GRC Lead

We are seeking a mid- to senior-level Governance, Risk & Compliance (GRC) professional to own and evolve our security compliance program. This role is responsible for managing our security-related RFP and questionnaire processes and leading the preparation and execution of all audits tied to our compliance certifications (including SOC 2 Type II, ISO27001, and others).
This is a high-impact role that partners closely with Security, Engineering, Legal, Sales, and Customer Success to ensure we consistently meet our customers' expectations and our regulatory obligations.
Responsibilities:
Compliance Management

• Lead external audit engagements for SOC 2 Type II, ISO 27001, ISO 27701, ISO 42001, and CSA STAR.
• Own the relationship with external auditors and certification bodies.
• Develop and drive Swimlane's compliance maturity roadmap, including future programs such as FedRAMP, CMMC, the EU AI Act, IRAP, and additional emerging frameworks.
• Monitor evolving regulations, industry standards, and global compliance requirements impacting security, privacy, and AI governance.

Governance & Policy Management

• Develop, maintain, and continuously improve policies, procedures, and plans within Swimlane's integrated management system (security, privacy, and AI governance).
• Coordinate annual policy and documentation reviews in alignment with audit schedules and certification timelines.
• Assign and reinforce control ownership across business units, ensuring accountability and operational alignment.
• Provide guidance to teams to ensure organizational processes and business objectives remain compliant with policies and regulatory expectations.
• Define and track key GRC metrics (KPIs/KRIs), such as policy exceptions, risk register health, audit status, and control performance.
  

Risk Management

• Oversee the annual risk assessment and risk treatment planning aligned to ISO 27001, ISO 27701, and ISO 42001 requirements.
• Conduct targeted risk assessments and gap analyses to support strategic initiatives and emerging risks.
• Drive continuous improvement of enterprise risk processes and alignment of risk
  ownership across all departments.
• Collaborate closely with Engineering and Product teams to embed risk management
  into roadmaps and development processes.
  

Internal Audit Program

• Lead full lifecycle internal audit engagements (planning, execution, reporting, and remediation).
  Manage internal audits required for certification under ISO 27001, ISO 27701, and ISO 42001.
• Implement and configure automation solutions for continuous control monitoring in partnership with GRC engineering resources.

Third-Party Risk Management

• Conduct risk assessments and due diligence for all new vendors and technology partners.
• Maintain a complete and up-to-date third-party inventory and oversee ongoing monitoring activities.
• Ensure third-party risk practices align with Swimlane's broader compliance obligations.

Trust & Customer Assurance

• Own and maintain the company's external Trust Center, ensuring accurate and up- to-date documentation.
• Lead the completion of customer security questionnaires, RFPs, and all due diligence processes.
• Curate, organize, and maintain a repository of GRC documentation for external stakeholders (prospects, customers, partners, auditors).
  Serve as the primary SME for GRC topics, requiring strong familiarity with security architecture, engineering controls, and AI-related governance.
  

Business Continuity & Disaster Recovery

• Facilitate annual updates to the Business Continuity (BC) and Disaster Recovery (DR) plans.
• Coordinate BC/DR tabletop exercises and ensure alignment to audit and certification requirements.
• Support validation of cloud service availability, backup restoration, resiliency processes, and incident response playbooks.

Security Awareness & Training

• Deliver and track company-wide security awareness training.
• Develop role-specific training programs, including secure development, data protection, and acceptable use of AI technologies, aligned with compliance mandates.

Minimum Qualifications:

• 10+ years of experience in GRC, security compliance, risk management, or a related discipline.
• Hands-on experience managing SOC 2, ISO 27001, or similar security frameworks and audits.
• Strong understanding of security controls, compliance requirements, and industry best practices.
• Experience managing security questionnaires, RFP/RFI responses, or customer security due diligence processes.
• Excellent project management and organizational skills; ability to prioritize and manage multiple concurrent requests.
• Strong communication skills and comfort working with both internal stakeholders and external auditors.
• Familiarity with compliance or RFP tools is a plus.

Location: This role is based in India, and candidates must be current residents of India before applying to be considered.

Who we are, and what we offer:
Swimlane is a rapidly growing, innovative startup that provides cloud-scale, low-code security automation for organizations of all industries and sizes. Our technology is relied upon by major security-forward companies around the globe, and we are consistently rated as the #1 trusted low-code security automation platform. Our mission is to prevent breaches and enable continuous compliance via a low-code security automation platform that serves as the system of record for the entire security organization.

The Perks of Being a Swimlaner:

• Competitive Benefits & Compensation
• Stock Options
• Training & Professional Development Opportunities
  
• MacBook Pro
• Great Company Culture
• We value collaboration and innovation
• Give-back Volunteering Opportunities

Here at Swimlane, our core focus is to Automate the World of Security and we strive to represent our five core values in everything we do:

• Punch above your weight class - We make the most of our circumstances and constantly surprise and impress with our ability to deliver.
• Be a happy innovator - The hard problems are the fun problems to solve, we're excited to take on difficult challenges and find creative solutions.
• Always be leveling up - We are continuously improving, embracing change, and consuming information to better ourselves and each other.
• Move at the speed of WOW - We work with an extreme sense of urgency, but we never compromise quality.
• Have honesty and integrity in 'all the things' - We make decisions with the best of intentions, doing what is right for as many stakeholders as possible.

To complete your application, please submit your resume to