About Us:

Exotel is the emerging market’s leading full-stack customer engagement platform and business-focused virtual telecom operator. Incorporated in 2011, Exotel’s cloud-based product suite powers 50 million daily engagements across voice, video and messaging channels. Exotel powers unified customer engagement to over 6000 companies in 60+ countries, including India, SE Asia, the Middle East, and Africa.

Today, some of the fastest-growing companies in the emerging markets (Ola, Swiggy, Flipkart, GoJek, Byju’s, Urban Company, HDFC Bank, Zomato, Oyo, etc.) manage their customer engagement with Exotel’s suite of a communication API, Ameyo’s omnichannel contact centre (merger), and Cogno AI‘s conversational AI platform (acquisition) over the cloud. We are a $100 million Series D funded company with $60 million in ARR.

Role Overview

We are seeking an experienced Information Security Consultant – GRC to strengthen our information security posture and ensure compliance with regulatory and client requirements. The role involves handling client RFPs and audits, collaborating with cross-functional teams, and conducting ITGC control testing to maintain security assurance and trust with clients.

Key Responsibilities

• Lead and manage client RFPs, security due diligence, and vendor assessments, ensuring accurate and timely responses.

• Coordinate and support client security audits, including evidence collection, remediation tracking, and closure.

• Collaborate with Sales, Infrastructure, Engineering, and Operations teams to align client commitments with internal controls.

• Perform IT General Controls (ITGC) testing, risk assessments, and gap analysis across systems and processes.

• Maintain and update ISMS policies, SOPs, and compliance documentation in line with ISO 27001, SOC 2, RBI, and DPDP requirements.

• Track, monitor, and report GRC metrics, risks, and control effectiveness to leadership.

• Support internal and external audits, ensuring timely remediation of identified issues.

• Drive awareness and training programs to strengthen compliance culture across teams.

Key Skills & Competencies

• Strong understanding of ITGC controls, risk management, and compliance frameworks (ISO 27001, SOC 2, RBI, GDPR/DPDP).

• Experience handling client-facing RFPs, due diligence, and security audits.

• Ability to collaborate effectively with Sales, Infra, and technical teams.

• Excellent documentation, stakeholder communication, and presentation skills.

• Strong analytical mindset with the ability to identify risks and recommend mitigation.

Qualifications & Experience

• Bachelor’s degree in Computer Science, Information Security, or related field.

• 4–8 years of experience in Information Security GRC or related roles.

• Hands-on experience with Burpsuite, Nexus, Sonarqube or any other similar tool.

• Hands-on knowledge of ITGC testing and audit processes.

• Relevant certifications preferred: CISA, ISO 27001 LA/LI, CISSP (preferred), or equivalent.