GRC Specialist

Who We Are?

As a part of the Cerebrent Group, Millipixels specializes in crafting impactful digital experiences for clients across the globe, spanning diverse domains and emerging technologies. With our main design and development center located in India, complemented by FlexCampus sites in Singapore, Dubai, London, and New York, we're on our way to become a globally significant, distributed, full-service software and outsourcing solutions organization. At Millipixels, our mission is to contribute to a better world by creating solutions that tackle the most pressing challenges. Join us in exploring and designing what lies ahead for you!

As a GRC Specialist at Millipixels, you will develop and implement governance, risk, and compliance (GRC) policies aligned with standards like ISO 27001, SOC 2, and GDPR, ensuring enterprise-wide adherence across HR, IT, AI, and data management. You will lead internal audits, coordinate third-party audits, and drive remediation to maintain compliance and achieve certifications. Collaborating cross-functionally, you’ll embed risk mitigation strategies and serve as a subject matter expert for our GRC product, Veriquent. You’ll monitor enterprise risks, manage GRC tools, and support security awareness training to foster a compliance-focused culture. Staying current on regulatory trends, you’ll continuously enhance our GRC programs to meet industry best practices.

What You’ll Be Doing at Millipixels:

• Policy & Framework Development: Develop, implement, and maintain GRC policies, procedures, and frameworks in alignment with regulatory and industry standards.

• Enterprise Governance Initiatives: Drive governance efforts across key business domains including Human Resources, Data Management, AI, and Information Security to ensure consistent compliance and risk management practices company-wide.

• Risk Monitoring & Control: Monitor and assess enterprise risks, ensuring appropriate controls are in place and regularly reviewed for effectiveness.

• Internal Audits & Assessments: Lead internal audits and risk assessments to evaluate compliance with internal policies and external requirements (e.g. ISO 27001, SOC 2, GDPR), and oversee remediation plans for any identified gaps.

External Audits & Certifications: Coordinate third-party audits and external accreditation efforts (such as ISO 27001 certification), guiding the implementation of required controls and managing responses to audit findings and corrective actions.

• Security Awareness & Training: Support and deliver security awareness and compliance training programs across the organization to foster a culture of compliance and risk awareness.

• Cross-Functional Collaboration: Collaborate closely with cross-functional teams – including Product Development, Human Resources, Legal, and IT/Security – to embed GRC and risk mitigation strategies into all projects, processes, and business initiatives.

• GRC Product Expertise (Veriquent): Serve as the GRC subject matter expert for our new product Veriquent, advising the product team on compliance requirements and best practices to ensure the software meets industry standards and client expectations.

• AI Governance: Develop and integrate AI governance policies across the company, establishing controls for ethical AI use and ensuring that any AI initiatives comply with emerging regulations and standards.

• GRC Tools Management: Maintain and leverage GRC platforms or tools for tracking controls, incidents, and remediation efforts, ensuring GRC processes are efficient and well-documented.

• Continuous Improvement: Stay current on emerging regulatory requirements, industry best practices, and new trends in GRC (including developments in data privacy and AI governance) to continuously improve compliance programs.

What We’re Looking For

• Education: Bachelor's degree in information security, Risk Management, Business

Administration, or a related field.

• Experience: 5+ years of experience in a GRC compliance, or risk management role,

preferably in a technology or other highly regulated industry.

• Framework Knowledge: Strong knowledge of governance and compliance

frameworks/standards (e.g. ISO 27001, NIST, SOC 2, GDPR, HIPAA) and the ability to

interpret and apply them within an organization.

• GRC Tools: Familiarity with GRC platforms or tools (e.g. RSA Archer, ServiceNow GRC

or similar) for managing risk and compliance activities.

• Analytical Skills: Excellent analytical, organizational, and problem-solving skills with

keen attention to detail.

• Project Management: Ability to manage multiple projects and priorities in a fast-

paced environment, delivering results on time.

Communication: Strong written and verbal communication skills, with the ability to

translate complex risk or compliance concepts into clear terms for non-technical

stakeholders.

• Certifications: Relevant certifications (e.g. CISA, CRISC, ISO 27001 Lead

Implementer/Auditor, CISSP) are a plus and demonstrate a commitment to the field.

• Cross-Functional Collaboration: Proven ability to work collaboratively across

different business functions (product, HR, IT, legal, etc.) to drive compliance and risk

initiatives.

• Emerging Areas: Knowledge of emerging areas of GRC like AI governance or data

ethics, and familiarity with data protection regulations, is highly desirable, but not

mandatory.

• Compliance Leadership: Experience in leading or supporting compliance

audits/certifications (such as ISO 27001 or SOC 2 audits).

• Product Management: Experience and/or exposure to leading, guiding or

contributing to product development, specifically a GRC product, is highly desireable,

but not mandatory.

What does success look like?

• Guiding Millipixels successfully through a roadmap of identified compliance audits and certifications.
• Forming a dedicated internal compliance team (intially the candidate will be the first hire, but will be given the opportunity to grow and design the wider compliance team).

Benefits of working at Millipixels

• Work in our FlexCampus model.
• Choose your working times - focus on delivering targets, not on time spent.
• Medical Health Insurance - Company Paid Health insurance for ₹500,000. (Option to extend to Spouse and/or other immediate dependents on cost.)
• Generous paid vacation (split over the course of the year)