Senior GRC Privacy Lead & AI Governance

Location: Bengaluru

This is a unique opportunity for a GRC professional with a passion for emerging technology to play a key role in our data protection programs. As our GRC Analyst for Security Privacy & AI Governance, you'll be the crucial link between the Legal Privacy team's requirements and our technical environment. You'll focus on implementing the security controls needed to comply with regulations like the HIPAA Security Rule and support our certifications for ISO 27701 and ISO 42001.

If you're looking to build deep expertise in security privacy and the fast-growing field of AI governance, this is the perfect role for you.

What You Will Do (Key Responsibilities)
As the analyst for this domain, you'll be responsible for the day-to-day execution of the security controls and processes that protect sensitive data. Your key responsibilities will include:
Assist in the implementation, assessment, and continuous monitoring of the HIPAA Security Rule's technical and administrative safeguards, partnering with senior GRC staff and the Legal Privacy team.
Manage AI Governance Operations:
Run the day-to-day operations of our AI Governance Program, supporting the ISO 42001 certification process and helping to ensure the responsible use of AI technologies.
Play a key role in supporting our ISO 27701 (Privacy Information Management System) certification, helping to manage control implementation and evidence collection.
Act as the security subject matter expert for engineering teams, providing guidance on implementing the technical security controls (e.g., encryption, access management, data lifecycle management) required to support the Legal Privacy team's interpretation of regulations like GDPR and CCPA/CPRA. You will champion Privacy by Design principles from a security perspective.
Serve as a key stakeholder in privacy operations by supporting the Legal Privacy team's Data Subject Access Request (DSAR) process, ensuring appropriate security measures are in place for identity verification and secure data retrieval. You will act as the primary security assessor during Data Protection Impact Assessments (DPIAs), responsible for identifying technical risks to personal data and recommending mitigation controls.
In partnership with the Legal Privacy team, develop and maintain a formal responsibility matrix (RACI) that defines the precise hand-offs for privacy-related processes.
Serve as a key point of contact between GRC and the Legal Privacy team on operational matters, helping to align technical controls with legal requirements.
Provide subject matter expertise on security privacy during vendor risk assessments and in responding to customer security questionnaires.
Serve as the primary security privacy subject matter expert for the TPRM program, providing formal risk assessment input and control validation for third parties handling sensitive personal or health data.

Required Qualifications
A minimum of 5 years of experience in a GRC, security, privacy, or IT Audit role.
A minimum of 1 year of hands-on experience working with AI Governance principles or frameworks (e.g., NIST AI RMF, ISO 42001).
A strong understanding of the technical requirements of a major privacy regulation or security standard, such as GDPR, CCPA/CPRA, or the HIPAA Security Rule.
Experience working with IT or engineering teams on the implementation of security controls.
A Bachelor's degree in a relevant field such as Cybersecurity, Information Systems, or Computer Science.

Preferred Qualifications
Active professional certifications are a plus. Examples include, CISA, Security+, etc.
Direct experience participating in a HIPAA risk assessment or compliance program.
Experience supporting an ISO 27001 or ISO 27701 audit.
Familiarity with implementing privacy and security controls within public cloud environments (AWS, Azure, GCP).