GRC & Compliance Executive (ISO 27001 / SOC 2 / HIPAA)

17 hours ago

Pune, India AutomationEdge Full time

We're seeking a hands-on
GRC & Compliance leader
to own our end-to-end program across
ISO 27001:2022
,
SOC 2 Type II
,
HIPAA
, and India's
DPDP Act 2023
. You will run the ISMS, manage external audits,
face auditors and customers
, complete
security questionnaires
, and keep our multi-tenant healthcare SaaS (primarily
AWS
) continuously audit-ready. This role is highly cross-functional with IT, DevOps/SRE, Data, Legal, HR, and Sales.

Responsibilities

Own the ISMS & SOC 2 program

  • Maintain control framework mapped to
    ISO 27001 Annex A
    and
    SOC 2 TSC
    ; align with
    HIPAA
    (Security/Privacy) and
    DPDP Act
    .
  • Plan & drive
    ISO (Stage 1/2, surveillance)
    and
    SOC 2 (readiness, Type I/II)
    cycles; manage PBC lists, walkthroughs, findings, and closures.

Customer trust & questionnaires

  • Lead responses for
    CAIQ, SIG, VSAQ, RFP security sections
    , due-diligence calls, and security addenda; maintain a reusable response library & evidence pack.

Policy, documentation & evidence

  • Draft and version policies, SOPs, runbooks (Access, Asset, Logging/Monitoring, Vulnerability, Patch, IR, BCP/DR, Vendor Risk, SDLC/Change, DLP).
  • Operationalize
    recurring evidence collection
    with automation where possible; maintain an auditable repository (Confluence/SharePoint + Jira).

Risk management

  • Run periodic risk assessments (
    ISO 27005/NIST
    ), maintain a risk register, drive treatment plans, and report risk posture & KPIs to leadership.

Security control operations (cloud-first)

  • Partner with DevOps/SRE on
    AWS
    controls:
    IAM
    ,
    KMS
    ,
    CloudTrail
    ,
    Config
    ,
    GuardDuty
    ,
    Security Hub
    ,
    VPC
    segmentation,
    Backup/DR
    (RDS/S3/EBS).
  • Oversee
    vulnerability management
    (e.g., Tenable/Qualys/Nessus),
    EDR
    (e.g., Sophos), patch management, and
    change management/CAB
    .

Incident readiness & privacy

  • Maintain
    Incident Response
    playbooks, on-call coordination, post-incident RCAs. Support
    HIPAA
    safeguards,
    DPDP
    requirements, DPIAs/ROPA as needed.

Vendor/Third-Party Risk

  • Run
    TPRM
    (due diligence, DPAs/BAAs, ongoing monitoring) with Legal/Procurement; ensure critical vendors meet our control bar before go-live.

Awareness & drills

  • Drive security awareness training, phishing simulations, and
    BCP/DR
    tabletop & failover drills with measurable outcomes.

Tooling & automation

  • Administer GRC platforms (
    Drata/Vanta/Sprinto/OneTrust/Secureframe
    ), integrate with
    Jira/Confluence/Slack/ServiceNow
    ; build dashboards for execs.

Qualifications

Candidate with 2-3+ years
in GRC/compliance for
SaaS/cloud
, with
successful ISO 27001
certifications and
SOC 2 Type II
audits.

  • GRC & Compliance Executive (ISO 27001 / SOC 2 / HIPAA)

    2 weeks ago

    Pune, Maharashtra, India AutomationEdge Full time ₹ 9,00,000 - ₹ 12,00,000 per year

    We're seeking a hands-onGRC & Compliance leaderto own our end-to-end program acrossISO 27001:2022,SOC 2 Type II,HIPAA, and India'sDPDP Act 2023. You will run the ISMS, manage external audits,face auditors and customers, completesecurity questionnaires, and keep our multi-tenant healthcare SaaS (primarilyAWS) continuously audit-ready. This role is highly...

  • ▷ (Only 24h Left) SOC 2 Type II

    20 hours ago

    Pune, India Flentas Full time

    Job Description About The Role We are seeking a detail-oriented and process-driven SOC 2 Type II Audit Support Specialist to join on a contract role. In this role, you will play a key part in preparing, executing, and maintaining the controls necessary to support our SOC 2 Type II audit efforts. You'll collaborate cross-functionally with teams across IT,...

  • Lead compliance audits

    1 week ago

    Pune, Maharashtra, India Meraki Ventures Full time ₹ 14,00,000 - ₹ 28,00,000 per year

    About the Role:The profiles shared earlier do not meet our requirement. We urgently need someone who can lead compliance audits, possessing the relevant certifications and hands-on experience with ISO 27001 and SOC 2 Type II audits.Given the critical and time-sensitive nature of this requirement, please ensure that the relevant profiles are shared by...

  • Lead compliance audits

    14 hours ago

    Pune, India Meraki Ventures Full time

    About the Role: The profiles shared earlier do not meet our requirement. We urgently need someone who can lead compliance audits, possessing the relevant certifications and hands-on experience with ISO 27001 and SOC 2 Type II audits. Given the critical and time-sensitive nature of this requirement, please ensure that the relevant profiles are shared by...

  • Compliance Specialist

    4 weeks ago

    Pune, Maharashtra, India Tata Elxsi Full time

    The Privacy Compliance Specialist is responsible for supporting the organization's information security program, including, but not limited to, cybersecurity, GDPR, and HIPAA. This role is critical for the safety and security of products and organization. The successful applicant will collaborate closely with all teams within the organization. KEY Roles &...

  • Compliance Specialist

    4 weeks ago

    Pune, Maharashtra, India Tata Elxsi Full time

    The Privacy Compliance Specialist is responsible for supporting the organization's information security program, including, but not limited to, cybersecurity, GDPR, and HIPAA. This role is critical for the safety and security of products and organization. The successful applicant will collaborate closely with all teams within the organization. KEY Roles &...

  • Risk and Compliance Expert

    2 weeks ago

    Pune, Maharashtra, India beBeeGovernance Full time ₹ 15,00,000 - ₹ 25,00,000

    Strategic Risk and Compliance LeadWe are seeking a highly skilled professional to lead our Governance, Risk, and Compliance practice. The successful candidate will have experience in spearheading GRC initiatives and audits, working with senior stakeholders, and driving regulatory compliance.The role involves close collaboration with infrastructure,...

  • Principal GRC Security Specialist

    2 weeks ago

    Pune, Maharashtra, India Community Brands Software Development Solutions Full time ₹ 9,00,000 - ₹ 12,00,000 per year

    Job Overview Were looking for an experienced and strategic Principal GRC Security Analyst to help lead our Governance, Risk, and Compliance efforts. In this role, youll work cross-functionally to drive security initiatives, support compliance frameworks, and partner with both internal teams and external customers to ensure trust, transparency, and...

  • Principal GRC Security Specialist

    15 hours ago

    Pune, India Community Brands Software Development Solutions Full time

    Job Overview Were looking for an experienced and strategic Principal GRC Security Analyst to help lead our Governance, Risk, and Compliance efforts. In this role, youll work cross-functionally to drive security initiatives, support compliance frameworks, and partner with both internal teams and external customers to ensure trust, transparency, and...

  • Security Compliance Manager

    4 days ago

    Pune, Maharashtra, India beBeeCompliance Full time ₹ 9,00,000 - ₹ 12,00,000

    Compliance Lead SpecialistThe Compliance Lead Specialist will play a pivotal role in ensuring that industry standards and regulatory requirements are met. This position involves analyzing, implementing, and maintaining compliance protocols, collaborating with internal teams, and providing strategic insights to enhance our security...