GRC & Compliance Executive (ISO 27001 / SOC 2 / HIPAA)

1 week ago

Pune, Maharashtra, India AutomationEdge Full time ₹ 9,00,000 - ₹ 12,00,000 per year

We're seeking a hands-on
GRC & Compliance leader
to own our end-to-end program across
ISO 27001:2022
,
SOC 2 Type II
,
HIPAA
, and India's
DPDP Act 2023
. You will run the ISMS, manage external audits,
face auditors and customers
, complete
security questionnaires
, and keep our multi-tenant healthcare SaaS (primarily
AWS
) continuously audit-ready. This role is highly cross-functional with IT, DevOps/SRE, Data, Legal, HR, and Sales.

Responsibilities

Own the ISMS & SOC 2 program

  • Maintain control framework mapped to
    ISO 27001 Annex A
    and
    SOC 2 TSC
    ; align with
    HIPAA
    (Security/Privacy) and
    DPDP Act
    .
  • Plan & drive
    ISO (Stage 1/2, surveillance)
    and
    SOC 2 (readiness, Type I/II)
    cycles; manage PBC lists, walkthroughs, findings, and closures.

Customer trust & questionnaires

  • Lead responses for
    CAIQ, SIG, VSAQ, RFP security sections
    , due-diligence calls, and security addenda; maintain a reusable response library & evidence pack.

Policy, documentation & evidence

  • Draft and version policies, SOPs, runbooks (Access, Asset, Logging/Monitoring, Vulnerability, Patch, IR, BCP/DR, Vendor Risk, SDLC/Change, DLP).
  • Operationalize
    recurring evidence collection
    with automation where possible; maintain an auditable repository (Confluence/SharePoint + Jira).

Risk management

  • Run periodic risk assessments (
    ISO 27005/NIST
    ), maintain a risk register, drive treatment plans, and report risk posture & KPIs to leadership.

Security control operations (cloud-first)

  • Partner with DevOps/SRE on
    AWS
    controls:
    IAM
    ,
    KMS
    ,
    CloudTrail
    ,
    Config
    ,
    GuardDuty
    ,
    Security Hub
    ,
    VPC
    segmentation,
    Backup/DR
    (RDS/S3/EBS).
  • Oversee
    vulnerability management
    (e.g., Tenable/Qualys/Nessus),
    EDR
    (e.g., Sophos), patch management, and
    change management/CAB
    .

Incident readiness & privacy

  • Maintain
    Incident Response
    playbooks, on-call coordination, post-incident RCAs. Support
    HIPAA
    safeguards,
    DPDP
    requirements, DPIAs/ROPA as needed.

Vendor/Third-Party Risk

  • Run
    TPRM
    (due diligence, DPAs/BAAs, ongoing monitoring) with Legal/Procurement; ensure critical vendors meet our control bar before go-live.

Awareness & drills

  • Drive security awareness training, phishing simulations, and
    BCP/DR
    tabletop & failover drills with measurable outcomes.

Tooling & automation

  • Administer GRC platforms (
    Drata/Vanta/Sprinto/OneTrust/Secureframe
    ), integrate with
    Jira/Confluence/Slack/ServiceNow
    ; build dashboards for execs.

Qualifications

Candidate with 2-3+ years
in GRC/compliance for
SaaS/cloud
, with
successful ISO 27001
certifications and
SOC 2 Type II
audits.

  • Compliance Specialist

    3 weeks ago

    Pune, Maharashtra, India Tata Elxsi Full time

    The Privacy Compliance Specialist is responsible for supporting the organization's information security program, including, but not limited to, cybersecurity, GDPR, and HIPAA. This role is critical for the safety and security of products and organization. The successful applicant will collaborate closely with all teams within the organization. KEY Roles &...

  • Compliance Specialist

    3 weeks ago

    Pune, Maharashtra, India Tata Elxsi Full time

    The Privacy Compliance Specialist is responsible for supporting the organization's information security program, including, but not limited to, cybersecurity, GDPR, and HIPAA. This role is critical for the safety and security of products and organization. The successful applicant will collaborate closely with all teams within the organization. KEY Roles &...

  • Lead compliance audits

    4 days ago

    Pune, Maharashtra, India Meraki Ventures Full time ₹ 14,00,000 - ₹ 28,00,000 per year

    About the Role:The profiles shared earlier do not meet our requirement. We urgently need someone who can lead compliance audits, possessing the relevant certifications and hands-on experience with ISO 27001 and SOC 2 Type II audits.Given the critical and time-sensitive nature of this requirement, please ensure that the relevant profiles are shared by...

  • Cybersecurity Compliance Specialist

    2 weeks ago

    Pune, Maharashtra, India beBeeCompliance Full time ₹ 1,50,00,000 - ₹ 2,00,00,000

    Senior GRC Manager Job DescriptionWe are looking for a senior cybersecurity professional to lead our security assessments, develop and implement compliance initiatives, and drive risk management processes.About the Role:Governance, Risk, and Compliance (GRC):Lead and execute security assessments against recognized frameworks like NIST CSF, ISO 27001, SOC 2,...

  • Risk and Compliance Expert

    7 days ago

    Pune, Maharashtra, India beBeeGovernance Full time ₹ 15,00,000 - ₹ 25,00,000

    Strategic Risk and Compliance LeadWe are seeking a highly skilled professional to lead our Governance, Risk, and Compliance practice. The successful candidate will have experience in spearheading GRC initiatives and audits, working with senior stakeholders, and driving regulatory compliance.The role involves close collaboration with infrastructure,...

  • Principal GRC Security Specialist

    1 week ago

    Pune, Maharashtra, India Community Brands Software Development Solutions Full time ₹ 9,00,000 - ₹ 12,00,000 per year

    Job Overview Were looking for an experienced and strategic Principal GRC Security Analyst to help lead our Governance, Risk, and Compliance efforts. In this role, youll work cross-functionally to drive security initiatives, support compliance frameworks, and partner with both internal teams and external customers to ensure trust, transparency, and...

  • Senior Information Security Professional

    2 weeks ago

    Pune, Maharashtra, India beBeeCompliance Full time ₹ 18,00,000 - ₹ 21,00,000

    Compliance ExpertiseThe role of a Senior InfoSec Compliance Analyst revolves around ensuring adherence to industry standards and regulatory requirements.This position involves analyzing, implementing, and maintaining compliance protocols, collaborating with internal teams, and providing strategic insights to enhance security posture. Responsibilities:Lead...

  • Information Security Associate

    2 weeks ago

    Pune, Maharashtra, India Zensar Technologies Full time

    Greetings from Zensar Technologies, PuneWe are hiring for the Position: Information Security Associate- Place: Pune- Education: Degree in Computer Science- Experience: 5-10 years- Mandatory Skill -Data privacy, iso, pcidss, gdpr.- Certifications: ISO 27001 LA, CISA, CISM, CISSP, CompTIA or other globally accepted or reputed certification in the field if...

  • Information Security Associate

    2 weeks ago

    Pune, Maharashtra, India Zensar Technologies Full time

    Greetings from Zensar Technologies, Pune We are hiring for the Position: Information Security Associate Place: Pune Education: Degree in Computer Science Experience: 5-10 years Mandatory Skill -Data privacy, iso, pcidss, gdpr. Certifications: ISO 27001 LA, CISA, CISM, CISSP, CompTIA or other globally accepted or reputed certification in the field if...

  • Information Security Associate

    2 weeks ago

    Pune, Maharashtra, India Zensar Technologies Full time

    Greetings from Zensar Technologies, PuneWe are hiring for the Position: Information Security AssociatePlace: PuneEducation: Degree in Computer ScienceExperience: 5-10 yearsMandatory Skill -Data privacy, iso, pcidss, gdpr.Certifications: ISO 27001 LA, CISA, CISM, CISSP, CompTIA or other globally accepted or reputed certification in the field if Information...