GRC and Compliance Specialist

About the Role

GRC and Compliance Specialist

Key Responsibilities

• Respond to client and third-party security questionnaires, compliance checklists, and due diligence requests
• Own and manage Vanta or a similar GRC platform to maintain a continuous compliance posture.
• Draft, maintain, and update key security and privacy policies (e.g., Access Control, Data Retention, Incident Response, Vendor Risk).
• Ensure implementation and adherence to these policies across the organisation.
• Conduct internal audits to evaluate control effectiveness and readiness for certification.
• Assist in external audits for ISO 27001, SOC 2, and other regulatory assessments.
• Lead proactive compliance initiatives, including monitoring evolving standards like DPDP (India), CCPA, GDPR, and industry-specific policies.
• Collaborate with product, engineering, and legal teams to map regulatory requirements to technical controls.
• Identify compliance risks and recommend mitigation strategies.
• Keep documentation and evidence audit-ready at all times.
• Facilitate periodic risk assessments, policy reviews, and training initiatives.

Required Qualifications

• 5+ years of experience in GRC, information security, or compliance roles.
• Working knowledge of ISO 27001, SOC 2, GDPR, CCPA, and DPDP or similar frameworks.
• Experience in managing GRC platforms such as Vanta, Drata, Tugboat, or custom dashboards.
• Strong ability to draft formal policies, track compliance metrics, and prepare audit-ready documentation.
• Proven ability to collaborate across functions and communicate clearly with both technical and non-technical stakeholders.
• Detail-oriented with a proactive approach to continuous compliance and process improvement.

Preferred Qualifications

• Certifications such as CISA, CISM, ISO 27001 Lead Implementer, CIPM, or GDPR DPO.
• Experience supporting external audits for SOC 2, ISO 27001, or similar.
• Familiarity with India's DPDP Act, California Consumer Privacy Act (CCPA), and other international privacy laws.
• Exposure to cloud-native environments and DevSecOps principles.
• Previous experience in a SaaS or regulated environment.

Why Join Us

• Play a critical role in building a world-class compliance program from the ground up.
• Gain exposure to global compliance standards and emerging privacy regulations.
• Work closely with leadership and product teams on high-impact security and privacy initiatives.

Fill out this form to apply:

👉 https://forms.gle/GeXAW4N4xqfsGSJX7