Job
Description
The Lead Compliance professional is responsible for ensuring that the organization adheres to legal, regulatory, and internal policy requirements. The role involves developing, implementing, and maintaining compliance frameworks, risk management strategies, and governance policies to mitigate potential risks and ensure business continuity. Must Have Key Responsibilities: Compliance Management: Develop and implement compliance programs in line with applicable laws, regulations, and industry standards (e.g., ISO 27001, ISO 27701, ISO 22301, ISO 31000, ISO 22301, ISO 20000-1, GDPR, DPDP Act, ITGC, NIST, CIS, MITRE and other compliance requirement). Conduct internal compliance audits and risk assessments to identify gaps and areas of improvement. Monitor and interpret regulatory changes and assess their impact on business operations. Ensure alignment of compliance policies with corporate governance frameworks. Regulatory and Legal Compliance: Stay up-to-date with local, national, and international regulatory requirements. Collaborate with legal teams to ensure compliance with corporate laws, financial regulations, and data protection laws. Risk Management & Governance: Identify, assess, and mitigate compliance risks across business operations. Implement and oversee governance, risk, and compliance (GRC) frameworks. Establish due diligence processes for vendors, third-party relationships, and partners. Audit and Investigations: Lead internal and external compliance audits, including ISO and regulatory audits. Investigate non-compliance incidents and implement corrective and preventive actions (CAPA). Ensure proper documentation of compliance reports, risk assessments, and audit findings. Policy and Training Development: Develop, review, and update compliance policies, procedures, and guidelines. Conduct employee training on compliance policies, ethical conduct, and regulatory requirements. Foster a compliance-aware culture within the organization through continuous education and awareness programs. Stakeholder Collaboration: Work closely with senior leadership, IT security, Product, HR, IT Admin, legal, Accounts and risk management teams to ensure comprehensive compliance coverage. Provide expert guidance to business units on compliance-related matters. Qualifications & Skills: Education: Business Administration, information security, or related fields. Certifications (Preferred): ISO 27001 Lead Auditor/Lead Implementer, or other relevant compliance certifications. Experience: Minimum 7+ years in compliance, risk management, governance, or regulatory affairs. Strong understanding of global compliance standards (ISO, GDPR, DPDP, etc.). Experience in conducting compliance audits and risk assessments. Excellent analytical, problem-solving, and decision-making skills. Strong leadership, communication, and stakeholder management abilities. Proficiency in GRC tools and compliance management software. Good to Have Key Responsibilities: Additional Compliance Standards & Frameworks: Experience with other compliance requirements beyond the core ones mentioned (e.g., industry-specific frameworks). Hands-on experience with ITGC, CIS, MITRE, and advanced regulatory frameworks. Advanced Stakeholder Engagement: Experience in engaging with regulatory bodies and government agencies. Providing strategic recommendations for compliance to executive leadership. Proficiency in Compliance Tools & Technologies: Hands-on experience with GRC tools and compliance management software. Certifications (Preferred but Not Mandatory): ISO 27001 Lead Auditor/Lead Implementer or other relevant compliance certifications. Enhanced Policy Development & Training: Expertise in designing custom compliance training programs tailored to different business functions. Experience in developing automated compliance monitoring processes.
