Senior Compliance Engineer (GRC)
On-site · Bengaluru, Karnataka, India
Job Summary
Lead end-to-end GRC initiatives across ISO, SOC 2 Type II, GDPR/HIPAA and related frameworks (ISO 27001/27701/42001) including audits, client assurance, and continuous control monitoring. Design, implement, and continuously improve compliance programs across cloud environments, embedding controls (IAM, encryption, network/endpoint security) into infrastructure and CI/CD. Manage client security questionnaires, due diligence, and post-onboarding/renewal requirements; drive remediation of audit findings; collaborate with Sales, Legal, Product, Engineering, and Customer Success to meet regulatory and security needs. Own audit planning and execution, governance, policy development, risk registers, and third-party risk management; lead awareness training and adopt GRC tooling (Drata, Vanta, Sprinto) to provide real-time visibility and reporting.
Required Qualifications
- 8–12+ years of experience in Security, Compliance, or GRC roles
- Proven experience managing end-to-end audits (ISO 27001/27701/42001, SOC 2 Type II, GDPR, HIPAA)
- Strong experience in handling client security reviews and infosec discussions
- Hands-on experience with GRC tools and compliance automation platforms
- Familiarity with risk management and control frameworks
- Strong stakeholder management and communication skills
- Experience in fintech or regulated environments
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.