Principal InfoSec GRC Specialist – Contract / Permanent

This is a fully remote position, open to applicants in India.

📋 Description

• Implement ‘Security by design’ principles throughout product development processes.

• Oversee the GRC program, establishing a roadmap for maturity in governance, risk management, and compliance efforts.

• Direct, manage, and enhance the organization's Information Security Management System, addressing risk treatment, internal audits, and preparing for external certification audits.

• Act as the subject matter expert for critical compliance frameworks, particularly FedRAMP, while maintaining advanced oversight of HIPAA and the ISO 27001 series (including 27017/27018 for cloud security).

• Guide the creation and updates of enterprise-level security policies, standards, and control frameworks to ensure alignment with regulatory requirements and business goals.

• Manage GRC initiatives with an emphasis on efficient implementation, utilizing automation to streamline activities.

• Lead FedRAMP authorization processes (e.g., Readiness, Assessment, and Continuous Monitoring), coordinating efforts with the 3PAO (Third-Party Assessment Organization) and relevant government entities.

• Offer solution-oriented technical advice to Cloud Engineering, Security Operations, DevOps, and Product teams regarding the architecture, implementation, and documentation of controls necessary for FedRAMP, HIPAA, and ISO 27001 within cloud environments (AWS, Azure, or GCP).

• Conduct and oversee intricate, high-impact risk assessments (e.g., BIA, PIA, Data Flow Mapping) and manage residual risk across the organization, escalating critical risks to senior management.

• Handle high-level customer and partner due diligence inquiries and contract evaluations related to security and compliance.

• Serve as the main InfoSec GRC liaison and subject matter expert, collaborating effectively with internal stakeholders, including Legal, Internal Audit, Product Management, and Tech Leadership.

• Convert complex technical security and compliance requirements into clear, actionable, risk-informed recommendations.

• Lead cross-functional remediation initiatives, adopting a solution-oriented approach to assist technical teams in designing practical and compliant control implementations rather than merely identifying gaps.

• Mentor and guide junior GRC team members, fostering the development of internal capabilities.

⛳️ Requirements

• At least 12+ years of significant experience in Cloud Security and GRC.

• Proven ability to achieve and maintain FedRAMP (moderate or high) compliance, with a deep understanding of NIST SP 800-53 controls.

• Expert-level practical knowledge of HIPAA, SOC, and FedRAMP controls.

• Extensive technical expertise in Cloud Service Provider (CSP) security models and compliance controls within complex cloud architectures.

• Education: Bachelor's or Master's degree in Information Security, IT, Computer Science, or a related technical discipline.

• Certifications (Must possess one or more of the following):

• CISSP (Certified Information Systems Security Professional).

• FedRAMP-specific certifications (e.g., C3PAO Assessor training or substantial practical experience).

• Cloud Security certification such as CCSP (Certified Cloud Security Professional) or CCSK.

🏝️ Benefits

• Flexible Work & Time Off - Embrace hybrid work models and enjoy the freedom of unlimited paid time off to support work-life balance.

• Health & Well-being - Access comprehensive group medical and life insurance coverage, along with a 24/7 Employee Assistance Program (EAP) for mental health and wellness support.

• Growth & Learning - Fuel your professional journey with continuous learning and development programs designed to help you upskill and grow.

• Recognition & Rewards - Get recognized for your contributions through structured reward programs and campaigns.

• Engaging & Fun Work Culture - Experience a vibrant workplace with team events, celebrations, and engaging activities that make every workday enjoyable.

• & Many More...