Auditor

Auditor II

Company:

Compliance Foundry | Comperis Cybersecurity | Fixpliance AI Location:

Vadodara, Gujarat, India (In-Office Required) Employment Type:

Full-Time Level: IC4 - Individual Contributor (Compliance/Security)

About Us Compliance Foundry, Comperis Cybersecurity, and Fixpliance AI form a unified group delivering Managed Compliance as a Service and Security Engineering as a Service to SMBs across fintech, healthcare, and SaaS. We help international clients build and maintain security postures through expert engineering, compliance frameworks, and our proprietary FixplianceAI platform.

We are a lean, founder-led organization where technical talent works directly with the CEO and engages with international clients daily. This is not a back-office role. It is a delivery-oriented position at the intersection of regulatory compliance, risk assessment, and managed audit services.

About Vadodara, Gujarat Vadodara, often called the "Cultural City of India (Sanskrutik nagri)," is a historic center of learning and arts located in Gujarat. Home to several leading universities and educational institutions, the city offers a vibrant, diverse, and metropolitan community alongside a strong reputation for safety, cultural heritage, and low crime rates. With a significantly lower cost of living than major Indian metros, the city offers an excellent quality of life and is home to major companies such as Mastercard, Larsen & Toubro, and Tata Advanced Systems. The city's strategic location provides seamless connectivity via Vadodara Airport (flights to major Indian and international hubs) and Central Railway Station (direct rail access to Delhi, Mumbai, Bangalore, and other key business centers).

The Role We are hiring an Auditor II (IC4) to serve as the primary compliance and audit point of contact for assigned international managed audit clients.

This role is 80% client-facing and 20% internal, requiring a practitioner who can independently assess, document, and advise on compliance postures across multiple regulatory frameworks and business verticals.

You will own entire audit domains (e.G., Access Control, Cryptography, Incident Response) for assigned clients. You will lead audit engagements end-to-end: from scoping and control mapping through evidence collection, gap analysis, remediation recommendations, and audit closure. You will report directly to the Technical Founder and CEO, participate in engagement strategy, and collaborate with security engineering and product teams.

What You'll Do Client Engagement and Audit Delivery (80%) Serve as the primary audit contact for assigned international clients across fintech, healthcare, and SaaS verticals Conduct detailed compliance assessments across regulatory frameworks: ISO 27001, SOC 2 (Type I and Type II), GDPR, HIPAA/HITECH, DORA, and industry-specific standards Map client business and technical processes to regulatory requirements and control frameworks Own specific audit domains (Access Control, Cryptography, Incident Response, Data Protection, Network Security, etc.) and drive audit cycle completion Design control frameworks tailored to client risk profiles, regulatory mandates, and business constraints Author detailed audit plans, control matrices, evidence collection protocols, and audit workpapers Conduct control testing using structured methodologies: observation, inspection, inquiry, and recalculation Document evidence with rigor and precision, maintaining the chain of custody and audit traceability Identify control gaps, assess remediation effort, and recommend practical, cost-effective solutions Lead audit meetings with client stakeholders, communicate findings clearly to technical and business audiences Drive remediation closure; verify implementation and re-test controls to confirm remediation is effective Prepare audit summary reports and regulatory submission materials (SOC 2 Type II reports, ISO 27001 certificates, GDPR-DPA readiness assessments) Manage SLA commitments, audit milestones, and client satisfaction metrics

Internal Collaboration (20%) Collaborate with security engineering teams to understand implemented controls and evidence availability Provide product feedback based on field experience with FixplianceAI and client audit needs Contribute to runbooks, audit program documentation, and internal knowledge base expansion Participate in Agile ceremonies and sprint planning Support junior auditors and audit team development through mentorship and code review

What We're Looking For Technical Competencies You must demonstrate hands-on proficiency across compliance and audit domains. You are not expected to be expert-level in every framework, but you must show working knowledge across the full spectrum and deep expertise in at least one audit domain.

Compliance Frameworks: ISO 27001 (ISMS design, controls, gap analysis, readiness assessments) SOC 2 Type I and Type II (scoping, control design, operating effectiveness testing, reporting) GDPR (Articles 5, 25, 28, 32, 33; DPA requirements; data subject rights) HIPAA/HITECH (administrative, physical, technical safeguards; BAA management) DORA (ICT risk management, operational resilience, third-party dependencies) Industry-specific standards: payment card security (PCI DSS), healthcare (HITRUST), financial services (SOX, ISO 27001 derivatives)

Audit and Control Competencies: Control design and control frameworks (COSO, ISO 27001, NIST Cybersecurity Framework) Audit planning, scoping, and evidence collection methodologies Control testing techniques: observation, inspection, inquiry, recalculation, and system access validation Risk assessment and gap analysis: identifying control deficiencies and remediation strategies Evidence documentation, working paper organization, and audit trail maintenance Remediation closure verification and re-testing

Technical Security Knowledge: Cloud security controls: IAM, encryption, logging, network segmentation (AWS, Azure, GCP) Infrastructure security: firewalls, VPNs, IDS/IPS, endpoint security Application security: SAST/DAST, secure code review, dependency scanning Data security: encryption at rest/in transit, DLP, key management, data residency Incident response and forensics: playbook review, investigation procedures, breach notification Cryptography: encryption standards, key management, digital signatures, certificate management

Professional Skills: Native English fluency (written and spoken). This is a client-facing role; communication quality is non-negotiable Demonstrated ability to lead audit meetings, present findings to executive and technical audiences, and manage client relationships professionally Experience authoring detailed audit workpapers, control matrices, and compliance assessment reports Proficiency with Agile/Scrum methodologies Experience with client project planning, audit timeline management, and SLA tracking Comfort operating in fast-moving startup environments where processes and frameworks are continuously refined Self-starter mentality: operate independently, manage competing audit priorities, and drive audit cycles to closure Ability to translate technical security controls into business risk language for non-technical stakeholders

AI Proficiency: Demonstrated proficiency in leveraging AI/LLM tools for productivity and audit workflows (e.G., evidence summarization, control gap analysis, remediation recommendation drafting) AI is a core force multiplier in our delivery model, not optional

Nice to Have: Professional certifications: CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), or CISSP Big 4 or mid-market audit firm experience SOC 2 Type II or ISO 27001 certification audit experience (not just consulting) Fintech, healthcare, or SaaS industry background Experience with audit tools and evidence management platforms

Why Join Us Work with international fintech, healthcare, and SaaS clients Direct collaboration with company leadership Develop nuanced, practical expertise in how regulatory requirements translate to control implementation

Working Hours 2:00 PM - 11:00 PM IST, Monday–Saturday, with occasional weekend windows for audit fieldwork, client meetings across time zones, and final audit closure cycles.

The Application Process The initial screening includes a take-home assignment that requires the use of an AI tool. This is intentional and reflects our operating model: we evaluate how effectively you leverage AI as a force multiplier, not whether you can solve problems without it.

Equal Opportunity Compliance Foundry | Comperis Cybersecurity | Fixpliance AI is an equal opportunity employer. We evaluate candidates based on merit, qualifications, and business needs.