Senior GRC Manager

What You’ll Do

• Be the primary point of contact for all things GRC for our Puna, India office acting as an internal resource for compliance-related questions and initiatives.

• Support implementation of FloQast's internal controls inventory as new controls are added and existing controls are changed 

• Build upon the controls inventory to ensure control owners, testing procedures, related policies, and other pertinent information is accurately documented and kept up to date for the Pune office.

• Work with control owners in Pune to ensure process narratives are documented and updated annually for all controls

• Initiate, monitor, and follow up on monthly and quarterly control activities to ensure they are completed on time and proper evidence is documented to meet audit requirements.

• Serve as a trusted advisor and advocate for security and compliance, engaging with teams across the company to foster a strong risk-aware culture.

• Facilitate the development and maintenance of policies, standards, processes, and guidelines by drafting the documentation update, gathering the appropriate approvals, and reporting on all changes in policy review meetings. 

• Support annual internal and external ISO 27001, ISO 27701, ISO 42001 SOC 1, SOC 2, and other similar audits by scheduling audit interviews, submitting evidence requests to control owners, following up as needed to obtain evidence on time, reviewing evidence provided for accuracy, and facilitating follow up requests as needed to ensure our audits remain on schedule. 

• Aggregate identified internal control issues and perform a root cause analysis and collaborate on remediation efforts

• Be an advocate for compliance best practices and the point of contact for stakeholders from departments throughout the company

• Support customer assurance activities, including completion of security questionnaires and participation in customer discussions.

• Participate in and contribute to cross-functional project teams

• Any other tasks that may be assigned to help the company meet its goals

What You’ll Bring

• 4+ years of relevant experience 

• Knowledge and familiarity with at least one security, privacy, and compliance practices (SOC 1, SOC 2, ISO 27001, ISO 27701, ISO 42001, PCI, HIPAA, etc)

• Understanding of information security and privacy fundamentals

• Certification preferred in one of the following: CompTIA, CISSP, CISA, CISM, Cloud platforms such as AWS, Azure or GCP 

• Confidence and willingness to ask questions, raise issues, and concerns in a timely manner

• Understanding of AI governance or leveraging AI tools to improve compliance and audit efficiency

Nice To Haves/Other

• Familiarity with NIST, CIS, and other information security frameworks is a bonus but not required

• Experience working for a software development company is a bonus but not required

• Highly collaborative, detail-oriented, intellectually curious, with strong organizational skills and an authentically friendly demeanor  

• Builder mindset, comfortable sharing ideas, trying new approaches and is focused on achieving team and company short and long term goals 

• Flexible and adaptable in high growth, start-up environment