[Hiring] Practice Lead - GRC Assurance @Sprinto

Role Description

Sprinto is building a Managed Services wing that will evolve from framework digitisation into a broader services portfolio, including:

• Implementation consulting
• Risk & privacy assessments
• Policy reviews
• Internal audits
• Security assurance programs

This leader will build the function from the ground up with strong governance, repeatability, and commercial accountability.

What you’ll do:

• Build the function
• Create delivery operating model: intake, scoping, SOWs, QA, SLAs, change control, and reporting.
• Build reusable IP: templates, playbooks, mapping libraries, workshop agendas, and QA rubrics.
• Hire and lead a team of specialists; build service-line pods over time.
• Deliver and scale service lines (phased):
  • Phase 1: framework digitisation & control/check mapping inside Sprinto.
  • Phase 2: packaged services for risk assessment, privacy (DPIA), policy review, internal audits, and audit readiness support.
  • Phase 3: scale into security assurance programs and partner-led offerings (e.g., VAPT program management, vendor governance, QA, and customer outcomes).
• Own commercial outcomes:
  • Define service packaging and pricing models (fixed-fee tiers, retainer options where relevant).
  • Own utilization, margins, capacity planning, delivery forecasting, and predictable throughput.
  • Partner with Sales/SE/CS to attach services appropriately and improve enterprise deal conversion + retention.
• AI-enabled service productisation:
  • Create “AI-assisted playbooks” for repeatable services (DPIA, risk assessment, policy review, internal audit checklists).
  • Build structured input forms/checklists that juniors can fill out, enabling consistent output.
  • Define QA guardrails (mandatory source inputs, validation steps, human approval gates).
  • Maintain an internal library of prompts/templates and continuously improve them based on audit/customer feedback.
• Ensure quality and manage risk:
  • Establish acceptance criteria and review mechanisms for deliverables.
  • Define boundaries and disclaimers to avoid uncontrolled liability.
  • Build partner qualification standards and a QA framework for third-party-delivered services.

Qualifications

• 8–10+ years in GRC/security consulting, audit/advisory, or building managed compliance programs.
• Demonstrated experience building/scaling a services practice or delivery org (0→1 to repeatable).
• Strong experience with enterprise customers and multi-stakeholder delivery.
• Domain mastery in ISO 27001, SOC 2, GDPR; strong risk assessment experience.
• Hands-on experience with privacy assessments (DPIA).
• Comfort with complex frameworks like FedRamp, HITRUST, NIST family and regional regulations.
• Proficiency in building AI-enabled workflows.
• Demonstrated ability to use AI tools (e.g., ChatGPT-style workflows) to reduce manual effort and standardize deliverables.
• Ability to translate domain expertise into reusable templates and guided systems.
• Strong judgment around accuracy, confidentiality, and review requirements.

Requirements

• Ability to productize services (packages, deliverables, QA, SLAs).
• Strong commercial ownership: pricing, margins, capacity planning.
• Excellent written communication and workshop leadership.
• Strong decision-making in ambiguity, without scope creep.

Preferred

• Prior leadership of multi-service GRC offerings (risk, privacy, internal audits, readiness).
• Experience in auditing and implementing GRC frameworks.
• Certifications (good to have): ISO 27001 LA/LI, CISA, CISM, CISSP or PCI QSA.

Success metrics

• Services revenue growth trajectory toward the long-term contribution target.
• Delivery cycle time, rework rate, QA pass rate, customer satisfaction.
• Utilisation and gross margin improvement via reuse and standardisation.
• Attach rate (services + product), deal unblock impact, retention uplift.

Benefits

• Work wherever you are: 100% remote, choose your workspace.
• Co-working on the house: annual allowance of up to INR 14,000 for social working.
• We care about your learning: USD 1000 annually to help you level up your skills.
• Unlimited leaves for personal resets.
• Health insurance with coverage up to INR 10 lakh for you and your family.
• Accident protection of an additional INR 10 lakh.
• Life insurance worth 3× your annual salary.
• Workspace setup assistance of INR 35,000 to create your ideal work environment.