Lead Cybersecurity Governance, Risk, and Compliance (GRC) Specialist

Lead - Cybersecurity Audit & Assurance

Company Description

Organizations everywhere struggle under the crushing costs and complexities of “solutions” that promise to simplify their lives. To create a better experience for their customers and employees. To help them grow. Software is a choice that can make or break a business. Create better or worse experiences. Propel or throttle growth. Business software has become a blocker instead of ways to get work done.

There’s another option. Freshworks. With a fresh vision for how the world works.

At Freshworks, we build uncomplicated service software that delivers exceptional customer and employee experiences. Our enterprise-grade solutions are powerful, yet easy to use, and quick to deliver results. Our people-first approach to AI eliminates friction, making employees more effective and organizations more productive. Over 72,000 companies, including Bridgestone, New Balance, Nucor, S&P Global, and Sony Music, trust Freshworks’ customer experience (CX) and employee experience (EX) software to fuel customer loyalty and service efficiency. And, over 4,500 Freshworks employees make this possible, all around the world.

Fresh vision. Real impact. Come build it with us.

Job Description

The Lead GRC Cybersecurity professional will own and drive governance, risk, and compliance
programs across Freshworks. This role partners closely with engineering, cloud operations,
product, legal, and business teams to ensure regulatory, customer, and certification
requirements are met at scale. The role also serves as a primary interface with external auditors
and internal stakeholders while strengthening security assurance across cloud, Kubernetes, and
AI-driven systems.

Roles & Responsibilities

Governance and Compliance
• Lead and manage compliance programs for ISO 27001, SOC, PCI DSS, and Cyber Essentials
• Own end to end audit lifecycle including planning, evidence readiness, walkthroughs, and
closure
• Interpret control requirements and translate them into practical, scalable processes
• Maintain compliance documentation, policies, risk registers, and control narratives
Audit and Stakeholder Management
• Act as the primary point of contact for external auditors and certification bodies
• Coordinate cross functional teams for timely evidence collection and validation
• Provide clear, concise, and executive ready compliance reports and dashboards
• Drive continuous improvement based on audit findings and risk assessments

Risk Management
• Identify, assess, and track cybersecurity and technology risks across cloud and product
environments. Facilitate risk reviews with business and technical leadership
• Ensure risk treatment plans are practical, tracked, and aligned with business priorities

Cloud, Platform, and AI Security
• Demonstrate strong understanding of cloud concepts and shared responsibility models
• Work closely with engineering teams on security controls for cloud and Kubernetes
environments
• Understand AI security fundamentals, including LLM architectures, data risks, prompt injection,
and model misuse
• Support governance and risk frameworks for AI-enabled features and platforms

Communication and Leadership
• Enable strong interdepartment collaboration across security, engineering, legal, IT, and
compliance
• Mentor and guide junior GRC team members
• Represent the GRC function with confidence to senior leadership and customers

Qualifications

• 8 to 15 years of experience in cybersecurity GRC roles
• Strong experience in report writing and executive level communication
• Proven experience interfacing with auditors and regulators
• Hands on experience managing ISO 27001, SOC 2, and PCI audits
• Strong understanding of cloud security principles and Kubernetes environments
• Working knowledge of AI security concepts, LLM risks, and governance considerations
• Ability to drive evidence collection across distributed and global teams
• Preferred Qualifications
• Prior experience in SaaS or cloud native organizations
• Certifications such as CISA, ISO 27001 Lead Implementer or Auditor, CISSP, or CISM

Preferred Qualifications

• Prior experience in SaaS or cloud native organizations
• Certifications such as CISA, ISO 27001 Lead Implementer or Auditor, CISSP, or CISM

Additional Information

What Success Looks Like in This Role

• Proactively own and manage Certification cycles
• Strong audit readiness culture across engineering and business teams
• Clear visibility of risk posture for leadership
• Scalable and future-ready GRC programs aligned with cloud and AI adoption

At Freshworks, we have fostered an environment that enables everyone to find their true potential, purpose, and passion, welcoming colleagues of all backgrounds, genders, sexual orientations, religions, and ethnicities. We are committed to providing equal opportunity and believe that diversity in the workplace creates a more vibrant, richer environment that boosts the goals of our employees, communities, and business. Fresh vision. Real impact. Come build it with us.

Experience Level

Senior Level