Principal GRC Lead, Controls & Assurance

Location: Bengaluru

As our Senior GRC Analyst for IT Controls & Assurance, you will be the bedrock of our customer trust program. You will take complete ownership of our core compliance certifications, including SOC 2 and ISO 27001, transforming them from annual audit events into a state of continuous compliance.
Beyond traditional audits, you will pioneer our customer assurance automation efforts. You will build a modern Trust Program that replaces manual questionnaires with on-demand, self-service access to our security posture. This role is perfect for a meticulous, process-oriented individual who excels at partnering with technical teams to build robust control environments and with commercial teams to build scalable, frictionless assurance processes that accelerate sales and build deep customer trust.

What You Will Do (Key Responsibilities)
Project manage the end-to-end SOC 2 Type 2 and ISO certifications (27001, 27017, 27018) audit cycles. This includes scoping, evidence collection, coordinating with auditors, managing walkthroughs, and tracking findings to remediation.
Plan and execute the annual BCP & DR Readiness Assessment, working with technical teams to conduct tabletop exercises, identify gaps, and track remediation.
Design, implement, and manage our Customer Trust Program, leveraging third-party platforms to automate responses to security questionnaires and provide customers with on-demand access to compliance documentation.
Partner closely with Sales, Customer Success, and Legal teams to build a scalable and efficient process for handling customer security reviews. Your goal is to reduce sales cycle friction and establish GRC as a key business enabler.
Develop and maintain a Unified Control Framework (UCF) for our entire product suite. You will map controls across multiple standards to create an 'assess-once, comply-many' model that increases the efficiency and delivery speed of control evidence.
Create and maintain a standardized and reusable ‘Compliance Package’. This will be the single source of truth for assurance, containing our certifications, latest audit reports, policy summaries, and security whitepapers for efficient distribution to customers, prospects, and other relevant parties.
Own and continuously improve the IT General Controls (ITGC) framework, ensuring controls for Information Security Governance, Access Control, and Network Security are effectively designed and documented.
Partner directly with Engineering, IT, and Product teams to interpret control requirements and co-design practical, effective, and automatable solutions within our technology stack.
Develop and execute a continuous monitoring program to test controls throughout the year, identifying potential issues before they become audit findings.
Proactively identify opportunities to automate evidence collection and control testing, reducing manual toil and increasing the reliability of our compliance program.
Serve as the subject matter expert on our control environment, assisting the sales team with security questionnaires and providing assurance to customers.

Required Qualifications
5 years of experience with a strong focus on IT audit and assurance.
Proven experience leading multiple SOC 2 and ISO engagements, with a deep understanding of the Security, Availability, Integrity, and Confidentiality Trust Services Criteria.
Deep expertise in testing and implementing IT General Controls (ITGC) across various technology environments (AWS, Azure, GCP).
A Bachelor of Engineering (BE) or similar technical degree.

Preferred Qualifications
A professional certification such as CISA, CISSP, etc.
Hands-on experience with cloud-specific standards like ISO 27017/27018.
Experience conducting BCP/DR tests and assessments.
Experience in highly regulated environments (e.g., financial services, insurance).