GRC Manager(Governance,Risk & Compliance)

About Us

Exotel is the emerging markets leading full-stack customer engagement platform and business-focused virtual telecom operator. Incorporated in 2011 Exotels cloud-based product suite powers 50 million daily engagements across voice video and messaging channels. Exotel powers unified customer engagement to over 6000 companies in 60 countries including India Southeast Asia the Middle East and Africa. Today some of the fastest-growing companies in the emerging markets (Ola Swiggy Flipkart GoJek Byjus Urban Company HDFC Bank Zomato Oyo etc.) manage their customer engagement with Exotels suite of communication APIs Ameyos omnichannel contact centre (merger) and Cogno AIs conversational AI platform (acquisition) over the cloud. Theyre a $100 million Series D-funded company with $60 million in ARR.

Job overview :

Exotel GRC team drives risk management and compliance within the organisation supporting Exotel and its product portfolio.

We are looking for a GRC Manager with experience in compliance and security to help protect and enable Exotel products and services. The GRC works as a line of defence by periodic audits against all the control owners the platform team the Security team and the Engineering stakeholders.

Key responsibilities :

Customer Trust Assurance Leadership :

Develop and execute the strategy for Customer Trust Assurance ensuring our security and compliance posture consistently meets and exceeds the expectations of a sophisticated client base especially BFSI institutions.

Serve as the primary customer-facing security and compliance expert engaging directly with clients security audit and procurement teams to present our controls address concerns and foster long-term trust.

Maintain and continuously update a comprehensive Trust Portal or similar resource containing all relevant compliance documentation certifications and security white papers for client consumption.

Client Audit Management & Facilitation :

Lead coordinate and manage all client-initiated audits reviews and due diligence activities specifically focusing on BFSI clients stringent regulatory requirements.

Own the end-to-end audit lifecycle including scoping internal readiness reviews direct client communication on-site / virtual facilitation artifact gathering and managing post-audit remediation plans.

Translate complex client-specific audit requirements (e.g. related to GDPR CCPA ISO 27001 SOC 2 and BFSI regulations) into actionable tasks for internal security and engineering teams.

Risk Management :

Conduct risk assessments and identify analyse and evaluate potential risks across all areas of the business.

Develop and maintain a comprehensive risk register including risk assessments mitigation plans and key risk indicators (KRIs).

Monitor and report on key risks and emerging threats.

Assist in the development and implementation of risk mitigation strategies and controls.

Coordinate with teams on the Implementation of risk management strategies aligned with stakeholders.

Compliance :

Ensure compliance with all applicable laws and regulations (e.g. data privacy laws industry-specific regulations cybersecurity frameworks like NIST CSF 2.0 ISO 27001 : 2022).

Conduct internal audits and compliance reviews to identify and address any gaps.

Manage regulatory reporting requirements and ensure timely submission of all necessary filings.

Advise on and implement best practices for compliance with relevant standards (e.g. ISO 27001 SOC 2 Data Privacy).

Governance :

Assist in the development and implementation of internal policies and procedures related to governance risk and compliance.

Contribute to the development and maintenance of a strong control environment.

Support the development and implementation of a robust ethics and compliance program.

Stakeholder Management :

Collaborate with business units IT legal and other stakeholders to identify and address risk and compliance issues.

Communicate effectively with all levels of management on risk and compliance matters.

Build and maintain strong relationships with internal and external auditors.

Work under CISO and facilitate Audits like ISO 27001 audits and findings closure by follow-up with respective teams.

Identify stakeholders and their roles keep them informed of project progress address their concerns and implement their feedback.

Work with team members and stakeholders to understand and identify work challenges and program goals obtain prioritized deliverables and discuss program impacts.

Continuous Improvement :

Stay abreast of evolving regulatory requirements industry best practices and emerging threats.

Continuously evaluate and improve the organisations GRC framework and processes.

Proactively identify and implement new GRC initiatives.

Qualifications & skills required :

• 10 years of experience in a GRC role with a strong understanding of risk management frameworks methodologies and tools
• Experience : Proven track record in a GRC Information Security or Audit role with at least 3 years in a leadership or client-facing capacity. Extensive experience managing security audits from major BFSI clients is mandatory.
• Knowledge : Deep understanding of BFSI compliance frameworks (e.g. FFIEC GLBA PCI DSS) and international standards (e.g. ISO 27001 SOC 2 HIPAA NIST).
• Experience with one or more of the NIST CSF 2.0 framework SOC2 Type2 ISO27001 : 2022
• Strong communication and interpersonal skills with the ability to effectively communicate complex information to both technical and non-technical audiences.
• Experience working in a fast-paced and dynamic environment.
• 3 years of experience in technology risk including one or more domains (e.g. access management vulnerability management change management business continuity application security asset management).
• 2 years of experience in effectively analysing data and programs for security risk compliance and maturity.
• 2 years of program management experience in a corporate environment.
• Experience with Certifications for SOC2 Type 2 ISO27001 : 2022

Good to have :

Required Experience :

Manager

Key Skills

Arm,Risk Management,Financial Services,Cybersecurity,COSO,PCI,Root cause Analysis,COBIT,NIST Standards,SOX,Information Security,RMF

Employment Type : Full-Time

Experience : years

Vacancy : 1