Governance, Risk & Compliance - Lead

India

Apply with AI Apply

Not SpecifiedCompensation

Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Information Technology, Financial Services, Legal ServicesIndustries

Requirements

Candidates should have 7-10 years of experience in security governance, risk, or compliance roles within SaaS or regulated industries. A strong track record of operationalizing ISMS frameworks, managing control assurance, and supporting external audits is required. Experience with GRC platforms, security metrics reporting, and risk assessments is essential, along with the ability to work across business, engineering, and legal teams. Familiarity with ISO 27001, SOC 2, GDPR, DORA, FedRAMP, and SEC Cyber rules is necessary, as are strong communication skills for executive reporting. Experience leading client assurance programs or third-party risk management is also needed, with professional certifications like CISA, CISM, ISO 27001 LA, CISSP, or CRISC being preferred.

Responsibilities

The Lead will be responsible for maintaining and improving the ISO 27001-aligned ISMS and overseeing the control assurance program, including evidence collection and testing. They will manage key internal and external audit workstreams such as SOC 2, ISO 27001, and FedRAMP. The role involves driving the cybersecurity risk management lifecycle, enhancing risk methodologies, and supporting risk acceptance processes. Responsibilities also include monitoring emerging regulations, translating them into internal obligations, managing customer security assessments, and coordinating client responses. Additionally, the Lead will manage third-party security reviews, align contractual security requirements, maintain the InfoSec policy lifecycle, and develop security governance metrics for executive reporting. They will also deliver security training, promote a security-aware culture, and own core GRC workflows and tooling integrations.

Skills

ISO 27001

SOC 2

FedRAMP

Risk Assessment

Cybersecurity

Regulatory Compliance

Third-Party Risk Management

DORA

SEC Regulations

UK AI Act

Auditing

Policy Development

Smarsh

Archiving and compliance solutions provider

About Smarsh

Smarsh provides archiving and compliance solutions specifically designed for financial services, government agencies, and other regulated industries. Their main product is a cloud-based archive that allows organizations to securely store, search, and manage their communications data, including emails, text messages, and social media interactions. This system helps businesses meet complex security, data privacy, and regulatory requirements. Smarsh differentiates itself from competitors by offering a scalable Software-as-a-Service (SaaS) model that caters to both large enterprises and smaller organizations, ensuring that clients can adapt to evolving regulations. Their goal is to help organizations efficiently manage their communication data, identify risks, and maintain compliance, particularly through tools like Connected Capture for Microsoft Teams, which supports remote workforces.

Portland, OregonHeadquarters

2001Year Founded

$42.4MTotal Funding

BUYOUTCompany Stage

Enterprise Software, Cybersecurity, Financial ServicesIndustries

1,001-5,000Employees