Lead - GRC & Compliance Excellence

Company DescriptionZeapl.ai is an enterprise loyalty & communication engagement platform trusted by marquee brands in India and International markets.Role DescriptionAs a SOC 2 and ISO-certified SaaS company, we are seeking a GRC & Compliance Excellence Lead to strengthen, operationalize, and continuously enhance our governance, risk, and compliance framework.This role is critical in ensuring that:·     Compliance is embedded into day-to-day workflows, not treated as a periodic activity·     Processes are consistently followed, measurable, and audit-ready·     The organization operates in a state of continuous audit readiness, not reactive complianceThe ideal candidate will bring strong hands-on audit ownership, process enforcement capability, and cross-functional execution experience. This is an individual contributor role.Key ResponsibilitiesCompliance & Audit Management (Core Focus)·     Own and manage SOC 2 Type II and ISO 27001 surveillance audits·     Act as the primary SPOC for auditors (internal & external)·     Manage audit artifacts, evidence, and documentation·     Ensure continuous monitoring of control effectiveness·     Coordinate with client GRC / InfoSec teams for compliance reviews and approvals·     Lead client-facing GRC discussions, including presenting audit logs and compliance postureProcess Governance & Enforcement·     Review and strengthen existing SOPs and control frameworks·     Ensure adherence to defined processes across teams·     Introduce checkpoints, approvals, and governance mechanisms·     Identify and eliminate process gaps and bypass scenariosInternal Audit & Continuous Monitoring·     Conduct quarterly internal audits and control testing·     Identify:o    Control failureso    Process deviationso    Risk exposureo    Drive timely closure of audit findings and observationsRisk & Incident Management·     Maintain and update the organizational risk register·     Track and manage : Data/security incidents, Process failures·     Drive root cause analysis (RCA) and corrective/preventive actionsAccess, Change & Control Reviews·     Conduct and monitor:·     Access management audits·     Change management reviews·     Control validations across systems and workflowsBusiness Process Maturity·     Improve and standardize processes across:·     Customer onboarding·     Data handling lifecycle·     Payment and finance workflows·     Access control and provisioning·     Drive automation of controls and audit evidence collection wherever feasibleVendor & Third-Party Risk·     Manage vendor risk assessments and onboarding due diligence as and when needed·     Ensure third-party compliance alignment with internal standardsQualification & Experience ·     3-6 years of experience in GRC within SaaS, fintech, or IT environments·     Proven ownership of:o    SOC 2 and/or ISO 27001 auditso    Internal audits and control testing·     Demonstrated ability in:o    Enforcing controls and ensuring adherence across teamso    Implementing processes in live business environments·     Strong experience in:o    Policy and SOP design with practical implementationo    Risk assessment, mitigation planning, and incident management·     Experience with data privacy regulations (e.g., DPDP, GDPR), is preferable·     Understanding of product, application, or infrastructure audits·     Exposure to:o    Log monitoring, audit trails, and control validation mechanismso    Access management and system-level controls·     Bachelor’s or Master’s degree in Security, Information Systems or related field·     Familiarity with:o    GRC / audit management toolso    Ticketing systems (e.g., Jira)o    Documentation platforms·     Certifications such as CISA, ISO 27001 Lead Auditor/Implementer, SOC 2

Apply Now