Compliance & Risk Program Manager; GRC Lead

Qualgoisseekinga structured and strategic GRC Program Manager to drive our global security and governance initiatives. You will not just "participate" in audits; you will own the entire Governance, Risk, and Compliance ecosystem as a product. You will act as the "Project Commander," coordinating across Engineering, HR, Legal, and IT to ensure we satisfy every control while optimizing

IT value delivery.

Your immediate mandate is critical to the company's future. You are here to:

• Build a Strong Foundation with NIST: Move us beyond ad-hoc security by architecting a robust, scalable control environment based on the NIST Cybersecurity Framework (CSF) andNIST SP 800-53 .
• Achieve ISO Certification annually :
  
  Lead the end-to-end execution to get Qualgoformally certified in ISO 27001 (Security) and ISO 27701 (Privacy) within the current fiscal year .
• Get SOC 2 Ready :
  
  Simultaneously prepare the organization for SOC 2 Type I/II by implementing the Trust Services Criteria, ensuring we are fully audit-ready immediately following our ISO success.

Integrated Governance & Framework Architecture:

• Architect a Unified Control Framework :
  
  Map our internal controls to multiple standards (ISO 27001,
  NIST CSF , SOC
  2) and IT management frameworks (
  COBIT 2019, ITIL 4 ).
• NIST Implementation :specific focus on implementing the NIST CSF Tiers to measure our maturity progress from "Partial" to "Adaptive."
• Risk Governance (ERM) :
  
  Facilitate quarterly Risk Committee meetings. Move beyond "High/Medium/Low" heatmaps to quantitative risk assessments that drive business decisions.

Operational Domain Leadership (Deep Dive) :

• Change Management (The "Golden Thread") :

Own the Process :

Oversee the formal Change Management Policy to ensure it satisfies

SOC 2 (CC8.1) andISO 27001 (A.12.1.2) without slowing down engineering velocity.
Change Control Board (CAB) :

Facilitate

CAB meetings for high-risk infrastructre changes. Ensure all changes have back-out plans, testing evidence, and approvals linkedin

Jira.
Dev Ops Integration :

Work with Engineering to automate "Change Evidence" in CI/CD pipelines.

• Identity & Access Management (IAM) :
  
  Lead quarterly User Access Review (UAR) campaigns to track "Joiners, Movers, and Leavers."
• Asset Management :
  
  Validate the accuracy of the CMDB to ensure every asset is accounted for (NIST ).
• Business Continuity (BCDR) :
  
  Organize and grade annual Tabletop Exercises (TTX) to stress-test our resilience.

IT Service Management (ITSM) Alignment :

• Embed Security into ITIL :
  
  Work with IT Ops to ensure security controls are "baked in" to standard ITIL workflows (Incident Management, Problem Management).
• Service Level Management :
  
  Monitor internal SLAs for compliance tasks as if they were IT production services.

Program Management & Execution :

• Audit Command Center :
  
  Create the master project plan todeliver the ISO 27001/27701 certification audits annually .
• Readiness Drills :
  
  Conduct "Mock Audits" to stress-test our posture before the external auditor arrives.
• Continuous Improvement :
  
  Track Non-Conformities and Corrective Actions (CAPA). Lead Root Cause Analysis (RCA) when process failures occur.

Education: Bachelor's degree in Business, IT Management, Information Security, or related field.

Experience :

• 5+ years in GRC, Technical Program Management, or IT Governance.
• Mission Critical Experience :
  
  You must have successfully led an organization throughan initial
  
  ISO 27001 certification audit (not just surveillance).
• Proven experience building frameworks from scratch using NIST SP 800-53 or NIST CSF .
• Experience implementing or managing IT processes using ITIL and COBIT .

Framework Fluency :

• Deep knowledge of ISO 27001 and ISO 27701 .
• Strong familiarity with NIST CSF & SP 800-53 .
• Working knowledge of SOC 2 Trust Services Criteria .
• Understanding of ITIL (Service Lifecycle) and COBIT (Governance Objectives).

Certifications :

• Must Have one of :
  
  CISA, CISM, CRISC, or CGEIT.
• Highly Desired :
  
  ISO 27001 Lead Implementer, ITIL 4 Foundation, or COBIT Foundation.
• Project :
  
  PMP or Agile/Scrum certification.

Soft Skills :

• "
  The Driver ":
  
  You have the energy to push a complex certification project over the finish line within a tight timeline.
• "
  The Diplomat ":
  
  You can enforce strict Change Management rules without destroying relationships with Engineering.

Work on products that protect users’ data and make a real difference in people’s lives.

Great work deserves great rewards — enjoy competitive pay and recognition for contribution and impact you make.

Fuel your growth with hands‑on learning. Enjoy extra leaves, and premium healthcare for you and your family.

Collaborate, create, and celebrate — a modern workspace built for teamwork, fun, and innovation.

Work with stunning colleagues where creativity thrives, ideas are welcome, and every day brings new challenges and opportunities.