Infosys Chile is looking for a Compliance Program Analyst. Your role will be:

Be a critical part of the ATE Compliance Program, reporting directly to the Compliance Program Lead. Your focus? Understanding client's compliance standards inside and out — and helping the teams around you apply them correctly.
This role centers on validating that controls are designed and operating effectively across ITGC, ISP, and QMS domains. You'll test controls, review evidence, facilitate audits, field inquiries, support escalations, and contribute to control design conversations — making sure the right standards are understood, applied, and met.
You'll also support Quality Management System (QMS) testing for both Global and Territory-specific controls, including facilitating audit evidence collection, validation, and delivery throughout the year.
You won't work in isolation. You'll partner with IT product teams, security, risk management, QMS resource owners, and internal/external auditors — serving as a knowledgeable, responsive resource who helps teams stay compliant and audit-ready.

Your main activities will be:
ITGC control testing and validation (primary focus)

• Develop a deep understanding of PwC's Information Security Policy (ISP) and Controls Standard — and help product and technology teams understand and apply the requirements to their environments.

• Test and validate that ITGC controls are designed effectively and operating as intended across key domains — Access Controls, System Development and Change Management, Cyber Security and Data Protection, Service Management, and Resilience.

• Validate controls across:

  • Identity and access management — confirm that provisioning and de-provisioning, privileged access reviews, segregation of duties, and authentication mechanisms are in place and functioning as required.

  • Change management — verify that SDLC controls, change management procedures, emergency change processes, and application development security controls are designed appropriately and operating effectively.

  • Cyber security operations — validate that incident management, malware protection, vulnerability and patch management, encryption, certificate administration, and logging and monitoring controls meet ISP requirements.

  • Database and network controls — confirm that database configuration and administration, firewall configuration, and system performance monitoring are compliant and evidenced.

  • Resilience — validate that business continuity and disaster recovery plans have been tested (at a minimum, annually) and that evidence supports compliance.

• Validate that application penetration testing has been performed by independent third parties in accordance with ISP requirements. Review and validate the evidence, ensure it's complete and audit-ready, and provide it in support of audit requests. Escalate any gaps or concerns to the CPL.

• Perform compliance checks to assess adherence against PwC's ISP, controls, and relevant standards — reviewing vulnerability scans, security control validations, and other evidence to confirm controls are met.

• Evaluate control design and operating effectiveness. Document test results clearly and escalate deficiencies, gaps, or areas of concern to the CPL with practical recommendations.

• Support control design conversations with product and technology teams — helping them understand what 'good' looks like and how to meet ISP and ITGC requirements before issues arise.

QMS testing — Global and Territory-specific controls

• Support QMS control testing for both Global controls (firm-wide standards) and Territory-specific controls (local and regional regulatory and operational requirements).

• Validate that QMS controls are designed effectively and operating as intended across applicable territories — through walkthroughs, sample testing, re-performance, and inspection.

• Review and validate QMS evidence for completeness, accuracy, and audit-readiness. Facilitate evidence delivery to auditors and QMS program owners as needed.

Audit facilitation and evidence management

• Facilitate internal and external audits — SOC 2, ISO 27001, 7216, and internal control reviews — on behalf of the CPL. That means fielding auditor inquiries, coordinating evidence requests, and ensuring smooth execution throughout the audit lifecycle.

• Collect, review, and validate audit evidence to confirm it's complete, accurate, and aligned to the control requirements being tested. If something's missing or insufficient, follow up with control owners to close the gap.

• Maintain audit-ready repositories of evidence, policies, control documentation, and test results — covering both ITGC and QMS testing artefacts.

• Support walkthroughs and access reviews. Ensure teams are prepared, evidence is organized, and auditor questions are addressed promptly.

• Serve as a responsive point of contact during audits — fielding questions, coordinating across teams, and escalating issues to the CPL when needed.

Inquiries, escalations, and control design support

• Field compliance-related inquiries from product teams, control owners, and stakeholders. Provide clear, accurate guidance grounded in ISP, ITGC, and QMS standards.

• Help teams interpret and apply compliance requirements to their specific environments. Translate standards into practical, actionable guidance that makes sense for the teams implementing them.

• Support control design conversations — helping teams understand what's required, what evidence they'll need to produce, and how to build controls that will meet testing and audit expectations.

• Escalate complex or high-risk inquiries to the CPL with context and a recommended path forward.

• Track and follow up on open inquiries and escalations to ensure timely resolution.

Remediation support and continuous monitoring

• Document remediation plans for audit findings, ITGC deficiencies, and QMS control gaps. Track progress through closure in coordination with product, control, and QMS owners.

• Follow up with stakeholders to validate that remediation activities have been completed effectively and meet timelines and SLAs. Escalate overdue items or high-risk issues to the CPL.

• Support the CPL in continuously monitoring applications and controls — confirming that compliance is maintained between audit cycles and that emerging risks are identified early.

• Proactively flag potential compliance risks and control weaknesses across ITGC, ISP, and QMS domains. Bring findings and recommendations to the CPL.

Stakeholder engagement and communication

• Serve as a knowledgeable, approachable point of contact for IT, security, risk management, product teams, and Global and Territory QMS program owners on behalf of the CPL.

• Communicate complex compliance and control topics clearly and concisely. Whether you're explaining an ISP requirement, walking a team through a control gap, or briefing senior leadership — you adjust your message to the audience.

• Support the CPL in rolling out compliance education and training to ATE stakeholders. Track completions and help drive awareness across the portfolio.

• Respond promptly and accurately to stakeholder inquiries with reliable compliance data.

Reporting, metrics, and data-driven insights

• Prepare compliance status reports for the CPL and senior management — covering audit findings, ITGC and QMS control testing results, risk posture, and remediation progress.

• Maintain and update compliance dashboards, trackers, and monitoring tools so metrics stay current and actionable.

• Use data-driven metrics to evaluate control testing coverage and compliance program effectiveness. Surface insights and improvement opportunities to the CPL.

Policy, procedure, and access review support

• Help the CPL review and maintain compliance policies and procedures aligned to ISP, QMS, and regulatory frameworks.

• Support and coordinate quarterly and ad-hoc access reviews. Track results, exceptions, and alignment with access control standards.

About Us
Infosys is a global leader in next-generation digital services and consulting. We enable clients in more than 50 countries to navigate their digital transformation. With over four decades of experience in managing the systems and workings of global enterprises, we expertly steer our clients through their digital journey. We do it by enabling the enterprise with an AI-powered core that helps prioritize the execution of change. We also empower the business with agile digital at scale to deliver unprecedented levels of performance and customer delight. Our always-on learning agenda drives their continuous improvement through building and transferring digital skills, expertise, and ideas from our innovation ecosystem.

EEO
Infosys provides equal employment opportunities to applicants and employees without regard to race; color; sex; gender identity; sexual orientation; religious practices and observances; national origin; pregnancy, childbirth, or related medical conditions; or disability.