Lead - GRC & Compliance Excellence

Company Description

Zeapl.ai is anenterprise loyalty & communication engagement platformtrusted by marquee brands in India and International markets.

Role Description

As a SOC 2 and ISO-certified SaaS company, we are seeking a GRC & Compliance Excellence Lead to strengthen, operationalize, and continuously enhance our governance, risk, and compliance framework.

This role is critical in ensuring that:

Compliance is embedded into day-to-day workflows, not treated as a periodic activity

Processes are consistently followed, measurable, and audit-ready

The organization operates in a state of continuous audit readiness, not reactive compliance

The ideal candidate will bring strong hands-on audit ownership, process enforcement capability, and cross-functional execution experience.

Key Responsibilities

Compliance & Audit Management (Core Focus)

Own and manageSOC 2 Type II and ISO 27001 surveillance audits

Act as theprimary SPOC for auditors (internal & external)

Manage audit artifacts, evidence, and documentation

Ensurecontinuous monitoring of control effectiveness

Coordinate withclient GRC / InfoSec teamsfor compliance reviews and approvals

Leadclient-facing GRC discussions, including presenting audit logs and compliance posture

Process Governance & Enforcement

Review and strengthenexisting SOPs and control frameworks

Ensureadherence to defined processes across teams

Introducecheckpoints, approvals, and governance mechanisms

Identify and eliminateprocess gaps and bypass scenarios

Internal Audit & Continuous Monitoring

Conductquarterly internal audits and control testing

Identify:

oControl failures

oProcess deviations

oRisk exposure

oDrivetimely closure of audit findings and observations

Risk & Incident Management

Maintain and update theorganizational risk register

Track and manage:

Data/security incidents

Process failures

Driveroot cause analysis (RCA)and corrective/preventive actions

Access, Change & Control Reviews

Conduct and monitor:

Access management audits

Change management reviews

Control validations across systems and workflows

Business Process Maturity

Improve and standardize processes across:

Customer onboarding

Data handling lifecycle

Payment and finance workflows

Access control and provisioning

Driveautomation of controls and audit evidence collectionwherever feasible

Cross-functional Collaboration

Work closely with:

Engineering (access, infra, and security controls)

Product (process and data handling alignment)

HR (employee lifecycle controls)

Finance (revenue and payment controls)

Sales (contractual compliance)

Conductperiodic training and awareness programs

Vendor & Third-Party Risk

Managevendor risk assessments and onboarding due diligence

Ensurethird-party compliance alignmentwith internal standards

Qualification & Experience

59 years of experience in GRC within SaaS, fintech, or IT environments

Proven ownership of:

oSOC 2 and/or ISO 27001 audits (post-certification phase)

oInternal audits and control testing

Demonstrated ability in:

oEnforcing controls and ensuring adherence across teams

oImplementing processes in live business environments

Strong experience in:

oPolicy and SOP design with practical implementation

oRisk assessment, mitigation planning, and incident management

Experience with data privacy regulations (e.g., DPDP, GDPR), is preferable

Understanding of product, application, or infrastructure audits

Exposure to:

oLog monitoring, audit trails, and control validation mechanisms

oAccess management and system-level controls

Bachelors or Masters degree in Business, Information Systems or related field

Familiarity with:

oGRC / audit management tools

oTicketing systems (e.g., Jira)

oDocumentation platforms

Certifications such as CISA, ISO 27001 Lead Auditor/Implementer, ISO 31000 are preferred