Staff GRC Engineer - Audits & Compliance

About Us

Observe.AI is the AI Agents platform for customer experience, designed to help organizations deliver faster, smarter, and more efficient customer service at scale. The platform enables businesses to deploy specialized AI agents that autonomously execute work across the full CX lifecycle—from handling customer conversations to supporting frontline teams and optimizing operations.

Each AI agent is purpose-built for a specific role, equipped to understand context, make decisions, take action, and continuously improve outcomes. This allows organizations to increase resolution speed, elevate service quality, and reduce operational costs while empowering your frontline team to focus on higher-value work.

Built on a CX-native foundation, Observe.AI helps leading brands like DoorDash, Affordable Care, Signify Health, and Verida improve customer satisfaction, boost agent productivity, and deliver consistent, scalable performance across every customer interaction.

Why Join Us

The Security team at Observe.AI is responsible for protecting our platform, customer data, and regulatory standing across 80 million community members. Observe.AI maintains industry-leading compliances and certifications — including SOC 2 Type II, PCI DSS Level 1, ISO 27001, HITRUST r2, HIPAA, GDPR/CCPA, and EU AI Act — and is seeking a seasoned GRC professional to own the external audit lifecycle and continuously strengthen our compliance posture.As a senior member of the GRC function, you will report to the Head of Information Security and have the opportunity to lead the compliance program from the ground up. You will work cross-functionally with Engineering, Legal, Security Operations, and Customer Success to ensure Observe.AI exceeds customer and regulatory expectations

What you’ll be doing

External Audit Management & Leadership

• Own the end-to-end lifecycle for all external audits — SOC 2 Type II, PCI DSS Level 1, ISO 27001, HITRUST r2, HIPAA, GDPR/CCPA — from scoping and evidence collection through report issuance and remediation tracking.
• Serve as the primary point of contact for external auditors, certification bodies, and assessors; manage audit schedules, evidence requests, and auditor communications.
• Coordinate internal stakeholders (Engineering, DevOps, Legal, HR, Finance) to gather timely and accurate audit evidence.
• Manage audit findings and observations; drive remediation plans to closure within agreed timelines.
• Maintain audit-ready posture year-round through continuous control monitoring and evidence automation.
• Track and report audit status, risks, and findings to the VP of Information Security and executive leadership.

Compliance Program Strategy & Roadmap

• Develop and document Observe.AI's GRC strategy, compliance roadmap, and multi-framework control library aligned to SOC 2, PCI DSS, ISO 27001, HITRUST, HIPAA, GDPR, CCPA, and emerging regulations such as the EU AI Act
• Stay current on evolving regulatory and certification requirements relevant to AI-powered SaaS products operating in financial services, healthcare, and contact center industries
• Design and implement a GRC program that scales with Observe.AI's rapid growth, including automation of evidence collection via GRC tooling (e.g., Vanta, Drata, or equivalent)
• Develop and maintain policies, standards, and procedures that satisfy multiple compliance frameworks through a unified control set

Risk Management & Control Assessment

• Lead enterprise risk assessments and maintain a risk register; prioritize controls based on risk impact and regulatory exposure.
• Conduct gap analyses against new frameworks and certification requirements; propose remediation roadmaps.
• Assess third-party and vendor risk; manage sub- processor inventory and data processing agreements (DPAs)
• Work with the Infrastructure Security team to validate technical controls — encryption, IAM, network segmentation, logging — against compliance requirements
• Perform control testing and walkthroughs in preparation for and between audit cycles

Customer & Stakeholder Trust

• Respond to customer security questionnaires (RFPs, vendor assessments) and support Sales in compliance-related deal cycles.
• Act as the compliance point of contact for customer audits and penetration test reviews
• Manage and maintain Trust Center (trust.observe.ai) accurate, up-to-date providing assurance and self service to Enterprise Customers

What you’ll bring to the role

• 9+ years of experience in GRC, information security compliance, or audit roles, with at least 3 years directly managing external audits.
• Hands-on experience leading SOC 2 Type II, PCI DSS, ISO 27001, and HITRUST audits as an auditee; HIPAA and GDPR/CCPA
• Deep knowledge of control frameworks (NIST CSF, CIS Controls, ISO 27001 Annex A, HITRUST CSF) and their mapping across multiple standards.
• Experience at a SaaS product company processing sensitive customer data; contact center, fintech, or healthcare-adjacent experience a significant plus.
• Proficiency with GRC automation platforms (Vanta, Drata, OneTrust, or similar) for evidence collection and continuous compliance monitoring.
• Strong project management skills — ability to run multiple concurrent audit programs and remediation tracks with cross-functional teams.
• Experience drafting and negotiating DPAs, BAAs, and security addenda with enterprise customers.
• Excellent written and verbal communication skills; able to translate technical control requirements into clear language for legal, finance, and executive audiences.
• Relevant certifications preferred: CISA, CISSP, CISM, CRISC, ISO 27001 Lead Auditor/Implementer, or PCI QSA/ISA.
• Comfort working cross-time-zone and with occasional off- hours availability for audit deadlines and customer escalations.

Perks & Benefits

• Excellent medical insurance options and free online doctor consultations
• Yearly privilege and sick leaves as per Karnataka S&E Act
• Generous holidays (National and Festive) recognition and parental leave policies
• Learning & Development fund to support your continuous learning journey and professional development
• Fun events to build culture across the organization
• Flexible benefit plans for tax exemptions (i.e. Meal card, PF, etc.)

Our Commitment to Inclusion and Belonging

Observe.AI is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. Observe AI does not make hiring or employment decisions on the basis of race, color, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender identity, sexual orientation, disability, age, military or veteran status, or any other basis protected by applicable local, state, or federal laws or prohibited by Company policy. Observe.AI also strives for a healthy and safe workplace and strictly prohibits harassment of any kind.

We welcome all people. We celebrate diversity of all kinds and are committed to creating an inclusive culture built on a foundation of respect for all individuals. We seek to hire, develop, and retain talented people from all backgrounds. Individuals from non-traditional backgrounds, historically marginalized or underrepresented groups are strongly encouraged to apply.

If you are ambitious, make an impact wherever you go, and you're ready to shape the future of Observe.AI, we encourage you to apply. For more information, visit www.observe.ai.