Ground every answer in facts on this page and the original listing. We never invent Glassdoor-style reviews or salaries that are not in our data.
Website: observeai.com
Public cache only — not an employee review.
Observe.AI is hiring a full-time GRC Leader in Bengaluru to take ownership of our external audit lifecycle and build a compliance program that scales with one of the fastest-growing AI platforms in customer experience. About the Role As GRC Leader at Observe.AI, you will report to the Head of Information Security and stand up our governance, risk, and compliance practice from the foundation upward. This Bengaluru-based, on-site position puts you at the center of safeguarding our platform, protecting customer data, and upholding regulatory standing across a community of 80 million members. You will partner daily with Engineering, Legal, Security Operations, and Customer Success to make sure Observe.AI consistently surpasses what customers and regulators expect. Key Responsibilities Drive the complete external audit lifecycle — SOC 2 Type II, PCI DSS Level 1, ISO 27001, HITRUST r2, HIPAA, and GDPR/CCPA — from scoping and evidence gathering through report issuance and remediation follow-through. Act as the main liaison for auditors, certification bodies, and assessors, coordinating schedules, evidence requests, and communications. Rally internal teams across Engineering, DevOps, Legal, HR, and Finance to deliver accurate audit evidence on time. Track findings, steer remediation plans to closure, and keep the organization audit-ready year-round through continuous control monitoring and evidence automation. Author the GRC strategy, compliance roadmap, and a unified multi-framework control library that anticipates emerging rules such as the EU AI Act. Lead enterprise risk assessments, maintain the risk register, run gap analyses, and evaluate third-party and vendor risk, including sub-processor inventories and DPAs. Respond to customer security questionnaires, support Sales in compliance-driven deals, and keep the Trust Center (trust.observe.ai) current. Qualifications 9+ years across GRC, security compliance, or audit, including 3+ years directly managing external audits as an auditee. Hands-on leadership of SOC 2 Type II, PCI DSS, ISO 27001, and HITRUST audits, plus working knowledge of HIPAA and GDPR/CCPA. Deep command of control frameworks such as NIST CSF, CIS Controls, ISO 27001 Annex A, and HITRUST CSF, and how they map across standards. SaaS experience handling sensitive data; contact center, fintech, or healthcare exposure is a strong advantage. Fluency with GRC automation tools like…
Generated for personal interview prep · 2026-07-15 UTC · getajob.ai