RemoteLeaf Logo
Log in Sign up

Principal InfoSec GRC Specialist (Contract / Permanent)

1 day, 21 hours ago
India
Full-time
Lead
Penetration Tester
Cybersecurity
AWS Azure GCP HIPAA SOC
Apply Now
Velsera

Velsera

Velsera provides AI-enhanced software and expert services for clinical genomics implementation, focusing on multimodal data analysis, IVD validation, clinical NGS reporting, and drug discovery workflows to support the advancement of precision medicine.

Pharmaceuticals
251-1K
Founded 2023
View All Jobs 10

Description

  • Bring security-by-design principles into product development activities.
  • Manage the GRC program and define the roadmap for governance, risk management, and compliance maturity.
  • Lead and mature the Information Security Management System, including risk treatment, internal audits, and external certification audit readiness.
  • Serve as the subject matter expert for FedRAMP, HIPAA, and the ISO 27001 family, including 27017 and 27018 for cloud security.
  • Develop and revise enterprise security policies, standards, and control frameworks to align with regulatory requirements and business objectives.
  • Manage GRC activities efficiently by leveraging automation where possible.
  • Lead FedRAMP authorization efforts, including readiness, assessment, and continuous monitoring, while coordinating with 3PAOs and government agencies.
  • Provide technical guidance to Cloud Engineering, Security Operations, DevOps, and Product teams on implementing and documenting required controls in AWS, Azure, or GCP.
  • Oversee complex risk assessments such as BIA, PIA, and data flow mapping, and manage residual risk across the enterprise.
  • Handle customer and partner security due diligence requests and contract reviews, and escalate critical risks to senior leadership.
  • Collaborate with Legal, Internal Audit, Product Management, and Tech Leadership as the primary InfoSec GRC liaison.
  • Mentor junior GRC team members and help strengthen internal capabilities.

Requirements

  • 12+ years of experience in cloud security and GRC.
  • Proven ability to achieve and maintain FedRAMP Moderate or High compliance.
  • Deep familiarity with NIST SP 800-53 controls.
  • Expert hands-on knowledge of HIPAA, SOC, and FedRAMP controls.
  • Strong understanding of cloud service provider security models and compliance controls in complex cloud architectures.
  • Bachelor's or Master's degree in Information Security, IT, Computer Science, or a related technical field.
  • Must hold one or more of the following: CISSP, FedRAMP-specific certification or equivalent practical experience, CCSP, or CCSK.
  • Experience supporting or leading FedRAMP authorization activities, including readiness, assessment, or continuous monitoring.
  • Experience working across cloud environments such as AWS, Azure, or GCP.
  • Preferred: significant practical experience with C3PAO assessor training or similar FedRAMP-specific work.

Benefits

  • Flexible hybrid work model.
  • Unlimited paid time off.
  • Comprehensive group medical insurance.
  • Comprehensive life insurance.
  • 24/7 Employee Assistance Program for mental health and wellness support.
  • Continuous learning and development programs.
  • Structured reward programs and recognition campaigns.
  • Team events, celebrations, and engaging workplace activities.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Infosys

SAP Security/GRC Consultant- Spain

Infosys 100K+ Internet Software & Services

Infosys Consulting is hiring a SAP Security/GRC Consultant to advise clients on SAP security risk, governance, and compliance initiatives across implementation and transformation projects.

Spain Full-time Senior Penetration Tester
Agile HIPAA JIRA Scrum Splunk
10 hours, 2 minutes ago
Pierce

ServiceNow IRM Consultant

Pierce 11-50 Professional Services

Pierce Technology Corp is hiring a ServiceNow IRM Consultant to implement and optimize Integrated Risk Management solutions that support risk management and regulatory compliance for client organizations.

United States Contract Senior Penetration Tester Technical Project Manager
JavaScript
1 day ago
K

Senior Industrial Security Specialist (TS//SCI, CI Poly)

K2 Space Corporation 51-200 Defense and Space Manufacturing

K2 Space is hiring a Senior Industrial Security Specialist to build and run its classified security program supporting satellite development and secure facilities as the company scales its space operations.

United States Full-time Lead Penetration Tester
$175k-$220k
Cybersecurity
1 day, 2 hours ago
Clover Health

Director, Governance, Risk, and Compliance (GRC)

Clover Health 251-1K Insurance

Clover Health is hiring a Director of Governance, Risk, and Compliance to lead enterprise security governance, regulatory readiness, and resilience efforts for its public, technology-enabled healthcare business.

United States Full-time Lead Penetration Tester
$212k-$230k
HIPAA
1 day, 8 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers