Demonstrate hands-on working knowledge of at least one major security framework (ISO 27001, SOC 2, GDPR, DPDP, etc.) and the ability to learn others quickly.
Interpret audit findings/NCs, identify compliance gaps, and drive closure independently with cross-functional teams (Infra, Engineering, Product, Legal, HR).
Maintain continuous readiness for internal/external audits through structured evidence management, document updates, and control monitoring.

2. Risk Management & Governance

Perform internal gap assessments, maturity assessments, and risk analyses mapping to ISO 27001/31000, NIST CSF, CIS, SOC2, DPDP.
Assist in building, implementing, and maintaining governance frameworks, security policies, SOPs, standards, and control libraries.
Create impact-oriented risk dashboards, KRIs/KPIs, and compliance scorecards for leadership.

3. Security Automation & Control Monitoring

Work with the Cyber Security Leader to automate recurring governance operations, including access reviews, evidence workflows, risk scoring, vendor assessments, and configuration audits.
Review and monitor security configurations for tools like MDM, DLP, EDR, IAM, CIEM, SSO, etc., and ensure deviations are tracked and remediated.
Build AI governance layer and perform security reviews

4. Third-Party/Vendor Risk Management

Conduct and maintain end-to-end vendor security reviews, DPAs, privacy assessments, and risk profiles.
Work with Procurement, Legal, and Engineering to onboard vendors and ensure contractual compliance with global standards.

5. Privacy, Global Regulations & Due-Diligence Support

Research new privacy/security laws (DPDP, GDPR, PDPL UAE/KSA, LHDN Malaysia, EU PDP, etc.) and translate them into actionable business requirements.
Respond to enterprise client security due-diligence questionnaires, RFPs, contractual clauses, and customer audits.

6. Awareness, Training & Culture

Plan and deliver employee security awareness initiatives—trainings, phishing drills, campaigns, newsletters, and behavioral insights.
Maintain documentation for incidents, BC/DR exercises, and compliance operations to support org-wide security culture.

Required Skills & Experience

Bachelor’s/Master’s degree in Computer Science, Information Security, Engineering, or related field.
3–6 years of GRC, Security Governance, Compliance, Audit, or IT Risk Management experience in a SaaS or cloud-first environment.
Understanding of frameworks & standards: ISO 27001/31000, SOC2, NIST CSF, CIS, COBIT, COSO.
Good familiarity with DPDP, GDPR, CERT-In, and sector-specific regulations.
High sense of ownership and accountability — able to independently take a task from requirement to completion without needing follow-ups.
Strong ability to translate compliance frameworks into actionable tasks and measurable controls.
Analytical mindset with strong documentation and problem-solving abilities.
Excellent communication skills for dealing with auditors, enterprise customers, and internal leadership.

Bellwethers welcome.