to executive teams
• Provide continual improvement objectives to better align to external requests
• Build a strong knowledge and understanding of systems and processes
• Assist in development of data governance processes and RACI
• Review and update internal corporate Policies based on Industry best practices and Regulatory requirements
• Understand and document Data workflows and lifecycles
• Establish Processes to improve the life cycle Management of Contracts
• Possess experience or good knowledge on IT controls mapping as per global standards.
  
  

• Strong familiarity with risk, compliance, and audit frameworks and the various ways they are applied in IT environments
• Understanding of Global data privacy and security regulations – like GDPR, CCPA etc. both at global and US state levels for data privacy laws and requirements.
• Conduct BCP / DRP table top externs , IT Access Audits and reviews , PCIDSS , HIPAA , internal reviews etc.
• Ability to scope, assess, and revise contracts and suggest edits based on business drivers and compliance needs.
• Ability to find root causes of control failures and mitigate risks accordingly
• Ability to create and maintain policies, procedures and guidelines for the Company and maintain its lifecycle in SharePoint
• Ability to educate the company employees and respond to policy related queries.
• Ability to implement controls in a diverse technical and geographically distributed environment to mitigate risk
• Ability to convince a highly varied audience to follow prescribed controls
• Comfort with presenting progress reports and results to senior leadership
• Understanding of process design and compliance terminology
• Ability to write and speak clearly, consistently, and concisely
• Ability to Multitask responses to multiple Contracts and meet given deadlines
• Ability to be self-driven, Motivated with end-to-end ownership on contracts management
• Excellent Audit Life Cycle Management skills, Expert use of Excel sheet, Word document management, PPT, ability to track documents versions, evidence etc.
• Excellent written and verbal communication skills and English language command.
  
  

• BA business or information technology or equivalent experience.
• Minimum 5 years or more of prior experience in IT-GRC domain like IT risk, auditing, Contracts evaluation, Data privacy, compliance evaluation etc. strongly preferred.
• Knowledge of working with US & Global regulations and compliance requirements like HIPAA, PCIDSS, GDPR and US state level laws like CCPA etc.
  
  

• Data Privacy Laws like GDPR, CCPA, DPDP
• ISO 27001 , ISO20K, PCIDSS, SOC2, HIPAA
• Security and Assurance standards like NIST 800-53 controls, NIST CSF, CIS controls, ISO 27001 , ISO 20000 standards
  
  

• CISA and/or CRISC and/or CGEIT
• ISO 27001 L.A or CISM or CISSP – Desirable.