Payatu
Website:
payatu.com
Job details:
Are you passionate about building resilient security programs? Do you think in frameworks, speak in controls, and dream in compliance matrices? If yes, then Payatu is the place for you. We are always in search of passionate professionals to expand our renowned Bandit family. In our quest for GRC leaders, we're looking for individuals passionate about governance, risk management, and compliance to join our esteemed team. Here is an excellent opportunity we would like to share with you.
Who we are?
We are a research-first cybersecurity firm driven by the mission of making the cyberworld safe for every organization, product, and individual. As India's leading offensive security consultancy, we bridge the gap between technical security and business assurance—helping clients across BFSI, manufacturing, healthcare, and technology sectors build robust, auditable, and compliant security programs aligned with global standards.
You are a perfect fit if you have:
- 3–6 years of hands-on experience in GRC, compliance management, security audit, or quality assurance roles within cybersecurity or IT consulting environments
- Bachelor's degree in Information Security, IT, Computer Science, Engineering, or related disciplines
- Proven experience implementing and maintaining ISO/IEC 27001:2022 ISMS frameworks, including gap analysis, control implementation, and internal/external audit support
- Strong working knowledge of ISO/IEC 27001 Annex A controls and their practical application across diverse organizational contexts
- Demonstrated experience with ISO/IEC 17025 (Testing and Calibration Laboratories), ISO/IEC 17020 (Inspection Bodies), or ISO/IEC 17021-1 (Certification Bodies) frameworks—preferably in NABL/QCI/accreditation body contexts
- Real-world audit implementation experience—you've been on the ground during certification/accreditation cycles, not just supported from the sidelines
- Hands-on proficiency managing risk registers, CAPA (Corrective and Preventive Action) logs, nonconformance reports (NCR), and internal audit evidence
- Familiarity with regulatory compliance requirements such as DPDP Act 2023, RBI cybersecurity guidelines, SEBI IT framework, or sector-specific mandates
- Strong documentation skills and attention to detail in drafting policies, SOPs, control evidence, and audit-ready documentation
- Ability to interpret standards independently—you can read a framework document and translate it into actionable controls and evidence requirements
- Self-driven learner with the curiosity and discipline to master new frameworks, regulations, and compliance requirements as business needs evolve
You have all our desired qualities if you have:
- Professional certifications such as ISO 27001 Lead Auditor, ISO 27001 Lead Implementer, ISO 9001 Lead Auditor, CISA, or other relevant Lead Implementer certifications (certifications will help streamline our filtering process, but real implementation experience matters most)
- Exposure to or working knowledge of GDPR, CCPA, NIS Directive 2.0, SOC 2, PCI DSS, HIPAA, or NIST frameworks (we don't expect you to know them all; what matters is your ability to learn, interpret, and implement standards you haven't worked with before)
- Experience supporting CERT-In empanelment, NCIIPC/QCI audits, or NABL/ISO accreditation processes
- Exposure to OT/ICS security standards (IEC 62443) or medical device cybersecurity (IEC 81001-5-1, FDA premarket guidance)
- Familiarity with GRC platforms (e.g., Scrut, Sprinto,ServiceNow GRC, Archer, MetricStream) tools
- Strong communication skills with the ability to translate technical security findings into business risk language for leadership and clients
What you'll do at Payatu:
- Lead ISO 27001, ISO 277701, ISO 17025, ISO 17020, ISO 17021-1, and SOC 2, GDPR,DPDPA, implementation and audit readiness programs for clients and internal operations
- Conduct gap assessments, control maturity evaluations, and compliance roadmaps aligned with client business objectives
- Own and maintain risk registers, treatment plans, audit logs, and compliance dashboards
- Support pre-sales and client engagement by scoping GRC projects, drafting compliance proposals, and presenting audit findings
- Collaborate with technical teams (VAPT, Red Team, IoT Security) to ensure security findings are contextualized within compliance frameworks
- Prepare and present evidence packages for external audits, certification renewals, and regulatory inspections
- Stay current on evolving regulations, frameworks, and industry best practices in the Indian and global compliance landscape
Why Payatu?
Join a team that treats compliance not as a checklist, but as a strategic enabler. Work alongside India's top offensive security researchers while building frameworks that protect critical infrastructure, secure sensitive data, and empower clients to meet the highest assurance standards. Grow your expertise across diverse sectors, frameworks, and emerging regulations in one of India's most respected cybersecurity consulting firms.
Equal Opportunity: Payatu is committed to creating an inclusive environment for all employees. We celebrate diversity and are committed to building a team that represents a variety of backgrounds, perspectives, and skills.
Click on Apply to know more.