Information Security & Compliance Lead (GRC)

Information Security & Compliance Lead (GRC)

Location: Gurgaon (Work from Office)

Experience: 4–6 years

Reporting to: Founder / Engineering Leadership

About Infra360.io

Infra360.io is a cloud, DevOps, and infrastructure services company helping fast-growing start-ups and enterprises build secure, scalable, and compliant cloud platforms across AWS, Azure, and GCP.

As our clients mature, security and compliance are becoming critical enablers for growth, enterprise sales, and trust.

We are looking for an Information Security & Compliance Engineer (GRC) who can own day-to-day compliance execution and work closely with engineering and client teams.

Role Overview

This is a hands-on execution role, not a purely advisory or audit-only position.

You will be responsible for implementing, maintaining, and supporting multiple security compliance programs while collaborating with DevOps, SRE, and client stakeholders.

Key Responsibilities

Compliance & Governance

• Own and support compliance programs, including ISO 27001 (ISMS), SOC 2 (Type I & II), HIPAA readiness, PCI DSS (scope & coordination), GDPR (policies, DPIA, vendor risk), NIST CSF mappings
• Coordinate internal and external audits end-to-end
• Manage audit evidence collection and documentation
• Maintain risk registers and track remediation actions

Security Policies & Documentation

• Draft, update, and maintain:
• Information Security policies
• Access control & IAM policies
• Incident response & BCP/DR documentation
• Ensure policies are practical and aligned with engineering workflows

Cloud & DevOps Collaboration

• Work closely with DevOps/SRE teams to:
• Implement security controls in cloud environments (AWS/Azure/GCP)
• Review IAM, network security, logging, and monitoring controls
• Support DevSecOps initiatives (CI/CD security, secrets management)

Client & Stakeholder Interaction

• Respond to client security questionnaires (SIG, CAIQ, custom formats)
• Support sales and pre-sales teams on security and compliance discussions
• Coordinate with clients and vendors on security assessments

Required Skills & Experience

Must-Have

• 4–6 years of experience in Information Security, GRC, or Compliance
• Hands-on experience with ISO 27001 implementation
• Hands-on experience with SOC 2 Type I (Type II is a strong plus)
• Experience working with external auditors
• Strong documentation and communication skills
• Basic to intermediate understanding of cloud security concepts

Good-to-Have

• Exposure to HIPAA, PCI DSS, or GDPR
• Experience with AWS, Azure, or GCP environments
• Familiarity with NIST frameworks
• Experience in startups, SaaS, fintech, or cloud services companies
• Certifications (Nice to Have)
• ISO 27001 Lead Implementer or Lead Auditor
• CISA / CISSP / CCSP (any one is a plus)
• PCI DSS Implementer (rare, strong advantage)

Who Will Be a Good Fit

• Hands-on and execution-focused
• Comfortable working in a fast-moving environment
• Able to collaborate with engineering teams
• Willing to learn and grow into a lead role over time
• Not afraid of audits, documentation, or client-facing discussions

Growth Opportunity

• Opportunity to grow into Security & Compliance Manager
• Play a key role in shaping infra360.io’s security practice
• High exposure to enterprise clients and cloud-native environments