Business Analyst – SOC 2 Compliance

8-10 Years

Role Overview We are seeking a highly skilled Business Analyst with strong expertise in process assessment, compliance frameworks, and system mapping to support our SOC 2 compliance initiative. The ideal candidate will have a proven track record of analyzing business processes, identifying gaps, and driving process improvements across technology and business functions. This role will be central to bridging business, technology, and compliance requirements, ensuring successful execution of our SOC 2 program. Key Responsibilities

Assessment & Scoping Conduct inventory of systems, applications, and processes in scope. Map SOC 2 Trust Services Criteria to applicable systems/processes. Controls Mapping & Gap Analysis Perform detailed analysis of current development practices vs. SOC 2 requirements. Document gaps and define actionable remediation plans. Process Design & Enhancement Develop and document SOPs, control policies, and compliance workflows. Collaborate with development, IT, and compliance teams to refine processes. Implementation Support Partner with teams to roll out compliance processes and tool configurations. Monitor adoption, identify challenges, and propose refinements. Evidence Collection & Management Define mechanisms for capturing, storing, and tracking compliance evidence. Work with stakeholders to maintain dashboards/repositories linking controls to evidence. Monitoring & Continuous Improvement Support internal audits, prepare compliance reports, and track KPIs. Recommend ongoing improvements to ensure evolving compliance effectiveness. Required Skills & Qualifications

Experience: 8–10 years in Business Analysis, Process Improvement, or IT Compliance. Strong knowledge of SOC 2 compliance frameworks (or equivalent: ISO 27001, HIPAA, PCI DSS). Proven ability to perform gap analysis, control design, and documentation. Hands-on experience with SDLC processes, automation platforms, and logging/monitoring tools. Excellent skills in requirements gathering & stakeholder management Experience on Process like ISO, CMMi etc., Strong analytical mindset with the ability to translate compliance needs into operational processes. Excellent communication skills – able to engage with technical and non-technical stakeholders. Preferred Skills

Exposure to low-code/no-code platforms (e.g., Power Automate, Power Apps). Familiarity with evidence management tools, GRC platforms, or compliance dashboards. Experience working in regulated environments (BFSI, Healthcare, or SaaS). Certification in CISA, CISM, or Business Analysis (CBAP/CCBA) is a plus.