Security Compliance & GRC Lead

We are looking for a Security Compliance & GRC Lead to help build and operationalize our security governance function as we scale our platform and customer base.

This role sits at the intersection of security, engineering, operations, audits, and risk management. You will work closely with engineering, platform, operations, and leadership teams to establish practical and scalable security governance processes aligned with how modern cloud-native systems operate.

As we operate in the capital markets ecosystem, this role will also help ensure alignment with applicable regulatory and cybersecurity expectations, including SEBI CSCRF and other relevant regulatory/security guidelines applicable to financial market infrastructure and regulated entities.

This is an opportunity to build and shape the company’s security governance and trust function from an early-stage foundation into a mature, scalable capability. We are looking for someone with a strong builder mindset who is excited to create systems, drive operational discipline, and take ownership of security governance as the organization grows.

What You’ll Do

• Own and drive security governance, compliance, and audit readiness programs across the organization
• Manage ISO 27001/27017/27018 and other relevant certification programs, renewals, and control reviews
• Support alignment with applicable regulatory and cybersecurity requirements, including SEBI CSCRF and related capital markets security expectations
• Coordinate customer audits, regulatory reviews, security questionnaires, and evidence requests
• Build and operationalize processes around risk assessments, vendor governance, access reviews, BCP/DR governance, and policy lifecycle management
• Partner with engineering and platform teams to ensure governance processes reflect operational reality
• Maintain and improve security documentation, control mappings, evidence management, and review workflows
• Help design and build internal tooling/workflows for security governance, audit management, and trust operations
• Drive continuous improvement of organizational security maturity and operational discipline

What We’re Looking For

• 3–6 years of experience in security compliance, GRC, audit, or security operations roles
• Strong understanding of modern cloud-native environments and SaaS security practices
• Experience handling ISO 27001 audits, customer security reviews, and regulated security/compliance environments
• Familiarity with cybersecurity and governance expectations applicable to fintech or capital market participants, including SEBI-related guidelines/frameworks
• Practical understanding of access control, SDLC, cloud security, vulnerability management, backups, DR, vendor risk, and operational security controls
• Ability to work cross-functionally with engineering and operational teams
• Strong communication, documentation, and organizational skills
• Comfortable building processes and operating in a fast-moving environment with evolving structure

Nice to Have

• Experience with fintech, regulated systems, or financial infrastructure
• Familiarity with AWS/cloud-native infrastructure
• Experience with GRC platforms and control automation tools
• Interest in building internal systems and operational tooling around governance and audit workflows