zeapl.ai
Website:
zeapl.ai
Job details:
Company Description
Zeapl.ai is an enterprise loyalty & communication engagement platform trusted by marquee brands in India and International markets.
Role Description
As a SOC 2 and ISO-certified SaaS company, we are seeking a GRC & Compliance Excellence Lead to strengthen, operationalize, and continuously enhance our governance, risk, and compliance framework.
This role is critical in ensuring that:
· Compliance is embedded into day-to-day workflows, not treated as a periodic activity
· Processes are consistently followed, measurable, and audit-ready
· The organization operates in a state of continuous audit readiness, not reactive compliance
The ideal candidate will bring strong hands-on audit ownership, process enforcement capability, and cross-functional execution experience.
Key Responsibilities
Compliance & Audit Management (Core Focus)
· Own and manage SOC 2 Type II and ISO 27001 surveillance audits
· Act as the primary SPOC for auditors (internal & external)
· Manage audit artifacts, evidence, and documentation
· Ensure continuous monitoring of control effectiveness
· Coordinate with client GRC / InfoSec teams for compliance reviews and approvals
· Lead client-facing GRC discussions, including presenting audit logs and compliance posture
Process Governance & Enforcement
· Review and strengthen existing SOPs and control frameworks
· Ensure adherence to defined processes across teams
· Introduce checkpoints, approvals, and governance mechanisms
· Identify and eliminate process gaps and bypass scenarios
Internal Audit & Continuous Monitoring
· Conduct quarterly internal audits and control testing
· Identify:
o Control failures
o Process deviations
o Risk exposure
o Drive timely closure of audit findings and observations
Risk & Incident Management
· Maintain and update the organizational risk register
· Track and manage:
· Data/security incidents
· Process failures
· Drive root cause analysis (RCA) and corrective/preventive actions
Access, Change & Control Reviews
· Conduct and monitor:
· Access management audits
· Change management reviews
· Control validations across systems and workflows
Business Process Maturity
· Improve and standardize processes across:
· Customer onboarding
· Data handling lifecycle
· Payment and finance workflows
· Access control and provisioning
· Drive automation of controls and audit evidence collection wherever feasible
Cross-functional Collaboration
· Work closely with:
· Engineering (access, infra, and security controls)
· Product (process and data handling alignment)
· HR (employee lifecycle controls)
· Finance (revenue and payment controls)
· Sales (contractual compliance)
· Conduct periodic training and awareness programs
Vendor & Third-Party Risk
· Manage vendor risk assessments and onboarding due diligence
· Ensure third-party compliance alignment with internal standards
Qualification & Experience
· 5–9 years of experience in GRC within SaaS, fintech, or IT environments
· Proven ownership of:
o SOC 2 and/or ISO 27001 audits (post-certification phase)
o Internal audits and control testing
· Demonstrated ability in:
o Enforcing controls and ensuring adherence across teams
o Implementing processes in live business environments
· Strong experience in:
o Policy and SOP design with practical implementation
o Risk assessment, mitigation planning, and incident management
· Experience with data privacy regulations (e.g., DPDP, GDPR), is preferable
· Understanding of product, application, or infrastructure audits
· Exposure to:
o Log monitoring, audit trails, and control validation mechanisms
o Access management and system-level controls
· Bachelor’s or Master’s degree in Business, Information Systems or related field
· Familiarity with:
o GRC / audit management tools
o Ticketing systems (e.g., Jira)
o Documentation platforms
· Certifications such as CISA, ISO 27001 Lead Auditor/Implementer, ISO 31000 are preferred
Click on Apply to know more.