Job Description

BPM Overview:
What does BPM stand for? Innovation, opportunity, community, diversity, inclusivity, flexibility and so much more. B-P-M stands for "Because People Matter," because at our core, our people drive everything we do and how we do it.
We are a forward-thinking, full-service accounting firm providing modern solutions to businesses across the globe. We focus on comprehensive assurance, tax, and consulting services for our clients, and we provide our people and our community with the resources to lead meaningful and purposeful lives.
While we are one of the largest California-based accounting firms, our flexible work locations and schedules mean we have professionals across the continent. Our teams and our clients drive us to provide quality services and ignite unique insights and ideas that contribute to our continued success. Our clients come from different backgrounds and industries, which keep our people intellectually challenged every day.
BPM India Advisory Service Private Limited - Formerly known as "Burr Pilger Mayer India Private Limited". (BPM India) is a subsidiary of BPM LLP. Founded in 1986, BPM is one of the largest California-based accounting and consulting firms, ranking in the top 50 in the country. With 17 different office locations, BPM serves emerging and mid-cap businesses as well as high-net-worth individuals in a broad range of industries, including financial services, technology, life science, manufacturing, food, wine and craft brewing, automotive, nonprofits, real estate and construction. The Firm's International Tax Practice is one of the largest on the West Coast and its well-recognized SEC practice serves approximately 35 public reporting companies, mostly in the technology industry.
Position Summary:
The Information Security Compliance Administrator will support the global security compliance program by developing and maintaining security policies, auditing controls, and managing technical platforms that enable compliance with standards such as SOC 2 and ISO 27001. This role will also lead the security awareness training program and be responsible for building and maintaining a comprehensive trust package to support customer and auditor assurance. Key skills include stakeholder management, analytical thinking, and ability to work independently and in teams.
Key Responsibilities:
Policy & Standards Management * Develop, maintain, and update security policies and procedures aligned with SOC 2, ISO 27001, and other relevant frameworks.

• Ensure documentation reflects current regulatory requirements and internal practices.

Compliance Auditing & Control Monitoring * Conduct internal audits to assess compliance with security policies and standards.

• Collaborate with internal stakeholders and external auditors during assessments and certification processes.
• Track and report on remediation efforts for audit findings.
• Apply industry leading practices to identify risks and opportunities of improvement.

Technical Platform Administration * Manage compliance-related platforms (e.g., GRC tools, policy management systems).

• Support automation of compliance workflows and reporting.

Security Awareness & Training * Design and maintain a security awareness training program tailored to different roles and geographies.

• Track participation and effectiveness of training initiatives.
• Coordinate phishing simulations and other awareness campaigns.

Trust Package Development * Build and maintain a trust package that includes up-to-date security documentation, certifications, audit reports, and FAQs.

• Ensure materials are accurate, accessible, and aligned with customer and auditor expectations.
• Work with the legal, sales, and corporate services teams to assist in trust and transparency initiatives.

Cross-Functional Collaboration * Work with ETS, Legal, HR, and other departments to ensure security controls are implemented and understood.

• Provide guidance and training on compliance requirements and best practices.

Qualifications:

• Bachelor's degree in Information Security, Computer Science, or a related field.
• 5 years of experience in information security compliance or audit.
• Strong knowledge of SOC 2, ISO 27001, and other regulatory frameworks (e.g., NIST, HIPAA, GDPR).
• Experience with compliance platforms (e.g., Drata, Vanta, OneTrust, ZenGRC).
• Experience designing or managing security awareness programs.
• Experience developing trust packages or customer-facing security documentation is a plus.
• Excellent written and verbal communication skills.
• Certifications such as CISA, CISSP, or ISO 27001 Lead Implementer/Auditor are preferred and may be required depending on project needs.