The SGRC Product Development Specialist will be responsible for designing, developing, and enhancing Governance, Risk, and Compliance (GRC) products and platforms aligned with regulatory, risk, and enterprise governance requirements. This role requires deep domain expertise in GRC frameworks, strong product development exposure, and the ability to translate regulatory and security requirements into scalable product features.

The role will work closely with engineering, architecture, compliance SMEs, security teams, and customers to deliver high quality enterprise grade GRC solutions.

Key Responsibilities :

Product Development & Engineering

- Lead end to end product development for GRC modules such as :

a. Risk Management

b. Compliance Management

c. Policies & Controls

d. Audit Management

e. Third Party / Vendor Risk

- Translate regulatory requirements and frameworks into clear product features, user stories, and technical requirements.

- Collaborate with engineering teams to ensure:

- Scalable and configurable workflows

- High system performance and reliability

- Participate in solution design reviews, ensuring alignment with GRC best practices and industry standards.

GRC Domain & Regulatory Expertise :

Apply strong working knowledge of global regulations and frameworks, including but not limited to :

- ISO 27001 / 27002

- NIST Rev.5, FedRAMP

- SOC 1 / SOC 2

- PCI DSS

- NIST AI, ISO 42001

- Monitor regulatory and compliance trends to recommend new product capabilities and enhancements.

Stakeholder & Cross Functional Collaboration :

- Work closely with :

1. Product Management

2. Engineering & Architecture

3. QA & Release Management

- Act as a domain advisor for internal teams on GRC concepts and regulatory interpretation.

- Support customer engagements and demos

Leadership & Mentoring :

- Mentor junior developers and analysts on GRC concepts and product logic.

- Provide technical and domain input for roadmap planning and backlog prioritization.

- Participate in process improvements, DevSecOps, and continuous improvement initiatives.

Required Skills & Qualifications :

Experience :

- 5 - 10 years of experience in :

1. GRC product development, OR

2. Enterprise security/compliance platforms, OR

3. Risk & compliance solutions in a product environment

- Proven experience working with enterprise SaaS products or large scale platforms.

Technical Skills :

Strong understanding of :

- GRC platforms and architectures

- Workflow engines, rules engines, reporting frameworks

- Experience working with :

1. APIs, integrations (HR systems, IAM, ticketing tools)

2. Databases and data models for risk/compliance data

3. Cloud platforms (Azure / AWS / GCP - preferred)

- Familiarity with Agile / Scrum product development models.

Domain Skills :

In depth knowledge of :

- Governance, Risk, and Compliance processes

- Control design, risk scoring, compliance assessments

- Ability to map regulatory requirements into functional and technical specs.

Preferred / Nice-to-Have :

- Experience building or working with commercial GRC tools (e.g., ServiceNow GRC, Archer, OneTrust, MetricStream)

- Certifications such as :

1. CISA, CISM, CRISC

2. ISO 27001 LA/LI

3. CISSP

- Exposure to AI/Automation in GRC (continuous monitoring, risk analytics)