Governance, Risk & Compliance (GRC) Manager

• Audit & Certification Management
• Lead SOC 2, ISO 27001, and other relevant audits.
• Coordinate with external auditors, regulators, and certification bodies.
• Maintain compliance documentation and evidence.
• Customer & Regulatory Compliance
• Respond to customer security questionnaires and due diligence requests.
• Review and support Data Protection Agreements (DPAs).
• Ensure ongoing compliance with data protection and privacy regulations.
• Governance & Policy Management
• Develop, update, and enforce information security and compliance policies.
• Drive company-wide security awareness and compliance training programs.
• Monitor adherence to internal controls and compliance frameworks.
• Risk & Fraud Management
• Conduct risk assessments across business units and products.
• Identify and mitigate fraud risks in Zenworks Payments product.
• Apply AI/ML-driven techniques for fraud detection, anomaly identification, and transaction monitoring.
• Align risk management practices with frameworks (ISO 27005, NIST, etc.).

• AI & Automation in GRC
• Evaluate and implement AI-based tools for compliance monitoring, document reviews, and reporting.
• Leverage AI to automate repetitive compliance tasks (e.g., customer questionnaires, policy reviews).
• Drive innovation in security operations through intelligent automation.
• Collaboration & Stakeholder Management
• Work closely with Product, Engineering, Legal, and Operations teams.
• Act as a bridge between internal stakeholders and external auditors/customers.
• Provide regular compliance and risk reporting to leadership.

Qualifications & Skills

• Education:

• Bachelor's degree in commerce (B.Com), Information Security, or related field.
• Professional qualifications such as CPA, CISA, CISM, or CRISC are highly valued
• Master's degree in information security, Risk Management, or MBA (preferred).

• Certifications (preferred):

• CISA (Certified Information Systems Auditor)
• CISM (Certified Information Security Manager) or CRISC (Certified in Risk and Information Systems Control)

• Experience:

• 5-7 years in information security, risk, compliance, or audit roles.
• Strong experience with SOC 2, ISO 27001, and regulatory compliance.
• Exposure to fraud risk management in payments/fintech (preferred).
• Proven track record of policy drafting, training, and compliance program management.

• Skills:

• Strong knowledge of security and compliance frameworks (ISO, NIST, SOC).
• Excellent communication skills to handle customer and auditor interactions.
• Analytical mindset with the ability to identify and mitigate risks.
• Project management and cross-functional collaboration capabilities.

Why Join Zenwork?

• Opportunity to build and mature GRC practices in a fast-growing compliance tech company.
• Work on impactful products that enable organizations to remain secure and compliant.
• Collaborate with a passionate team that values innovation, integrity, and trust.
• Competitive compensation, benefits, and professional development support.