IT Security Engineer

Beghou brings over three decades of experience helping life sciences companies optimize their commercialization through strategic insight, advanced analytics, and technology. From developing go-to-market strategies and building foundational data analytics infrastructures to leveraging artificial intelligence to improve customer insights and engagement, Beghou helps life sciences companies maximize performance across their portfolios. Beghou also deploys proprietary and third-party technology solutions to help companies forecast performance, design territories, manage customer data, organize, and report on medical and commercial data, and more. Headquartered in Evanston, Illinois, we have 10 global offices. Our mission is to bring together analytical minds and innovative technology to help life sciences companies navigate the complexity of health care and improve patient outcomes. The SOC Audit & Compliance Analyst plays a critical role in strengthening the organization’s security control maturity and audit posture by bridging technical security operations with governance and assurance requirements. This role ensures that SOC‑related security controls are not only documented, but demonstrably effective through continuous testing, evidence validation, and cross‑functional collaboration.   The position contributes to proactive risk reduction by enabling timely remediation, improving audit outcomes, and embedding a culture of continuous compliance across IT and security teams. Success in this role is measured by audit readiness, control reliability, and the ability to translate complex technical operations into clear, defensible audit evidence. At Beghou Consulting, you'll join a highly collaborative, values-driven team where technical excellence, analytical rigor, and personal growth converge. Whether you're passionate about AI innovation, building commercialization strategies, or shaping the next generation of data-first solutions in life sciences, this is a place to make an impact! country: IN all locations: [Hyderabad, Telangana] commitment: department: Shared Services location: Hyderabad, Telangana team: IT We'll trust you to:: SOC Audit & Compliance  Support SOC 2 (Type I & Type II), Future ISO 27001 readiness, and internal security audits as they relate to SOC and IT operations.  Map security and SOC controls to applicable frameworks (AICPA Trust Services Criteria, ITGCs).  Coordinate and manage audit evidence collection from SOC, endpoint, identity, and infrastructure teams.  Perform control design and operating effectiveness reviews for SOC adjacent controls.  Track audit findings, risks, and remediation actions through closure.  Maintain continuous audit readiness rather than point-in-time compliance.    Vulnerability & Remediation Governance  Partner with IT and GRC to support vulnerability management oversight.  Review and validate vulnerability findings from Nessus scans.  Track remediation of SLAs, compensating controls, and risk exceptions.  Perform remediation validation testing post-patching or configuration changes.  Produce vulnerability compliance metrics and audit-ready reports.    Endpoint & Device Security Compliance  Support endpoint security control assurance across corporate devices using Microsoft Intune.  Validate enforcement of:   Device compliance policies  Security baselines  Patch and configuration standards  Support audit evidence related to:   Device enrollment  Configuration compliance  Endpoint protection integration (e.g., Defender ecosystem)  Partner with endpoint teams during audits to explain control design and operation.    Data Governance & Compliance  Support data protection and information governance controls using Microsoft Purview.  Assist in audits related to:   Data classification and labelling DLP policy enforcement Retention and records management  Insider risk and audit logging  Validate evidence of operational effectiveness for Purview-based controls.  Maintain compliance documentation related to data security and privacy controls.   Documentation & Stakeholder Coordination Maintain SOC-related policies, standards, procedures, and control narratives.  Translate technical SOC and security processes into audit-ready documentation.  Collaborate with:   SOC Operations  Endpoint & IAM teams  Internal Audit  Risk & Compliance stakeholders  Prepare audit responses, management action plans, and status reporting.  You'll need to have:: 2–6 years of experience in information security, IT audit, SOC governance, or security compliance.  Hands-on exposure to SOC audit or compliance activities.  Working knowledge of: SOC 2 / ITGC concepts  Control testing and evidence collection    Preferred Skills & Certifications  Familiarity with:   ISO 27001  NIST CSF / 80053  AICPA Trust Services Criteria  Experience working with or supporting:   Nessus (vulnerability scanning & remediation tracking)  Microsoft Intune (device compliance / endpoint security assurance)  Microsoft Purview (DLP, data classification, compliance tooling)  Strong documentation, analytical, and stakeholder communication skills.  Certifications (nice to have, not mandatory):   CISA  ISO 27001 Foundation or LA  CRISC  Microsoft Security fundamentals