Lead - Cybersecurity Audit & Assurance

The Lead GRC Cybersecurity professional will own and drive governance, risk, and compliance
programs across Freshworks. This role partners closely with engineering, cloud operations,
product, legal, and business teams to ensure regulatory, customer, and certification
requirements are met at scale. The role also serves as a primary interface with external auditors
and internal stakeholders while strengthening security assurance across cloud, Kubernetes, and
AI-driven systems.

Roles & Responsibilities

Governance and Compliance
• Lead and manage compliance programs for ISO 27001, SOC, PCI DSS, and Cyber Essentials
• Own end to end audit lifecycle including planning, evidence readiness, walkthroughs, and
closure
• Interpret control requirements and translate them into practical, scalable processes
• Maintain compliance documentation, policies, risk registers, and control narratives
Audit and Stakeholder Management
• Act as the primary point of contact for external auditors and certification bodies
• Coordinate cross functional teams for timely evidence collection and validation
• Provide clear, concise, and executive ready compliance reports and dashboards
• Drive continuous improvement based on audit findings and risk assessments

Risk Management
• Identify, assess, and track cybersecurity and technology risks across cloud and product
environments. Facilitate risk reviews with business and technical leadership
• Ensure risk treatment plans are practical, tracked, and aligned with business priorities

Cloud, Platform, and AI Security
• Demonstrate strong understanding of cloud concepts and shared responsibility models
• Work closely with engineering teams on security controls for cloud and Kubernetes
environments
• Understand AI security fundamentals, including LLM architectures, data risks, prompt injection,
and model misuse
• Support governance and risk frameworks for AI-enabled features and platforms

Communication and Leadership
• Enable strong interdepartment collaboration across security, engineering, legal, IT, and
compliance
• Mentor and guide junior GRC team members
• Represent the GRC function with confidence to senior leadership and customers