Company Description

Zeapl.ai is an enterprise loyalty & communication engagement platform trusted by marquee brands in India and International markets.

Role Description

As a SOC 2 and ISO-certified SaaS company, we are seeking a GRC & Compliance Excellence Lead to strengthen, operationalize, and continuously enhance our governance, risk, and compliance framework.

This role is critical in ensuring that:

· Compliance is embedded into day-to-day workflows, not treated as a periodic activity

· Processes are consistently followed, measurable, and audit-ready

· The organization operates in a state of continuous audit readiness, not reactive compliance The ideal candidate will bring strong hands-on audit ownership, process enforcement capability, and cross-functional execution experience.

Key Responsibilities

Compliance & Audit Management (Core Focus)

· Own and manage SOC 2 Type II and ISO 27001 surveillance audits

· Act as the primary SPOC for auditors (internal & external)

· Manage audit artifacts, evidence, and documentation

· Ensure continuous monitoring of control effectiveness

· Coordinate with client GRC / InfoSec teams for compliance reviews and approvals

· Lead client-facing GRC discussions, including presenting audit logs and compliance posture

Process Governance & Enforcement

· Review and strengthen existing SOPs and control frameworks

· Ensure adherence to defined processes across teams

· Introduce checkpoints, approvals, and governance mechanisms

· Identify and eliminate process gaps and bypass scenarios

Internal Audit & Continuous Monitoring

· Conduct quarterly internal audits and control testing

· Identify:

o Control failures o Process deviations o Risk exposure o Drive timely closure of audit findings and observations

Risk & Incident Management

· Maintain and update the organizational risk register

· Track and manage:

· Data/security incidents

· Process failures

· Drive root cause analysis (RCA) and corrective/preventive actions

Access, Change & Control Reviews

· Conduct and monitor:

· Access management audits

· Change management reviews

· Control validations across systems and workflows

Business Process Maturity

· Improve and standardize processes across:

· Customer onboarding

· Data handling lifecycle

· Payment and finance workflows

· Access control and provisioning

· Drive automation of controls and audit evidence collection wherever feasible

Cross-functional Collaboration

· Work closely with:

· Engineering (access, infra, and security controls)

· Product (process and data handling alignment)

· HR (employee lifecycle controls)

· Finance (revenue and payment controls)

· Sales (contractual compliance)

· Conduct periodic training and awareness programs

Vendor & Third-Party Risk

· Manage vendor risk assessments and onboarding due diligence

· Ensure third-party compliance alignment with internal standards

Qualification & Experience

· 5–9 years of experience in GRC within SaaS, fintech, or IT environments

· Proven ownership of:

o SOC 2 and/or ISO 27001 audits (post-certification phase)

o Internal audits and control testing

· Demonstrated ability in:

o Enforcing controls and ensuring adherence across teams o Implementing processes in live business environments

· Strong experience in:

o Policy and SOP design with practical implementation o Risk assessment, mitigation planning, and incident management

· Experience with data privacy regulations (e.g., DPDP, GDPR), is preferable

· Understanding of product, application, or infrastructure audits

· Exposure to:

o Log monitoring, audit trails, and control validation mechanisms o Access management and system-level controls

· Bachelor’s or Master’s degree in Business, Information Systems or related field

· Familiarity with:

o GRC / audit management tools o Ticketing systems (e.g., Jira)

o Documentation platforms

· Certifications such as CISA, ISO 27001 Lead Auditor/Implementer, ISO 31000 are preferred