Job Description

Risk & Compliance Analyst

About Mimecast

Mimecast is a global cybersecurity and data governance leader redefining how organizations secure human and AI risk. Since 2003, Mimecast has stopped bad things from happening to good organizations by enabling them to work protected. Our AI-powered, API-enabled connected human risk platform is purpose-built to protect organizations from the evolving threat landscape across email, collaboration tools, and emerging AI-driven attack surfaces. As we continue to scale globally, our compliance and audit function plays a vital role in maintaining the trust our customers place in us — and this role is central to that mission.

About the Role

This role is based in our Bangalore office and reports to the Senior Manager, Framework Compliance within the Governance Compliance Office (GCO). We are seeking an experienced, self-driven IT Certification & Audit Specialist to plan, coordinate, and run multiple external audits across complex environments and challenging timelines. The ideal candidate is someone who can “pick up and run” with limited supervision, manage competing priorities, and engage confidently with stakeholders across the organization and externally.

You will work independently on moderately complex projects, set objectives for your own area of responsibility to meet project goals, and communicate with contacts inside and outside your team to explain and interpret operational processes, practices, and procedures. You will exercise sound judgment within defined procedures and practices, with your results having a direct impact on the team and contributing to wider departmental outcomes.

Key Responsibilities

• Support and help run multiple concurrent external audits (SOC 2, ISO 27001, and other ISO frameworks) within demanding timeframes.
• Coordinate evidence collection, control walkthroughs, and remediation tracking across diverse teams and complex technical environments.
• Serve as a point of contact for external auditors, managing expectations and ensuring smooth, timely audit delivery.
• Assess and interpret technical controls covering access management, change management, vulnerability management, and penetration testing results.
• Evaluate cloud security and compliance posture within AWS environments.
• Identify control gaps, support remediation efforts, and provide pragmatic recommendations to stakeholders.
• Communicate audit status, risks, and findings clearly to stakeholders at varying levels of seniority.
• Recommend and contribute to enhancements in audit processes, documentation, and readiness as the compliance program scales.
• Supports the delivery of GCO objectives.
• Engage in continuous professional development, including retention of professional certifications and attending industry learning events regarding regulatory developments.
  

Required Qualifications

• 5-7 years of experience in IT compliance, audit, or information security roles.
• Active CISA certification.
• Strong working knowledge of ISO 27001 (implementation and/or audit experience), including familiarity with related ISO standards.
• Hands-on experience supporting or running SOC 2 and ISO 27001 audits.
• Technical understanding of AWS services and cloud security controls.
• Working knowledge of penetration testing concepts, vulnerability management, change management, and access controls.
• Demonstrated ability to work independently and deliver under pressure.
• Excellent verbal and written communication skills, with proven ability to engage diverse stakeholders.
• Functional knowledge gained through experience; university degree or equivalent desirable, with relevant certifications and developing professional networks.
  

Preferred Qualifications

• Additional certifications (e.g., ISO 27001 Lead Auditor/Implementer, CISSP, CCSP, AWS certifications).
• Experience in a fast-paced, multi-framework compliance environment.
• Exposure to other ISO standards (e.g., ISO 27017, ISO 27018, ISO 22301).
• Familiarity with the Drata compliance automation tool would be beneficial.
• Is experienced working in a global team

What We’re Looking For

A proactive, growth-minded professional who thrives in complexity, brings structure to ambiguity, and can independently drive audits to successful completion while building strong relationships with auditors and stakeholders across the organization.

What We Bring

Join us to accelerate your career while working with cutting-edge technologies and leading impactful initiatives for our customers. You will be immersed in a dynamic environment that recognises and celebrates your achievements.

Mimecast offers formal and on-the-job learning opportunities, maintains a comprehensive benefits package that helps our employees and their family members sustain a healthy lifestyle, and importantly, working in cross-functional teams to build your knowledge.

We believe in growth that’s good, we have a culture that cares and we are on a mission that matters.

Belonging at Mimecast

Cybersecurity is a community effort. That’s why we’re committed to building an inclusive, diverse community that celebrates and welcomes everyone – unless they’re a cybercriminal, of course.

We’re proud to be an Equal Opportunity and Affirmative Action Employer, and we’d encourage you to join us whatever your background. We particularly welcome applicants from traditionally underrepresented groups.

We consider everyone equally: your race, age, religion, sexual orientation, gender identity, ability, marital status, nationality, or any other protected characteristic won’t affect your application.

Due to certain obligations to our customers, an offer of employment will be subject to your successful completion of applicable background checks, conducted in accordance with local law.

#LI-GK1

Belonging at Mimecast

Cybersecurity is a community effort. That’s why we’re committed to building an inclusive, diverse community that celebrates and welcomes everyone – unless they’re a cybercriminal, of course.

We’re proud to be an Equal Opportunity and Affirmative Action Employer, and we’d encourage you to join us whatever your background. We particularly welcome applicants from traditionally underrepresented groups.

We consider everyone equally: your race, age, religion, sexual orientation, gender identity, ability, marital status, nationality, or any other protected characteristic won’t affect your application.

Due to certain obligations to our customers, an offer of employment will be subject to your successful completion of applicable background checks, conducted in accordance with local law.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment.