Assembly Global

Senior Security & Compliance Project Manager

Assembly Global

full-time

Posted on:

Location Type: Office

Location: BengaluruIndia

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

About the role

  • Drive key security and compliance initiatives across Criteo.
  • Identify and qualify risks, define priorities, align stakeholders, and ensure consistent execution — from vision to delivery.
  • Own topics such as writing standards/policies, risk management, third party risk management, ISO27001, SOC2, SOX and other team initiatives.
  • Manage risks.
  • Define and structure security compliance projects (ISO27001, SOC2, NIST, internal control plans…).
  • Turn strategy into actionable roadmaps and clear milestones.
  • Lead end-to-end project delivery across multiple teams (Security, Engineering, Infrastructure, Physical Sites, Legal, etc.).
  • Facilitate and energize collaborative workshops and steering committees.
  • Be a trusted partner for technical teams and bridge the gap between compliance and engineering.
  • Coordinate audit activities, from preparation to closure (internal and external).
  • Review technical designs to ensure alignment with security best practices.
  • Drive the security audit lifecycle and lead major security audits and assessments (SOC2, ISO27001, NIST…).
  • Drive evidence collection in collaboration with all involved stakeholders.
  • Orchestrate and follow-up the remediation of findings.
  • Participate in SOX legal audit, third party risk management, clients security questionnaires, and due diligence.
  • Support the creation of clear, structured, and actionable security documentation (policies, standards…).
  • Write security GRC documentation (Information security policies, Technical security standards using technical knowledge).

Requirements

  • Master’s degree in Information Security, Computer Science, or a related field.
  • 4-6 years of relevant experience.
  • Additional certifications in security governance or compliance frameworks (e.g., ISO27001 Lead Auditor/Implementer, CISA, CISSP, or similar) are highly valued.
  • Continuous professional development in areas such as risk management, audit methodologies, and regulatory compliance.
  • You have experience in security GRC, compliance, or risk management.
  • You are used to working with engineering teams, and you have a passion for it.
  • You understand the basics of authentication, encryption, access control, threat modeling, etc., and you know how to talk to engineers.
  • You know how to structure and lead complex, multi-team projects in a fast-paced, agile environment.
Benefits
  • Annual Leave in number of 20 allotted to all employees beginning of every calendar year.
  • Sick Leave in number of 12 is allotted effective DOJ and beginning of ever calendar year.
  • Other Leaves-Maternity Leave & Paternity Leaves, Birthday Leave Entitlement
  • Dedicated L&D Budget for all Teams to upskill & get certified
  • All employees are entitled for Group Personal Accident Cover & Life Cover Insurance.
  • Insurance coverage for the entire family (Employee + up to 7 dependents - Self, Spouse, up to 4 children, and Parents)
  • Monthly Cross Team Lunch
  • Rewards and Recognition program-Employee of the month, Star Performer, Tenure Celebration & many more
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
risk managementsecurity complianceISO27001SOC2NISTaudit methodologiesencryptionaccess controlthreat modelingsecurity GRC
Soft Skills
collaborationleadershipcommunicationproject managementstakeholder alignmentstrategic thinkingproblem-solvingfacilitationtrust buildingagility
Certifications
ISO27001 Lead AuditorISO27001 ImplementerCISACISSP