RemoteLeaf Logo
Log in Sign up

Principal InfoSec GRC Specialist (Contract / Permanent)

1 month ago
India
Full-time
Lead
Penetration Tester
Cybersecurity
AWS Azure GCP HIPAA SOC
Apply Now
Velsera

Velsera

Velsera provides AI-enhanced software and expert services for clinical genomics implementation, focusing on multimodal data analysis, IVD validation, clinical NGS reporting, and drug discovery workflows to support the advancement of precision medicine.

Pharmaceuticals
251-1K
Founded 2023
View All Jobs 8

Description

  • Bring security-by-design principles into product development activities.
  • Manage the GRC program and define the roadmap for governance, risk management, and compliance maturity.
  • Lead and mature the Information Security Management System, including risk treatment, internal audits, and external certification audit readiness.
  • Serve as the subject matter expert for FedRAMP, HIPAA, and the ISO 27001 family, including 27017 and 27018 for cloud security.
  • Develop and revise enterprise security policies, standards, and control frameworks to align with regulatory requirements and business objectives.
  • Manage GRC activities efficiently by leveraging automation where possible.
  • Lead FedRAMP authorization efforts, including readiness, assessment, and continuous monitoring, while coordinating with 3PAOs and government agencies.
  • Provide technical guidance to Cloud Engineering, Security Operations, DevOps, and Product teams on implementing and documenting required controls in AWS, Azure, or GCP.
  • Oversee complex risk assessments such as BIA, PIA, and data flow mapping, and manage residual risk across the enterprise.
  • Handle customer and partner security due diligence requests and contract reviews, and escalate critical risks to senior leadership.
  • Collaborate with Legal, Internal Audit, Product Management, and Tech Leadership as the primary InfoSec GRC liaison.
  • Mentor junior GRC team members and help strengthen internal capabilities.

Requirements

  • 12+ years of experience in cloud security and GRC.
  • Proven ability to achieve and maintain FedRAMP Moderate or High compliance.
  • Deep familiarity with NIST SP 800-53 controls.
  • Expert hands-on knowledge of HIPAA, SOC, and FedRAMP controls.
  • Strong understanding of cloud service provider security models and compliance controls in complex cloud architectures.
  • Bachelor's or Master's degree in Information Security, IT, Computer Science, or a related technical field.
  • Must hold one or more of the following: CISSP, FedRAMP-specific certification or equivalent practical experience, CCSP, or CCSK.
  • Experience supporting or leading FedRAMP authorization activities, including readiness, assessment, or continuous monitoring.
  • Experience working across cloud environments such as AWS, Azure, or GCP.
  • Preferred: significant practical experience with C3PAO assessor training or similar FedRAMP-specific work.

Benefits

  • Flexible hybrid work model.
  • Unlimited paid time off.
  • Comprehensive group medical insurance.
  • Comprehensive life insurance.
  • 24/7 Employee Assistance Program for mental health and wellness support.
  • Continuous learning and development programs.
  • Structured reward programs and recognition campaigns.
  • Team events, celebrations, and engaging workplace activities.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Label Your Data

Head of Security

Label Your Data 51-250 Internet Software & Services

Label Your Data is hiring a Head of Security to establish and lead its standalone security function, shaping operations and strategy for the company while collaborating with the group security team.

Ukraine Full-time Senior Penetration Tester
Cybersecurity SIEM
5 hours, 48 minutes ago
GuidePoint Security

Jr. Identity Security Metrics Consultant & Databricks Analyst

GuidePoint Security 251-1K Internet Software & Services

GuidePoint Security is seeking a Jr. Identity Security Metrics Consultant & Databricks Analyst to support federal identity security initiatives and produce data-driven reporting from identity platforms and Databricks.

United States Full-time Junior Data Analyst Penetration Tester
Cybersecurity Databricks Machine Learning
7 hours, 14 minutes ago
Anduril Industries

Contractor Special Security Officer

Anduril Industries 1K-5K Aerospace & Defense

Anduril Industries is hiring a Contractor Special Security Officer (CSSO) to support SCI programs for the Intelligence Community and manage the security program for its secure work environment.

United States Full-time Mid Level Penetration Tester
$129k-$171k
16 hours, 53 minutes ago
Path Robotics

Manager, Governance, Risk and Compliance

Path Robotics 51-250 Automotive

Path Robotics is hiring a Cybersecurity GRC Manager to build and lead its enterprise governance, risk, and compliance program as the company scales into regulated markets.

United States Full-time Senior Penetration Tester Program Manager
AWS Azure Cybersecurity GCP
23 hours, 37 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers