Principal GRC Specialist

Velsera

Pune, Maharashtra
Permanent
Full-time

15 days ago
Apply easily

About VelseraMedicine moves too slow. At Velsera, we are changing that.Velsera was formed in 2023 through the shared vision of Seven Bridges and Pierian, with a mission to accelerate the discovery, development, and delivery of life-changing insights.Velsera provides software and professional services for:

AI-powered multimodal data harmonization and analytics for drug discovery and development
IVD development, validation, and regulatory approval
Clinical NGS interpretation, reporting, and adoption

With our headquarters in Boston, MA, we are growing and expanding our teams located in different countries!What will you do?Governance and Policy Development

Develop, implement, and maintain governance policies, SOPs, and related documentation.
Ensure all policies align with industry standards (e.g., FedRAMP, NIST SP 800-53, ISO 27001 family, and HIPAA).
Monitor policy effectiveness and recommend updates based on organizational changes or regulatory updates.

Risk Management

Conduct risk assessments to identify vulnerabilities, threats, and compliance gaps.
Collaborate with cross-functional teams to design and implement remediation strategies.
Maintain risk registers and monitor mitigation efforts.

Compliance Oversight

Support the organization in achieving and maintaining FedRAMP certification.
Manage periodic audits, security assessments, and readiness activities for compliance frameworks.
Track and report on compliance metrics, audit findings, and resolution status.

Training and Awareness

Develop and deliver training programs to enhance employee understanding of compliance policies and procedures.
Act as a point of contact for compliance-related queries within the organization.

Incident Response and Reporting

Support incident response processes to ensure effective investigation and reporting of compliance-related incidents.
Collaborate with stakeholders to implement corrective actions and prevent recurrence.

Vendor and Third-Party Risk Management

Assess third-party vendors for compliance with organizational policies and standards.
Ensure contracts include appropriate compliance requirements.

RequirementsWhat do you bring to the table?Education & Experience

Overall 12- 15 years of relevant experience
Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or related field (Master’s preferred).
3+ years of experience in governance, risk, and compliance roles, with specific experience in FedRAMP compliance.

Knowledge & Skills

Strong understanding of FedRAMP, NIST SP 800-53, ISO 27001, and other relevant frameworks.
Experience in drafting policies, procedures, and SOPs.
Familiarity with GRC tools and platforms (e.g., Archer, ServiceNow GRC).
Excellent communication and documentation skills.
Analytical mindset with attention to detail.

Certifications (Preferred)

Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
ISO 27001 Lead or Internal auditor

Benefits

Flexible Work & Time Off - Embrace hybrid work models and enjoy the freedom of unlimited paid time off to support work-life balance.
Health & Well-being - Access comprehensive group medical and life insurance coverage, along with a 24/7 Employee Assistance Program (EAP) for mental health and wellness support.
Growth & Learning - Fuel your professional journey with continuous learning and development programs designed to help you upskill and grow.
Recognition & Rewards - Get recognized for your contributions through structured reward programs and campaigns.
Engaging & Fun Work Culture - Experience a vibrant workplace with team events, celebrations, and engaging activities that make every workday enjoyable.
& Many More...

Velsera