About this role
The Lead GRC Cybersecurity professional will own and drive governance, risk, and compliance
programs across Freshworks. This role partners closely with engineering, cloud operations,
product, legal, and business teams to ensure regulatory, customer, and certification
requirements are met at scale. The role also serves as a primary interface with external auditors
and internal stakeholders while strengthening security assurance across cloud, Kubernetes, and
AI-driven systems.
Roles & Responsibilities
Governance and Compliance
• Lead and manage compliance programs for ISO 27001, SOC, PCI DSS, and Cyber Essentials
• Own end to end audit lifecycle including planning, evidence readiness, walkthroughs, and
closure
• Interpret control requirements and translate them into practical, scalable processes
• Maintain compliance documentation, policies, risk registers, and control narratives
Audit and Stakeholder Management
• Act as the primary point of contact for external auditors and certification bodies
• Coordinate cross functional teams for timely evidence collection and validation
• Provide clear, concise, and executive ready compliance reports and dashboards
• Drive continuous improvement based on audit findings and risk assessments
Risk Management
• Identify, assess, and track cybersecurity and technology risks across cloud and product
environments. Facilitate risk reviews with business and technical leadership
• Ensure risk treatment plans are practical, tracked, and aligned with business priorities
Cloud, Platform, and AI Security
• Demonstrate strong understanding of cloud concepts and shared responsibility models
• Work closely with engineering teams on security controls for cloud and Kubernetes
environments
• Understand AI security fundamentals, including LLM architectures, data risks, prompt injection,
and model misuse
• Support governance and risk frameworks for AI-enabled features and platforms
Communication and Leadership
• Enable strong interdepartment collaboration across security, engineering, legal, IT, and
compliance
• Mentor and guide junior GRC team members
• Represent the GRC function with confidence to senior leadership and customers
8 to 15 years of experience in cybersecurity GRC rolesStrong experience in report writing and executive level communicationProven experience interfacing with auditors and regulatorsHands on experience managing ISO 27001, SOC 2, and PCI auditsStrong understanding of cloud security principles and Kubernetes environmentsWorking knowledge of AI security concepts, LLM risks, and governance considerationsAbility to drive evidence collection across distributed and global teamsPreferred QualificationsPrior experience in SaaS or cloud native organizationsCertifications such as CISA, ISO 27001 Lead Implementer or Auditor, CISSP, or CISMPreferred Qualifications
Prior experience in SaaS or cloud native organizationsCertifications such as CISA, ISO 27001 Lead Implementer or Auditor, CISSP, or CISM What Success Looks Like in This Role
Proactively own and manage Certification cyclesStrong audit readiness culture across engineering and business teamsClear visibility of risk posture for leadershipScalable and future-ready GRC programs aligned with cloud and AI adoptionAt Freshworks, we have fostered an environment that enables everyone to find their true potential, purpose, and passion, welcoming colleagues of all backgrounds, genders, sexual orientations, religions, and ethnicities. We are committed to providing equal opportunity and believe that diversity in the workplace creates a more vibrant, richer environment that boosts the goals of our employees, communities, and business. Fresh vision. Real impact. Come build it with us.