GRC Manager

About the Company

Exotel is the emerging markets leading full-stack customer engagement platform and business-focused virtual telecom operator. Incorporated in 2011, Exotel's cloud-based product suite powers 50 million daily engagements across voice, video and messaging channels. Exotel powers unified customer engagement to over 6000 companies in 60+ countries, including India, Southeast Asia, the Middle East, and Africa. Today, some of the fastest-growing companies in the emerging markets (Ola, Swiggy, Flipkart, GoJek, Byjus, Urban Company, HDFC Bank, Zomato, Oyo, etc.) manage their customer engagement with Exotel's suite of communication APIs, Ameyos omnichannel contact centre (merger), and Cogno AI's conversational AI platform (acquisition) over the cloud. They're a $100 million Series D-funded company with $60 million in ARR.

About the Rol

e
Exotel GRC team drives risk management and compliance within the organisation, supporting Exotel and its product portfolio. We are looking for a GRC Manager with experience in compliance and security to help protect and enable Exotel products and services. The GRC works as a line of defence by periodic audits against all the control owners, the platform team, the Security team and the Engineering stakeholder

s.
Responsibilit

• ies
  Customer Trust Assurance Leadership: Develop and execute the strategy for Customer Trust Assurance, ensuring our security and compliance posture consistently meets and exceeds the expectations of a sophisticated client base, especially BFSI institutions. Serve as the primary customer-facing security and compliance expert, engaging directly with clients security, audit, and procurement teams to present our controls, address concerns, and foster long-term trust. Maintain and continuously update a comprehensive Trust Portal or similar resource containing all relevant compliance documentation, certifications, and security white papers for client consumpt
• ion.Client Audit Management & Facilitation: Lead, coordinate, and manage all client-initiated audits, reviews, and due diligence activities, specifically focusing on BFSI clients stringent regulatory requirements. Own the end-to-end audit lifecycle, including scoping, internal readiness reviews, direct client communication, on-site/virtual facilitation, artifact gathering, and managing post-audit remediation plans. Translate complex client-specific audit requirements (e.g., related to GDPR, CCPA, ISO 27001, SOC 2, and BFSI regulations) into actionable tasks for internal security and engineering te
• ams.Risk Management: Conduct risk assessments and identify, analyse, and evaluate potential risks across all areas of the business. Develop and maintain a comprehensive risk register, including risk assessments, mitigation plans, and key risk indicators (KRIs). Monitor and report on key risks and emerging threats. Assist in the development and implementation of risk mitigation strategies and controls. Coordinate with teams on the Implementation of risk management strategies aligned with stakehold
• ers.Compliance: Ensure compliance with all applicable laws and regulations (e.g., data privacy laws, industry-specific regulations, cybersecurity frameworks like NIST CSF 2.0, ISO 27001:2022). Conduct internal audits and compliance reviews to identify and address any gaps. Manage regulatory reporting requirements and ensure timely submission of all necessary filings. Advise on and implement best practices for compliance with relevant standards (e.g., ISO 27001, SOC 2, Data Priva
• cy).Governance: Assist in the development and implementation of internal policies and procedures related to governance, risk, and compliance. Contribute to the development and maintenance of a strong control environment. Support the development and implementation of a robust ethics and compliance prog
• ram.Stakeholder Management: Collaborate with business units, IT, legal, and other stakeholders to identify and address risk and compliance issues. Communicate effectively with all levels of management on risk and compliance matters. Build and maintain strong relationships with internal and external auditors. Work under CISO and facilitate Audits like ISO 27001, audits and findings closure by follow-up with respective teams. Identify stakeholders and their roles, keep them informed of project progress, address their concerns, and implement their feedback. Work with team members and stakeholders to understand and identify work challenges and program goals, obtain prioritized deliverables, and discuss program impa
• cts.Continuous Improvement: Stay abreast of evolving regulatory requirements, industry best practices, and emerging threats. Continuously evaluate and improve the organisation's GRC framework and processes. Proactively identify and implement new GRC initiati

ves.

Qualific

• ations
  10+ years of experience in a GRC role, with a strong understanding of risk management frameworks, methodologies, and
• tools.Proven track record in a GRC, Information Security, or Audit role, with at least 3 years in a leadership or client-facing capacity. Extensive experience managing security audits from major BFSI clients is man
• datory.Deep understanding of BFSI compliance frameworks (e.g., FFIEC, GLBA, PCI DSS) and international standards (e.g., ISO 27001, SOC 2, HIPAA,
• NIST).Experience with one or more of the NIST CSF 2.0 framework, SOC2 Type2, ISO2700
• 1:2022.Strong communication and interpersonal skills, with the ability to effectively communicate complex information to both technical and non-technical aud
• iences.Experience working in a fast-paced and dynamic envir
• onment.3+ years of experience in technology risk, including one or more domains (e.g., access management, vulnerability management, change management, business continuity, application security, asset manag
• ement).2+ years of experience in effectively analysing data and programs for security risk, compliance, and ma
• turity.2+ years of program management experience in a corporate envir
• onment.Experience with Certifications for SOC2 Type 2, ISO2700

1:2022.

Preferr

• ed Skills
  CISSP, CISA, CISM, and CRISC certifications are
• desirable.Advanced degree and/or cert
• ification.Advanced program management skills, including planning, organising, pre-empting risks/blockers, and communicating with stakeholders to deliver successful programs or projects, while operating with minimal