II Senior Manager – Information Security Compliance & GRC II SOC 2 | ISO 27001 | GDPR | HIPAA | Risk Management | Audit & Governance
(Chennai/Remote)
About Lumel
Lumel is a leader in modern, end-to-end Enterprise Performance Management (EPM) products & solutions. The suite of products enables planning, reporting, analytics and data governance on a single platform. We leverage your existing data platform investments and drive cost savings by avoiding extensive ETL and complex customizations. In other words, with Lumel, you can bring Planning to your data, rather than moving your data around or creating new data marts. Our Real-Time Integrated Planning Suite offers dozens of out-of-the-box features with extensive data management capabilities, including metadata management designed for business users. Lumel's products feature a user-centric design that empowers business users while reducing reliance on consultants and IT developers. The firm has been delivering innovative products for more than a decade and serves over 3,000 customers worldwide.
About the role
We are looking for Senior Manager – Information Security Compliance & GRC to lead Lumel's enterprise-wide security compliance initiatives.
This role will serve as the single point of ownership (SPOC) for all compliance programs, security certifications, governance activities, and external audits.
The ideal candidate should have a strong background in Information Security Governance, Risk & Compliance (GRC), preferably from a Big4 or top-tier consulting environment, with proven experience independently driving organizations through complex compliance certifications from planning to successful audit completion.
You will work cross-functionally with Engineering, Product, Cloud Operations, IT, Legal, HR, and Executive Leadership to design, implement, monitor, and continuously improve Lumel's security and compliance posture.
Key Responsibilities
Compliance Program Leadership
- Own and lead Lumel's enterprise Information Security Compliance Program.
- Develop and execute the long-term compliance roadmap aligned with business growth.
- Establish governance structures, compliance metrics, reporting dashboards, and executive updates.
- Build scalable compliance processes supporting multiple global regulatory frameworks.
Security Certifications & Audit Management
Lead end-to-end certification programs, including:
- SOC 2 Type II
- ISO/IEC 27001
- GDPR
- HIPAA
- Future compliance initiatives (ISO 27701, PCI DSS, CSA STAR, NIST CSF, etc.)
Responsibilities include:
- Readiness assessments
- Gap assessments
- Control implementation
- Risk assessments
- Audit planning
- Evidence collection
- Audit coordination
- Certification maintenance
- Continuous monitoring
Governance, Risk & Controls
- Design and maintain security policies, standards, procedures, and governance frameworks.
- Develop and manage:
- Risk Registers
- Control Matrices
- Risk Treatment Plans
- Compliance Dashboards
- Policy Lifecycle
- Perform control testing and internal compliance reviews.
- Drive remediation efforts across engineering and business teams.
Audit & Vendor Management
- Serve as primary liaison for external auditors, certification bodies, customers, and compliance partners.
- Manage audit timelines, evidence requests, and certification deliverables.
- Coordinate third-party risk assessments and vendor security reviews.
- Support customer security questionnaires and due diligence requests.
Cross-Functional Leadership
Partner closely with:
- Engineering
- Cloud Infrastructure
- DevOps
- Product Management
- IT
- HR
- Legal
- Executive Leadership
to ensure security controls are effectively designed, implemented, documented, and operationalized.
Continuous Improvement
- Monitor emerging regulations and security standards.
- Recommend improvements to Lumel's governance and risk management practices.
- Deliver compliance awareness and security training across the organization.
- Build an audit-ready culture through automation, documentation, and process excellence.
Required Qualifications
- 5+ years of experience in Information Security, Governance, Risk & Compliance (GRC), Risk Assurance, or Information Security Compliance.
- Proven experience in independently leading enterprise compliance programs from initiation through successful certification.
- Hands-on experience managing:
- SOC 2 Type II
- ISO 27001
- GDPR
- HIPAA
- Strong understanding of:
- Information Security Governance
- Risk Management
- Internal Controls
- Audit Methodologies
- Control Testing
- Security Policies
- Experience working with external auditors, certification bodies, Big4 firms, or consulting organizations.
- Strong project management and stakeholder management skills.
- Excellent executive communication and presentation skills.
- Ability to influence cross-functional teams without direct authority.
- Highly organized, detail-oriented, and capable of managing multiple compliance initiatives simultaneously.
- Self-driven with a strong ownership mindset and the ability to work independently in a fast-paced environment.
Preferred Qualifications
Experience with ISO 27701 frameworks:
Experience with Vanta
Cloud security experience involving:
- Microsoft Azure
- AWS
- Google Cloud Platform (GCP)
Preferred Certifications
One or more of the following certifications are highly preferred:
- CISA
- CISM
- CISSP
- CRISC
- ISO/IEC 27001 Lead Auditor
- ISO/IEC 27001 Lead Implementer
Why Join Lumel?
- Own and build Lumel's enterprise Information Security Compliance function from the ground up.
- Lead strategic security initiatives with executive visibility and influence.
- Shape the company's long-term governance, risk, and compliance strategy.
- Work in a collaborative, fast-growing global SaaS organization.
- Opportunity to implement modern compliance automation and best-in-class security practices.
- Competitive compensation, comprehensive benefits, and strong career growth opportunities.