Senior Compliance Engineer (GRC)

Job Title: Senior Compliance Engineer (GRC)

Location: Bangalore 

Experience: 8–12 years

Role Overview

We are looking for a Senior Compliance Engineer to lead and drive end-to-end GRC initiatives across the organization, including audits, client assurance and continuous control monitoring.

This role will be responsible for the design, implementation and continuous improvement of compliance frameworks, ensuring alignment with regulatory, security and business requirements.

The ideal candidate will combine strong GRC leadership, hands-on execution and client-facing security engagement to ensure the organization remains continuously audit-ready while enabling business growth through strong compliance posture.

Key Responsibilities:

1. Compliance Ownership

• Lead end-to-end compliance initiatives across frameworks such as:
• ISO 27001, ISO 27701, ISO 42001
• SOC 2 Type II
• GDPR, HIPAA and other applicable regulations
• Define and execute the compliance roadmap aligned with business and regulatory needs
• Ensure continuous compliance through proactive monitoring and governance

2. Client Assurance & Security Engagement

• Own and manage client security questionnaires, due diligence activities, and compliance assessments
• Lead client infosec discussions and effectively represent the organization’s security and compliance posture
• Drive timely closure of security and compliance requirements during client onboarding and renewal processes
• Partner closely with Sales, Legal, Product, Engineering, and Customer Success teams to accelerate and unblock client infosec and compliance requirements

3. Audit & Control Validation

• Lead and manage all internal and external audits end-to-end, including audit planning, readiness assessments, execution, evidence collection, control validation, gap analysis, and remediation tracking
• Identify compliance gaps, drive remediation and ensure timely closure of audit findings
• Collaborate with Product, Engineering, auditors, certification bodies and internal stakeholders to maintain compliance and strengthen control effectiveness
  

4. Cloud & Infrastructure Compliance

• Ensure compliance across cloud environments. 
• Implement and validate controls across:
• IAM, logging, encryption, network security, endpoint security
• Partner with engineering teams to embed compliance into infrastructure and CI/CD pipelines

5. Automation & Tooling

• Drive automation of compliance processes and evidence collection
• Implement and manage GRC tools and integrations (e.g., Drata, Vanta, Sprinto, or similar)
• Build dashboards for real-time compliance visibility and reporting
  

6. Policy, Process & Governance

• Develop, implement and maintain security policies, standards and procedures
• Ensure all compliance documentation is up-to-date with no gaps
• Build and manage control frameworks, risk registers and compliance matrices
  
  

7. Vendor & Third-Party Risk Management

• Manage end-to-end vendor and third-party risk assessment processes
• Evaluate vendor security posture, control effectiveness, and compliance readiness
• Ensure third-party compliance alignment with organizational security and regulatory requirements
• Conduct ongoing monitoring and periodic reassessment of vendors to identify and mitigate potential risks
• Drive remediation tracking and risk closure for identified third-party security and compliance gaps

8. Awareness & Training

• Drive organization-wide compliance awareness programs
• Conduct training on policies, security practices, and regulatory requirements

Required Skills & Qualifications

• 8–12+ years of experience in Security, Compliance, or GRC roles
• Proven experience managing end-to-end audits (ISO 27001/27701/42001, SOC 2 Type II, GDPR, HIPAA)
• Strong experience in handling client security reviews and infosec discussions
• Deep understanding of:
• Risk management frameworks and control design
• Cloud security (AWS/Azure/GCP)
• Identity & Access Management, logging, encryption, endpoint security
• Hands-on experience with GRC tools and compliance automation platforms
• Strong stakeholder management and communication skills
• Experience managing end-to-end audits and certifications
• Familiarity with compliance automation tools (Drata, Vanta, Sprinto, etc.)
• Strong understanding of risk management and control frameworks

Good to Have

• Certifications:
• CISA, CISM, CISSP, ISO 27001 Lead Auditor/Implementer
• Experience in fintech or regulated environments
• Exposure to global and regional regulatory requirements