Lead - GRC & Compliance Excellence

zeapl.ai
location

india, West Bengal, Kolkata

Full–time

inr null - null /undefined

Company Description Zeapl.ai is an enterprise loyalty & communication engagement platform trusted by marquee brands in India and International markets. Role Description As a SOC 2 and ISO-certified SaaS company, we are seeking a GRC & Compliance Excellence Lead to strengthen, operationalize, and continuously enhance our governance, risk, and compliance framework. This role is critical in ensuring that: · Compliance is embedded into day-to-day workflows, not treated as a periodic activity · Processes are consistently followed, measurable, and audit-ready · The organization operates in a state of continuous audit readiness, not reactive compliance The ideal candidate will bring strong hands-on audit ownership, process enforcement capability, and cross-functional execution experience. Key Responsibilities Compliance & Audit Management (Core Focus) · Own and manage SOC 2 Type II and ISO 27001 surveillance audits · Act as the primary SPOC for auditors (internal & external) · Manage audit artifacts, evidence, and documentation · Ensure continuous monitoring of control effectiveness · Coordinate with client GRC / InfoSec teams for compliance reviews and approvals · Lead client-facing GRC discussions, including presenting audit logs and compliance posture Process Governance & Enforcement · Review and strengthen existing SOPs and control frameworks · Ensure adherence to defined processes across teams · Introduce checkpoints, approvals, and governance mechanisms · Identify and eliminate process gaps and bypass scenarios Internal Audit & Continuous Monitoring · Conduct quarterly internal audits and control testing · Identify: o Control failures o Process deviations o Risk exposure o Drive timely closure of audit findings and observations Risk & Incident Management · Maintain and update the organizational risk register · Track and manage: · Data/security incidents · Process failures · Drive root cause analysis (RCA) and corrective/preventive actions Access, Change & Control Reviews · Conduct and monitor: · Access management audits · Change management reviews · Control validations across systems and workflows Business Process Maturity · Improve and standardize processes across: · Customer onboarding · Data handling lifecycle · Payment and finance workflows · Access control and provisioning · Drive automation of controls and audit evidence collection wherever feasible Cross-functional Collaboration · Work closely with: · Engineering (access, infra, and security controls) · Product (process and data handling alignment) · HR (employee lifecycle controls) · Finance (revenue and payment controls) · Sales (contractual compliance) · Conduct periodic training and awareness programs Vendor & Third-Party Risk · Manage vendor risk assessments and onboarding due diligence · Ensure third-party compliance alignment with internal standards Qualification & Experience · 5–9 years of experience in GRC within SaaS, fintech, or IT environments · Proven ownership of: o SOC 2 and/or ISO 27001 audits (post-certification phase) o Internal audits and control testing · Demonstrated ability in: o Enforcing controls and ensuring adherence across teams o Implementing processes in live business environments · Strong experience in: o Policy and SOP design with practical implementation o Risk assessment, mitigation planning, and incident management · Experience with data privacy regulations (e.g., DPDP, GDPR), is preferable · Understanding of product, application, or infrastructure audits · Exposure to: o Log monitoring, audit trails, and control validation mechanisms o Access management and system-level controls · Bachelor’s or Master’s degree in Business, Information Systems or related field · Familiarity with: o GRC / audit management tools o Ticketing systems (e.g., Jira) o Documentation platforms · Certifications such as CISA, ISO 27001 Lead Auditor/Implementer, ISO 31000 are preferred

0

Applicants

116

Days posted

0%

Response rate

Apply for this role

Job type Full–time
Salary
inr null - null /undefined
Experience - years