Senior Compliance Officer

What youll do:

• Responsible for the Governance, Risk, & Compliance (GRC)
• Add, evaluate, manage, and maintain compliance with various laws and frameworks such as ISO 27001, SOC 2, GDPR, HIPAA, and DPDP.
• Develop and maintain a comprehensive risk register and track mitigation efforts.
• Lead the development of internal policies and a controls library to ensure regulatory adherence.
• Manage Vendor Risk Management (VRM) activities, including defining risk tiers, evaluating SIG questionnaires, and reviewing relevant contract clauses.
• Conduct Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIAs).
• Collaborate with the Cloud Infrastructure team on Business Continuity (BC) and Disaster Recovery (DR) planning and drills.
• Develop and implement data classification policies (public/internal/confidential).
• Define and enforce data retention and deletion policies.
• Oversee the implementation and management of encryption protocols (at rest & in transit).
• Implement and manage Data Loss Prevention (DLP) programs.
• Develop and maintain processes for consent tracking and privacy enforcement (e.g., GDPR/CCPA).
• Identify and assess new threats and risks related to

  data governance and exposure due to increasing AI adoption

  .
• Develop and implement security and governance measures specific to AI systems and data usage.

• 5+ years of progressive experience in compliance, GRC, data security, or a related field.
• Strong understanding and practical experience with compliance frameworks such as ISO 27001, SOC 2, GDPR, HIPAA, and PCI-DSS.
• Proven experience in developing and managing risk registers and mitigation plans.
• Demonstrated ability to develop and implement internal policies and controls.
• Experience with Vendor Risk Management (VRM) processes.
• Familiarity with data classification, retention, and encryption best practices.
• Excellent documentation, communication, and training skills for cross-functional enablement.
• Strong problem-solving and troubleshooting mindset, with an eye for process improvement.

• Experience conducting Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIAs).
• Knowledge of Business Continuity (BC) and Disaster Recovery (DR) planning.
• Familiarity with Data Loss Prevention (DLP) programs.
• Understanding of consent tracking and privacy enforcement mechanisms (e.g., GDPR/CCPA).
• Prior experience in a fast-growing tech or SaaS environment.
• Certifications in compliance, data privacy (e.g., CIPP/E, CIPT), or security (e.g., CISSP).
• Exposure to AI security and governance challenges.