# Senior InfoSec GRC Specialist > Velsera · Pune, India · Full-time · Posted 2026-05-12 **Workplace:** on_site **Department:** Technology ## Description **About Velsera** Medicine moves too slow. At Velsera, we are changing that. Velsera was formed in 2023 through the shared vision of Seven Bridges and Pierian, with a mission to accelerate the discovery, development, and delivery of life-changing insights. Velsera provides software and professional services for: - AI-powered multimodal data harmonization and analytics for drug discovery and development - IVD development, validation, and regulatory approval - Clinical NGS interpretation, reporting, and adoption With our headquarters in Boston, MA, we are growing and expanding our teams located in different countries! ** What will you do?** Compliance & Governance - Develop, implement, and maintain comprehensive information security policies, standards, and procedures aligned with the ISO 27001 framework - Lead, manage, and mature the organization's Information Security Management System including risk treatment, internal audits, and readiness for external certification audits. - Serve as the subject matter expert (SME) for Security and Privacy Rules, ensuring compliance for all systems, processes, and applications handling PII and Protected Health Information (PHI). - Conduct continuous monitoring and evidence collection to demonstrate compliance with relevant frameworks. - Plan, conduct and manage internal and supplier audits - Plan GRC activities, prioritise and implement them in timebound manner. - Perform detailed security risk assessments and gap analyses on new and existing systems, with a focus on cloud infrastructure - Collaborate with Product, Technology, IT and Security teams to implement security controls into cloud / infra / environments, ensuring compliance. Provide technical guidance to them on implementing controls and best practices, specifically related to cloud security architecture and configurations. - Review risk mitigations periodically and track remediation efforts to closure. - Conduct third-party vendor risk assessments, focusing on their adherence to required compliance standards. - Develop and deliver targeted security awareness and training programs focused on HIPAA and ISO 27001 requirements for all staff, including technical teams. - Evaluate and recommend new security technologies and processes to enhance the compliance and risk posture. - Stay current on emerging cloud security threats, regulatory changes, and updates to the ISO 27001 family of standards and HIPAA. ## Requirements **What do you bring to the table?** · Experience: - Minimum of 8+ years of progressive experience in Information Security GRC, with a focus on risk management, compliance, and governance. - Proven, hands-on experience driving and maintaining ISO 27001 certification programs. - Deep practical knowledge and experience of implementing security controls ensuring compliance in a technical, cloud-centric environment. - Strong technical competency in Cloud Security (AWS, Azure, or GCP) and related cloud-native security services. - Education: Bachelor's degree in IT, Computer Science or related field. - Certifications (One or more highly preferred): - CISSP (Certified Information Systems Security Professional) - CISA (Certified Information Systems Auditor) - ISO 27001 Lead Implementer/Auditor - CCSK (Certificate of Cloud Security Knowledge) or equivalent Cloud-specific security certification (e.g., AWS Certified Security, Azure Security Engineer). - Hands-on experience with NIST 800-53 compliance frameworks is required. Soft Skills - Proficiency in written and verbal communication skills with the ability to translate complex security and compliance requirements / controls into clear actionable - Strong project management and organizational skills to handle multiple, simultaneous audit and compliance initiatives. - A collaborative and proactive mindset, with the ability to influence and lead cross-functional teams without direct authority. ## Benefits - Flexible Work & Time Off - Embrace hybrid work models and enjoy the freedom of unlimited paid time off to support work-life balance. - Health & Well-being - Access comprehensive group medical and life insurance coverage, along with a 24/7 Employee Assistance Program (EAP) for mental health and wellness support. - Growth & Learning - Fuel your professional journey with continuous learning and development programs designed to help you upskill and grow. - Engaging & Fun Work Culture - Experience a vibrant workplace with team events, celebrations, and engaging activities that make every workday enjoyable. - & Many More... ## Apply [Apply at Velsera](https://apply.workable.com/velsera/j/40C6150C42/apply) --- Powered by [Workable](https://www.workable.com)