The Lead GRC Cybersecurity professional will own and drive governance, risk, and compliance programs across Freshworks. This role partners closely with engineering, cloud operations, product, legal, and business teams to ensure regulatory, customer, and certification requirements are met at scale. The role also serves as a primary interface with external auditors and internal stakeholders while strengthening security assurance across cloud, Kubernetes, and AI-driven systems. Roles & Responsibilities Governance and Compliance • Lead and manage compliance programs for ISO 27001, SOC, PCI DSS, and Cyber Essentials • Own end to end audit lifecycle including planning, evidence readiness, walkthroughs, and closure • Interpret control requirements and translate them into practical, scalable processes • Maintain compliance documentation, policies, risk registers, and control narratives Audit and Stakeholder Management • Act as the primary point of contact for external auditors and certification bodies • Coordinate cross functional teams for timely evidence collection and validation • Provide clear, concise, and executive ready compliance reports and dashboards • Drive continuous improvement based on audit findings and risk assessments Risk Management • Identify, assess, and track cybersecurity and technology risks across cloud and product environments. Facilitate risk reviews with business and technical leadership • Ensure risk treatment plans are practical, tracked, and aligned with business priorities Cloud, Platform, and AI Security • Demonstrate strong understanding of cloud concepts and shared responsibility models • Work closely with engineering teams on security controls for cloud and Kubernetes environments • Understand AI security fundamentals, including LLM architectures, data risks, prompt injection, and model misuse • Support governance and risk frameworks for AI-enabled features and platforms Communication and Leadership • Enable strong interdepartment collaboration across security, engineering, legal, IT, and compliance • Mentor and guide junior GRC team members • Represent the GRC function with confidence to senior leadership and customers ## Qualifications - 8 to 15 years of experience in cybersecurity GRC roles - Strong experience in report writing and executive level communication - Proven experience interfacing with auditors and regulators - Hands on experience managing ISO 27001, SOC 2, and PCI audits - Strong understanding of cloud security principles and Kubernetes environments - Working knowledge of AI security concepts, LLM risks, and governance considerations - Ability to drive evidence collection across distributed and global teams - Preferred Qualifications - Prior experience in SaaS or cloud native organizations - Certifications such as CISA, ISO 27001 Lead Implementer or Auditor, CISSP, or CISM Preferred Qualifications - Prior experience in SaaS or cloud native organizations - Certifications such as CISA, ISO 27001 Lead Implementer or Auditor, CISSP, or CISM ## Additional Information What Success Looks Like in This Role - Proactively own and manage Certification cycles - Strong audit readiness culture across engineering and business teams - Clear visibility of risk posture for leadership - Scalable and future-ready GRC programs aligned with cloud and AI adoption At Freshworks, we have fostered an environment that enables everyone to find their true potential, purpose, and passion, welcoming colleagues of all backgrounds, genders, sexual orientations, religions, and ethnicities. We are committed to providing equal opportunity and believe that diversity in the workplace creates a more vibrant, richer environment that boosts the goals of our employees, communities, and business. Fresh vision. Real impact. Come build it with us.