Practice Lead - GRC Assurance

What you’ll do

Build the function

Create delivery operating model: intake, scoping, SOWs, QA, SLAs, change control, and reporting.

Build reusable IP: templates, playbooks, mapping libraries, workshop agendas, and QA rubrics.

Hire and lead a team of specialists; build service-line pods over time.

Deliver and scale service lines (phased)

Phase 1: framework digitisation & control/check mapping inside Sprinto.

Phase 2: packaged services for risk assessment, privacy (DPIA), policy review, internal audits, and audit readiness support.

Phase 3: scale into security assurance programs and partner-led offerings (e.g., VAPT program management, vendor governance, QA, and customer outcomes).

Own commercial outcomes

Define service packaging and pricing models (fixed-fee tiers, retainer options where relevant).

Own utilization, margins, capacity planning, delivery forecasting, and predictable throughput.

Partner with Sales/SE/CS to attach services appropriately and improve enterprise deal conversion + retention.

AI-enabled service productisation

Create “AI-assisted playbooks” for repeatable services (DPIA, risk assessment, policy review, internal audit checklists).

Build structured input forms/checklists that juniors can fill out, enabling consistent output.

Define QA guardrails (mandatory source inputs, validation steps, human approval gates).

Maintain an internal library of prompts/templates and continuously improve them based on audit/customer feedback.

Ensure quality and manage risk

Establish acceptance criteria and review mechanisms for deliverables.

Define boundaries and disclaimers to avoid uncontrolled liability.

Build partner qualification standards and a QA framework for third-party-delivered services.

What we’re looking for

Experience

8–10+ years in GRC/security consulting, audit/advisory, or building managed compliance programs.

Demonstrated experience building/scaling a services practice or delivery org (0→1 to repeatable).

Strong experience with enterprise customers and multi-stakeholder delivery.

Domain mastery

ISO 27001, SOC 2, GDPR; strong risk assessment experience.

Privacy assessments (DPIA) hands-on.

Comfort with complex frameworks like FedRamp, HITRUST, NIST family and regional regulations

Proficiency in building AI-enabled workflows

Demonstrated ability to use AI tools (e.g., ChatGPT-style workflows) to reduce manual effort and standardize deliverables.

Ability to translate domain expertise into reusable templates and guided systems.

Strong judgment around accuracy, confidentiality, and review requirements.

Operator strengths

Ability to productize services (packages, deliverables, QA, SLAs).

Strong commercial ownership: pricing, margins, capacity planning.

Excellent written communication and workshop leadership.

Strong decision-making in ambiguity, without scope creep.

Preferred

Prior leadership of multi-service GRC offerings (risk, privacy, internal audits, readiness).

Experience in auditing and implementing GRC frameworks

Certifications (good to have): ISO 27001 LA/LI, CISA, CISM, CISSP or PCI QSA.

Success metrics

Services revenue growth trajectory toward the long-term contribution target.

Delivery cycle time, rework rate, QA pass rate, customer satisfaction.

Utilisation and gross margin improvement via reuse and standardisation.

Attach rate (services + product), deal unblock impact, retention uplift.

How We Care For Our Sprinters :

• Work wherever you are: We’re 100% remote, so you get to choose if you want to work from home, cafe, hills or beaches.
• Co-working on the house: If co-working is your jam, we offer a generous annual allowance of up to INR 14,000* for social working.
• We care about your learning: We are invested in seeing you grow, and commit USD 1000 annually to help you level up your skills.
• We count your spark, not your leaves: We care about you not just as an employee, but as a person. So if you need a reset, make use of Unlimited leaves.
• Your Safety Net, Woven in: We take care of the what-ifs. From health insurance with coverage up to INR 10 lakh for you and your family, to accident protection of an additional INR 10 lakh, and life insurance worth 3× your annual salary, our benefits wrap you and your family in protection so you can focus on thriving.
• Workspace setup of your dreams: Work from anywhere, and if that’s home, we’ll chip in INR 35,000 to help you create a space that’s as effortless as your workflow. CX_POD