Postúlate en Kit Empleo: kitempleo.cl/empleo/190w07

Infosys is a integral leader in next-generation digital services and consulting. We enable clients in more than 50 countries to navigate their digital transformation. With over four decades of experience in managing the systems and workings of integral enterprises, we expertly steer our clients through their digital journey. We do it by enabling the enterprise with an AI-powered core that helps prioritize the execution of change. We also empower the business with agile digital at scale to deliver unprecedented levels of performance and customer delight. Our always-on learning agenda drives their continuous improvement through building and transferring digital skills, expertise, and ideas from our innovation ecosystem.

Infosys is seeking an engineer for security audits with knowledge on AI. This position will need to develop the following activities:

Infosys Chile is looking for a Compliance Program Analyst. Your role will be:

Be a critical part of the ATE Compliance Program, reporting directly to the Compliance Program Lead. Your focus? Understanding client's compliance standards inside and out — and helping the teams around you apply them correctly.

This role centers on validating that controls are designed and operating effectively across ITGC, ISP, and QMS domains. You'll test controls, review evidence, facilitate audits, field inquiries, support escalations, and contribute to control design conversations — making sure the right standards are understood, applied, and met.

You’ll also support Quality Management System (QMS) testing for both Global and Territory-specific controls, including facilitating audit evidence collection, validation, and delivery throughout the year.

You won’t work in isolation. You’ll partner with IT product teams, security, risk management, QMS resource owners, and internal/external auditors — serving as a knowledgeable, responsive resource who helps teams stay compliant and audit-ready.

Your main activities will be:

ITGC control testing and validation (primary focus)

- Develop a deep understanding of PwC's Information Security Policy (ISP)



and Controls Standard — and help product and technology teams understand and apply the requirements to their environments.
- Test and validate that ITGC controls are designed effectively and operating as intended across key domains — Access Controls, System Development and Change Management, Cyber Security and Data Protection, Service Management, and Resilience.
- Validate controls across:
- Identity and access management — confirm that provisioning and de-provisioning, privileged access reviews, segregation of duties, and authentication mechanisms are in place and functioning as required.
- Change management — verify that SDLC controls, change management procedures, emergency change processes, and application development security controls are designed appropriately and operating effectively.
- Cyber security operations — validate that incident management, malware protection, vulnerability and patch management, encryption, certificate administration, and logging and monitoring controls meet ISP requirements.
- Database and network controls — confirm that database configuration and administration, firewall configuration, and system performance monitoring are compliant and evidenced.
- Resilience — validate that business continuity and disaster recovery plans have been tested (at a minimum, annually) and that evidence supports compliance.

QMS testing — Global and Territory-specific controls

- Support QMS control testing for both Global controls (firm-wide standards) and Territory-specific controls (local and regional regulatory and operational requirements).
- Validate that QMS controls are designed effectively and operating as intended across applicable territories — through walkthroughs,



sample testing, re-performance, and inspection.
- Review and validate QMS evidence for completeness, accuracy, and audit-readiness. Facilitate evidence delivery to auditors and QMS program owners as needed.

Audit facilitation and evidence management

- Facilitate internal and external audits — SOC 2, ISO 27001, 7216, and internal control reviews — on behalf of the CPL. That means fielding auditor inquiries, coordinating evidence requests, and ensuring smooth execution throughout the audit lifecycle.
- Collect, review, and validate audit evidence to confirm it's complete, accurate, and aligned to the control requirements being tested. If something's missing or insufficient, follow up with control owners to close the gap.
- Maintain audit-ready repositories of evidence, policies, control documentation, and test results — covering both ITGC and QMS testing artefacts.
- Support walkthroughs and access reviews. Ensure teams are prepared, evidence is organized, and auditor questions are addressed promptly.
- Serve as a responsive point of contact during audits — fielding questions, coordinating across teams, and escalating issues to the CPL when needed.

Inquiries, escalations, and control design support

- Field compliance-related inquiries from product teams, control owners, and stakeholders. Provide clear, accurate guidance grounded in ISP, ITGC, and QMS standards.
- Help teams interpret and apply compliance requirements to their specific environments. Translate standards into practical, actionable guidance that makes sense for the teams implementing them.
- Support control design conversations — helping teams understand what's required, what evidence they'll need to produce, and how to build controls that will meet testing and audit expectations.
- Escalate complex or high-risk inquiries to the CPL with context and a recommended path forward.
- Track and follow up on open inquiries and escalations to ensure timely resolution.

Remediation support and continuous monitoring

#J-18808-Ljbffr

Postúlate en Kit Empleo: kitempleo.cl/empleo/190w07

📌 Compliance Program Analyst (Santiago)
🏢 Infosys
📍 Santiago