Information Security Lead

Role Overview:

As the GRC Lead, you will be responsible for leading governance, risk, compliance, and audit initiatives across the enterprise. This role demands hands-on experience in implementing ISO 27001, managing SOC 2 readiness, driving privacy and regulatory compliance (including DPDPA and GDPR), and aligning secure SDLC practices. The ideal candidate will work cross-functionally with IT, Legal, Product, and Engineering teams to uphold a mature and compliant security posture for Tanla and its group companies.

Key Responsibilities:

1. Governance, Risk & Compliance (GRC):

• Lead the implementation and lifecycle of ISO 27001:2022, including SoA, risk treatment, and audit coordination.
• Draft, implement, and maintain Information Security Policies, standards, and procedures aligned with ISO, SOC 2, and legal mandates.
• Conduct and manage Business Impact Analysis (BIA) and Privacy Impact Assessments (PIA) across business units.
• Drive Third-Party Risk Management (TPRM) including vendor profiling, due diligence, and periodic security reviews.
• Ensure compliance with data localization, DPDPA, and GDPR regulations.
• Manage client security audits, internal reviews, and audit readiness documentation.
• Align and integrate Secure SDLC practices across product and engineering teams.

2. Audit & Certification Readiness:

• Prepare for and support external certifications such as ISO 27001 and SOC 2 Type 2.
• Track and manage audit observations, root cause analysis (RCA), and CAPA execution.
• Maintain a centralized repository of evidence and audit logs to ensure ongoing compliance readiness.

3. Secondary Technical Skills:

• Exposure to Vulnerability Assessment & Penetration Testing (VAPT) coordination and follow-ups.
• Familiarity with product security principles, data classification, and secure design practices.
• Awareness of global privacy regulations (GDPR, PDPL, etc.) and implementation nuances.

Requirements:

• Bachelor's degree in Information Security, Computer Science, or related field.
• 8+ years of experience in GRC, cybersecurity compliance, or audit management.
• Strong understanding of ISO 27001, SOC 2 Type 2, DPDPA, and risk management frameworks.
• Must have one of the following certifications: CISA, CISM, or CISSP.
• ISO 27001 Lead Auditor certification preferred.
• Experience with client audit handling, compliance operations, and policy development.
• Excellent documentation, communication, and stakeholder engagement skills.

Why join us?

• Impactful Work:

  Play a pivotal role in safeguarding Tanla's assets, data, and reputation in the industry.

• Tremendous Growth Opportunities:

  Be part of a rapidly growing company in the telecom and CPaaS space, with opportunities for professional development.

• Innovative Environment:

  Work alongside a world-class team in a challenging and fun environment, where innovation is celebrated.

Tanla is an equal opportunity employer. We champion diversity and are committed to creating an inclusive environment for all employees.

We look forward to hearing from you soon.