InfoSec Risk & Compliance

Netradyne harnesses the power of Computer Vision and Edge Computing to revolutionize the modern-day transportation ecosystem. We are a leader in fleet safety solutions. With growth exceeding 4x year over year, our solution is quickly being recognized as a significant disruptive technology. Our team is growing, and we need forward-thinking, uncompromising, competitive team members to continue to facilitate our growth. JOB DESCRIPTION Senior/Staff Engineer – InfoSec Risk & Compliance Location: Bengaluru, India | Department: Information Security Experience Level: 6-9+ years | Employment Type: Full-Time, Permanent   Lead compliance transformation and security governance scaling at Netradyne. Own enterprise GRC platform implementation, manage multi-framework audits (ISO 27001/42001, SOC 2, HIPAA), and drive customer compliance acceleration enabling enterprise revenue growth.   KEY RESPONSIBILITIES Facilitate Audit & Certification Drive ISO 42001 (AI governance), SOC 2 Type II, RED Directive EN 18031, ISO 27001, HIPAA programs Design vendor risk assessment program with SLA enforcement Manage external audits and certification timelines GRC Platform Implementation Lead enterprise GRC tool deployment and configuration across all frameworks Build automated evidence collection, remediation tracking, and compliance reporting Create executive risk dashboards and governance reporting Customer Compliance & Revenue Build RFP/RFI response framework reducing turnaround to Develop customer-facing Trust Centre portal reducing RFP volume Manage customer security questionnaires and account support Risk Optimization & International Support Design quarterly self-assessment (QSA) process via GRC automation Maintain AI risk register (model degradation, bias, privacy risks) Support 15-country compliance expansion (GDPR, local regulations)   REQUIRED QUALIFICATIONS Education & Certifications Bachelor’s/master’s degree in information security, Computer Science, or related field Active professional certification: CISSP, CCSP, CISM, CCSK, ISO 27001/42001 Lead Auditor, or equivalent Demonstrated audit Senior/Staff: ISO 27001 and/or SOC 2 field audit participation (2+ cycles)         Core Technical Competencies (Must Have) Competency Required Experience ISO 27001 / 27701 / 42001 Led 2+ audit cycles; AI governance frameworks SOC 2 Type II / HIPAA / GDPR Field audit experience; PII/ePHI handling; breach notification GRC Platforms Implementation/administration (Archer, ServiceNow, Audit Board, Sprinto, Scrut, OneTrust) Risk Management Risk scoring, control testing, BIA, vendor assessment design Cloud Security AWS/Azure IAM, encryption, compliance configurations, CIS/CSA frameworks Compliance Automation Python/Bash/PowerShell scripting; RPA; process automation workflows Network & Infrastructure OSI/TCP-IP, VPN, DLP, CASB, SDWAN, zero-trust architecture Vulnerability Management Risk scoring (CVSS), remediation SLAs, patch compliance   KNOWLEDGE & PROFESSIONAL SKILLS Technical Skills: (Should Have) Enterprise Resilience:Design BCP/DR, failover testing, 24/7 uptime SLAs for multi-region expansion AI Security:Threat modelling, adversarial attack scenarios, responsible AI assurance (ISO 42001) Cloud Compliance:Data classification, multi-region governance, DLP enforcement, CloudTrail/Azure Logs monitoring Infrastructure-as-Code:Terraform/CloudFormation for audit-trail automation API Integration:REST APIs for GRC, ticketing systems, SIEM/DLP tool integration   Preferred:  IoT/embedded systems (RED Directive), RPA, network-layer authentication (RADIUS/LDAP), certificate management   Professional: Collaborate with cross-functional teams (IT, Engineering, Sales, Device, Finance, Legal, Privacy, HR) for compliance alignment Lead GRC platform implementation and governance workflow design Communicate risk and compliance status to executive leadership and board Support 24/7 on-call rotation for security incidents and emergencies Continuous learning mindset; ability to adopt emerging compliance frameworks (AI governance, new regulations) We are committed to an inclusive and diverse team. Netradyne is an equal-opportunity employer. We do not discriminate based on race, color, ethnicity, ancestry, national origin, religion, sex, gender, gender identity, gender expression, sexual orientation, age, disability, veteran status, genetic information, marital status, or any legally protected status. If there is a match between your experiences/skills and the Company's needs, we will contact you directly. Netradyne is an equal-opportunity employer. Applicants only - Recruiting agencies do not contact. Recruitment Fraud Alert! There has been an increase in fraud that targets job seekers. Scammers may present themselves to job seekers as