HamburgerMenu
hirist
AI/ML

Artificial Intelligence

Machine Learning

NLP

Generative AI

Predictive Modeling

Query Segmentation

AI Interface

LLM

Deep Learning

MLOps

Security Architect - AI

Cloud Architect - ML/AI

Data Scientist

Data Modeling

Data Analytics

Data Analytics & BI

Data Engineering

Software Development

Backend Development

Frontend Development

Full Stack

Mobile Applications

Emerging Technologies

DevOps / SRE

CyberSecurity

Quality Assurance

Platform Engineering / SAP/Oracle

Product / Design

Product Management

Business Analysis and Project Management

UI & Design

Others

Semiconductor/VLSI/EDA

Others

GRC Lead

Talent Epicenter
Hyderabad
10 - 15 Years
GRCIT AuditSecurity Operations CenterISOSecurity Risk ManagementTPRMIT Disaster RecoveryBusiness Continuity

Posted on: 12/12/2025

Job Description

Description :


Job Title : GRC Lead


Summary of Role :


We are seeking a mid- to senior-level Governance, Risk & Compliance (GRC) professional to own and evolve our security compliance program. This role is responsible for managing our security-related RFP and questionnaire processes and leading the preparation and execution of all audits tied to our compliance certifications (including SOC 2 Type II, ISO 27001, and others).


This is a high-impact role that partners closely with Security, Engineering, Legal, Sales, and Customer Success to ensure we consistently meet our customers expectations and our regulatory obligations.


Responsibilities :


Compliance Management :


- Lead external audit engagements for SOC 2 Type II, ISO 27001, ISO 27701, ISO 42001, and CSA STAR.


- Own the relationship with external auditors and certification bodies.


- Develop and drive Companys compliance maturity roadmap, including future programs such as FedRAMP, CMMC, the EU AI Act, IRAP, and additional emerging frameworks.


- Monitor evolving regulations, industry standards, and global compliance requirements impacting security, privacy, and AI governance.


Governance & Policy Management :


- Develop, maintain, and continuously improve policies, procedures, and plans within Companys integrated management system (security, privacy, and AI governance).


- Coordinate annual policy and documentation reviews in alignment with audit schedules and certification timelines.


- Assign and reinforce control ownership across business units, ensuring accountability and operational alignment.


- Provide guidance to teams to ensure organizational processes and business objectives remain compliant with policies and regulatory expectations.


- Define and track key GRC metrics (KPIs/KRIs), such as policy exceptions, risk register health, audit status, and control performance.


Risk Management :


- Oversee the annual risk assessment and risk treatment planning aligned to ISO 27001, ISO 27701, and ISO 42001 requirements.


- Conduct targeted risk assessments and gap analyses to support strategic initiatives and emerging risks.


- Drive continuous improvement of enterprise risk processes and alignment of risk ownership across all departments.


- Collaborate closely with Engineering and Product teams to embed risk management into roadmaps and development processes.


Internal Audit Program :


- Lead full lifecycle internal audit engagements (planning, execution, reporting, and remediation).


- Manage internal audits required for certification under ISO 27001, ISO 27701, and ISO 42001.


- Implement and configure automation solutions for continuous control monitoring in partnership with GRC engineering resources.


Third-Party Risk Management :


- Conduct risk assessments and due diligence for all new vendors and technology partners.


- Maintain a complete and up-to-date third-party inventory and oversee ongoing monitoring activities.


- Ensure third-party risk practices align with Companys broader compliance obligations.


Trust & Customer Assurance :


- Own and maintain the companys external Trust Center, ensuring accurate and up-to-date documentation.


- Lead the completion of customer security questionnaires, RFPs, and all due diligence processes.


- Curate, organize, and maintain a repository of GRC documentation for external stakeholders (prospects, customers, partners, auditors).


- Serve as the primary SME for GRC topics, requiring strong familiarity with security architecture, engineering controls, and AI-related governance.


Business Continuity & Disaster Recovery :


- Facilitate annual updates to the Business Continuity (BC) and Disaster Recovery (DR) plans.


- Coordinate BC/DR tabletop exercises and ensure alignment to audit and certification requirements.


- Support validation of cloud service availability, backup restoration, resiliency processes, and incident response playbooks.


Security Awareness & Training :


- Deliver and track company-wide security awareness training.


- Develop role-specific training programs, including secure development, data protection, and acceptable use of AI technologies, aligned with compliance mandates.


Minimum Qualifications :


- 10+ years of experience in GRC, security compliance, risk management, or a related discipline.


- Hands-on experience managing SOC 2, ISO 27001, or similar security frameworks and audits.


- Strong understanding of security controls, compliance requirements, and industry best practices.


- Experience managing security questionnaires, RFP/RFI responses, or customer security due diligence processes.


- Excellent project management and organizational skills; ability to prioritize and manage multiple concurrent requests.


- Strong communication skills and comfort working with both internal stakeholders and external auditors.


- Familiarity with compliance or RFP tools is a plus.


Location : This role is based in India, and candidates must be current residents of India before applying to be considered.


Who we are, and what we offer :


Company is a rapidly growing, innovative startup that provides cloud-scale, low-code security automation for organizations of all industries and sizes. Our technology is relied upon by major security-forward companies around the globe, and we are consistently rated as the #1 trusted low-code security automation platform. Our mission is to prevent breaches and enable continuous compliance via a low-code security automation platform that serves as the system of record for the entire security organization.


The Perks we provide :


- Competitive Benefits & Compensation


- Stock Options


- Training & Professional Development Opportunities


- MacBook Pro


- Great Company Culture


- We value collaboration and innovation


- Give-back Volunteering Opportunities


Here our core focus is to Automate the World of Security and we strive to represent our five core values in everything we do :


- Punch above your weight class - We make the most of our circumstances and constantly surprise and impress with our ability to deliver.


- Be a happy innovator - The hard problems are the fun problems to solve, were excited to take on difficult challenges and find creative solutions.


- Always be leveling up - We are continuously improving, embracing change, and consuming information to better ourselves and each other.


- Move at the speed of WOW - We work with an extreme sense of urgency, but we never compromise quality.


- Have honesty and integrity in all the things - We make decisions with the best of intentions, doing what is right for as many stakeholders as possible.


info-icon

Did you find something suspicious?

Similar jobs that you might be interested in

Posted by

Vivek

HR at Talent Epicenter

Last Active: 8 Jan 2026

Job Views:  
307
Applications:  80
Recruiter Actions:  32

Posted in

CyberSecurity

Functional Area

Cyber Security

Job Code

1588934

Jobs by location

Interview Questions for you

View All
Blog for regisnation

How to Write Leave Application for Urgent Work: Format & Samples (2025)

Blog for regisnation

Top 90+ Machine Learning Interview Questions and Answers

Blog for regisnation

Top 40+ Deep Learning Interview Questions and Answers