Job Description: Experience : 9-14 Years DevSecOps to lead and support our enterprise security, compliance, and risk management initiatives. This individual will play a key role in designing, implementing, and maintaining controls aligned with global compliance frameworks including ISO 27001, SOC 2, and NIST 800-53. The ideal candidate has a deep understanding of security engineering principles, a strong compliance mindset, and a proven track record in driving cross-functional security programs. Key Responsibilities: • Follow established processes for the implementation and maintenance of security controls aligned with ISO 27001, SOC 2, and NIST 800-53. • Collaborate with security leadership to ensure adherence to ISO 27001, SOC 2, and NIST 800-53 controls and procedures. • Collaborate with internal and external auditors to support audits, evidence gathering, and remediation efforts. • Develop and maintain automated security and compliance monitoring tools and dashboards. • Translate regulatory requirements into technical requirements and integrate them into the SDLC (Secure Development Lifecycle). • Execute tasks related to the implementation and upkeep of compliance controls under ISO 27001, SOC 2, and NIST 800-53 guidance. • Conduct gap assessments and risk analysis; define and track remediation efforts to ensure compliance readiness. • Strong hands-on experience and understanding of Kubernetes security, including RBAC, pod security policies, network policies, and secrets management. Required Qualifications: • 8+ years of experience in information security or compliance engineering roles. • Practical experience with DevOps security practices, including integrating security controls into CI/CD pipelines (GitLab CI, Jenkins, GitHub Actions, etc.) • Strong understanding and hands-on experience with ISO 27001, SOC 2 (Type I and II), and NIST SP 800-53. • Experience working in cloud-native environments (AWS, Azure, or GCP) with secure configuration and governance controls. • Familiarity with cloud-native security (AWS, GCP, or Azure), container orchestration, and infrastructure-as-code tools like Terraform, Helm, or Ansible. • Solid knowledge of access management, encryption, logging/monitoring, and network security principles. • Demonstrated ability to lead technical initiatives, work cross-functionally, and influence at all levels. • Excellent written and verbal communication skills with experience writing policies and technical documentation. Preferred Qualifications: • Professional certifications such as CISSP, CISA, CISM, ISO 27001 Lead Implementer/Auditor, or AWS Security Specialty etc. • Experience with compliance automation platforms. • Background in regulated industries such as fintech, healthcare, or government.