🛠 Tech Stack

💼 About This Role

You'll own the external audit lifecycle for SOC 2, PCI DSS, ISO 27001, HITRUST, and HIPAA, ensuring Observe.AI maintains industry-leading compliances. Reporting to the Head of Information Security, you'll build the compliance program from the ground up.

🎯 What You'll Do

• Own end-to-end external audits for SOC 2, PCI DSS, ISO 27001, HITRUST, HIPAA, GDPR/CCPA
• Manage audit schedules, evidence requests, and auditor communications
• Coordinate internal stakeholders to gather timely audit evidence
• Drive remediation plans and track audit status to closure

📋 Requirements

• 9+ years in GRC or information security compliance
• 3+ years directly managing external audits
• Hands-on experience with SOC 2 Type II, PCI DSS, ISO 27001, HITRUST audits
• Deep knowledge of control frameworks (NIST CSF, CIS Controls, ISO 27001 Annex A)

✨ Nice to Have

• Experience at a SaaS product company processing sensitive customer data
• Proficiency with GRC automation platforms (Vanta, Drata, OneTrust)
• Relevant certifications: CISA, CISSP, CISM, CRISC

🎁 Benefits & Perks

• 🏥 Excellent medical insurance and free online doctor consultations
• 📚 Learning & Development fund to support your career growth
• 🎉 Generous holidays, privilege and sick leaves as per Karnataka Act
• 👶 Parental leave and recognition policies

📨 Hiring Process

Estimated timeline: 2-4 weeks · AI estimate

1. 1Recruiter Screen· 30 min
2. 2Technical Interview· 60 min
3. 3Hiring Manager Interview· 45 min