Sprinto is an Autonomous Trust Platform that centralizes trust requirements across security frameworks, vendors, and customers.
Sprinto autonomously executes tasks needed to maintain trust across compliance, audits, risk management, vendor risk, privacy, and AI governance, enabling organizations to maintain a strong, reliable trust posture without draining operational bandwidth and resources on repetitive tasks.
Backed by top-tier investors such as Accel, Elevation, and Blume Ventures, we’ve raised$31.8M in funding to fuel our mission. Trusted by over 3,000 organizations across 75 countries, Sprinto helps organizations stay audit-ready, manage real-time risks, and scale fearlessly. With 300+ native integrations and AI-driven automation, Sprinto supports 200+ global security standards natively, including SOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS, and more. Sprinto's extensible architecture enables organizations to build and support an infinite number of custom integrations and frameworks.
Founded in 2020 by second-time founders Girish Redekar and Raghuveer Kancherla, Sprinto powers compliance for organizations like Whatfix, Encora, Anaconda, Whatnot, Ultrahuman, WeWork, Everstage, AI Foundation, HackerRank, and many more.
The Role: Sprinto is building a Managed Services wing that will evolve from framework digitisation into a broader services portfolio, including implementation consulting, risk & privacy assessments, policy reviews, internal audits, and security assurance programs. This leader will build the function from the ground up with strong governance, repeatability, and commercial accountability.
What you’ll do
Build the function
Create delivery operating model: intake, scoping, SOWs, QA, SLAs, change control, and reporting.
Build reusable IP: templates, playbooks, mapping libraries, workshop agendas, and QA rubrics.
Hire and lead a team of specialists; build service-line pods over time.
Deliver and scale service lines (phased)
Phase 1: framework digitisation & control/check mapping inside Sprinto.
Phase 2: packaged services for risk assessment, privacy (DPIA), policy review, internal audits, and audit readiness support.
Phase 3: scale into security assurance programs and partner-led offerings (e.g., VAPT program management, vendor governance, QA, and customer outcomes).
Own commercial outcomes
Define service packaging and pricing models (fixed-fee tiers, retainer options where relevant).
Own utilization, margins, capacity planning, delivery forecasting, and predictable throughput.
Partner with Sales/SE/CS to attach services appropriately and improve enterprise deal conversion + retention.
AI-enabled service productisation
Create “AI-assisted playbooks” for repeatable services (DPIA, risk assessment, policy review, internal audit checklists).
Build structured input forms/checklists that juniors can fill out, enabling consistent output.
Define QA guardrails (mandatory source inputs, validation steps, human approval gates).
Maintain an internal library of prompts/templates and continuously improve them based on audit/customer feedback.
Ensure quality and manage risk
Establish acceptance criteria and review mechanisms for deliverables.
Define boundaries and disclaimers to avoid uncontrolled liability.
Build partner qualification standards and a QA framework for third-party-delivered services.
What we’re looking for
Experience
3–6+ years in GRC/security consulting, audit/advisory, or building managed compliance programs.
Demonstrated experience building/scaling a services practice or delivery org (0→1 to repeatable).
Strong experience with enterprise customers and multi-stakeholder delivery.
Domain mastery
ISO 27001, SOC 2, GDPR; strong risk assessment experience.
Privacy assessments (DPIA) hands-on.
Comfort with complex frameworks like FedRamp, HITRUST, NIST family and regional regulations
Proficiency in building AI-enabled workflows
Demonstrated ability to use AI tools (e.g., ChatGPT-style workflows) to reduce manual effort and standardize deliverables.
Ability to translate domain expertise into reusable templates and guided systems.
Strong judgment around accuracy, confidentiality, and review requirements.
Operator strengths
Ability to productize services (packages, deliverables, QA, SLAs).
Strong commercial ownership: pricing, margins, capacity planning.
Excellent written communication and workshop leadership.
Strong decision-making in ambiguity, without scope creep.
Preferred
Prior leadership of multi-service GRC offerings (risk, privacy, internal audits, readiness).
Experience in auditing and implementing GRC frameworks
Certifications (good to have): ISO 27001 LA/LI, CISA, CISM, CISSP or PCI QSA.
Success metrics
Services revenue growth trajectory toward the long-term contribution target.
Delivery cycle time, rework rate, QA pass rate, customer satisfaction.
Utilisation and gross margin improvement via reuse and standardisation.
Attach rate (services + product), deal unblock impact, retention uplift.
How We Care For Our Sprinters :
-
Work wherever you are: We’re 100% remote, so you get to choose if you want to work from home, cafe, hills or beaches.
-
Co-working on the house: If co-working is your jam, we offer a generous annual allowance of up to INR 14,000* for social working.
-
We care about your learning: We are invested in seeing you grow, and commit USD 1000 annually to help you level up your skills.
-
We count your spark, not your leaves: We care about you not just as an employee, but as a person. So if you need a reset, make use of Unlimited leaves.
-
Your Safety Net, Woven in: We take care of the what-ifs. From health insurance with coverage up to INR 10 lakh for you and your family, to accident protection of an additional INR 10 lakh, and life insurance worth 3× your annual salary, our benefits wrap you and your family in protection so you can focus on thriving.
-
Workspace setup of your dreams: Work from anywhere, and if that’s home, we’ll chip in INR 35,000 to help you create a space that’s as effortless as your workflow. CX_POD
