Practice Lead – GRC Assurance

This is a fully remote position, open to applicants in India.

📋 Description

• Develop the function.

• Create a delivery operating model that includes intake, scoping, SOWs, QA, SLAs, change control, and reporting.

• Build reusable intellectual property such as templates, playbooks, mapping libraries, workshop agendas, and QA rubrics.

• Recruit and lead a team of specialists, establishing service-line pods over time.

• Deliver and expand service lines in phases:

• - Phase 1: Digitization of frameworks and control/check mapping within Sprinto.

• - Phase 2: Develop packaged services for risk assessment, privacy (DPIA), policy review, internal audits, and audit readiness support.

• - Phase 3: Scale into security assurance programs and partner-led offerings (e.g., VAPT program management, vendor governance, QA, and customer outcomes).

• Take ownership of commercial outcomes.

• Define service packaging and pricing models, including fixed-fee tiers and relevant retainer options.

• Manage utilization, margins, capacity planning, delivery forecasting, and predictable throughput.

• Collaborate with Sales, SE, and CS to appropriately attach services and enhance enterprise deal conversion and retention.

• Innovate AI-enabled service productization.

• Create “AI-assisted playbooks” for repeatable services (DPIA, risk assessment, policy review, internal audit checklists).

• Develop structured input forms and checklists for juniors to ensure consistent output.

• Establish QA guardrails, including mandatory source inputs, validation steps, and human approval gates.

• Maintain an internal library of prompts and templates, continuously improving them based on audit and customer feedback.

• Ensure quality and manage risk.

• Set acceptance criteria and review mechanisms for deliverables.

• Define boundaries and disclaimers to mitigate uncontrolled liability.

• Develop partner qualification standards and a QA framework for services delivered by third parties.

⛳️ Requirements

• 8–10+ years of experience in GRC/security consulting, audit/advisory, or building managed compliance programs.

• Proven track record in building and scaling a services practice or delivery organization from inception to repeatable processes.

• Strong experience with enterprise clients and multi-stakeholder delivery.

• Knowledge of ISO 27001, SOC 2, GDPR, with significant risk assessment experience.

• Hands-on experience with privacy assessments (DPIA).

• Familiarity with complex frameworks such as FedRamp, HITRUST, NIST family, and regional regulations.

• Demonstrated capability in utilizing AI tools (e.g., ChatGPT-style workflows) to minimize manual effort and standardize deliverables.

• Ability to convert domain expertise into reusable templates and guided systems.

• Strong judgment regarding accuracy, confidentiality, and review requirements.

• Proficient in productizing services, including packages, deliverables, QA, and SLAs.

• Strong commercial acumen: pricing, margins, and capacity planning.

• Excellent written communication skills and workshop facilitation abilities.

• Strong decision-making skills in ambiguous situations, without allowing scope creep.

• Prior leadership experience in multi-service GRC offerings (risk, privacy, internal audits, readiness).

• Experience in auditing and implementing GRC frameworks.

• Certifications (preferable): ISO 27001 LA/LI, CISA, CISM, CISSP, or PCI QSA.

🏝️ Benefits

• Work wherever you are: We’re 100% remote, allowing you to choose your workspace—be it home, a café, the hills, or the beach.

• Co-working on the house: If co-working suits you, we provide a generous annual allowance of up to INR 14,000* for social working.

• We care about your learning: We are committed to your growth, providing USD 1000 annually to help you enhance your skills.

• We value your time: We care about you as a person, not just as an employee, offering Unlimited leaves for when you need a reset.

• Your safety net, woven in: We cover the what-ifs, offering health insurance with coverage up to INR 10 lakh for you and your family, along with an additional INR 10 lakh for accident protection and life insurance worth 3× your annual salary, ensuring you and your family are protected so you can thrive.

• Workspace setup of your dreams: Work from anywhere; if that’s home, we’ll contribute INR 35,000 to help you create a workspace that enhances your workflow.