Compliance Programme Manager

About UnifizeAt Unifize, we're building the AI-native product suite for regulated manufacturing companies — helping teams in medical devices, aerospace, defence, and precision manufacturing run and prove critical work faster.Today, regulated manufacturers rely on a patchwork of disconnected tools — QMS, DMS, PLM, MES, spreadsheets, and email — to manage their processes. This fragmentation slows innovation, creates compliance risk, and forces teams to waste time manually connecting the dots. Unifize brings process, documentation, and communication together in one place. Whether it's managing CAPAs, resolving deviations, launching new products, or preparing for audits, teams work faster with full traceability and audit readiness built in.We are ~60 people with offices in Bangalore and the US. Our customers start with one use case and consistently expand — 100% net expansion to date. Check out our website, case studies, and videos to learn more.The OpportunityIn March 2026, Unifize launched one of the most ambitious compliance programmes in Indian SaaS — seven frameworks, 18–24 months, and external certifications with direct customer and revenue consequences: SOC 2, ISO 27001, GDPR, HIPAA, ISO 9001, NIST 800-171, and CMMC Level 2.A third-party NIST 800-171 assessment is already complete. ISO 27001 certification is targeted for June 2026. The clock is running — and there is currently no single person accountable for driving this programme.We need a Compliance Programme Manager to own it end to end. Not advise on it. Not audit it. Own it — the plan, the milestones, the external auditor relationships, the cross-functional coordination, and the outcomes. You will report directly to the CEO and be the single point of accountability for the compliance programme.What You'll OwnProgramme DeliveryMaintain the master programme plan, milestone tracker, and compliance calendar across all seven frameworksDrive each framework through Discovery, gap analysis, remediation, and certification — in sequence, on scheduleDeliver weekly status updates and quarterly programme reviews to leadership — structured, crisp, and ahead of problemsEnsure every framework has complete, audit-ready evidence packages before certification or assessment milestonesISO 27001 — June 2026 (Most Urgent)Confirm the certification body, validate the gap analysis, and run Stage 1 and Stage 2 audits to completionThis is the most time-critical milestone. You will be accountable for it within weeks of joiningExternal Party ManagementSelect and manage certification bodies (ISO 27001, ISO 9001), the C3PAO (CMMC), legal counsel (GDPR, HIPAA), and third-party consultantsYou own these relationships — not the CEO, not legalCross-functional CoordinationAlign engineering, security, legal, HR, and QMS workstreams to the programme timelineIdentify dependencies, resolve conflicts, and keep every workstream moving — without chasingNIST 800-171 / CMMC RemediationOwn the POA&M — 54 Not Met objectives require structured remediation across H2 2026Drive closure against the SPRS submission deadlineBudget OwnershipTrack programme spend against the approved budget envelope, flag variances early, and manage cost-driver decisionsWhat This Role Will NOT DoWrite application code or implement technical controls — that's EngineeringPerform security risk assessments or design security architecture — that's the Security / ISMS LeadDraft legal agreements (DPAs, BAAs, DFARS clauses) — that's Legal and external counselBuild or manage a compliance team — this is a sole-contributor role, not a people-management positionWho You AreYou are a programme manager first, compliance professional second. You have delivered a compliance programme — not participated in one, not audited one — but owned it end to end, including the external auditor relationships and the certification outcome.You move fast without needing perfect information. You are deeply organised without being bureaucratic. You can give a CEO a crisp status update on seven frameworks in five minutes, and you know how to hold the programme together when engineering has competing product priorities and leadership wants to skip steps.You are comfortable being the only dedicated compliance resource for 6–12 months. You are both the programme director and the person doing the work. There is no team to build — you are effective as a sole contributor from day one.RequirementsMust-have:Demonstrated track record of delivering a compliance programme to certification or assessment completion — end-to-end ownership including CB / auditor management. Advisory roles, audit support, and participation roles do not qualifyMinimum 2–3 years of full-time, dedicated compliance experience — not part-time, not adjacentExperience with at least two of: ISO 27001, SOC 2, NIST 800-171 / CMMC, GDPR, HIPAAStrong programme management discipline — milestone tracking, dependency management, risk registers, and proactive stakeholder communicationComfortable operating as a sole contributor without a team below youAble to push back constructively on founders and engineering when the programme requires itBangalore-based, or open to full remote within IndiaGood to have:Sprinto or similar GRC platform experience (learnable within 30 days)CMMC or federal compliance backgroundExperience at a B2B SaaS company of 50–300 peopleNo depth on DPDP Act is fine — no candidate will have it yetHard no:No track record of closing a certification or assessment — only advisory, audit support, or participation rolesStrong compliance domain knowledge but poor programme management discipline — frameworks researched, never shippedRequires a team in place before they can operate effectivelyCannot manage up and push back constructively when neededWhy Join UnifizeThis is a rare opportunity to own a compliance programme end to end from scratch — not inherit someone else's half-built framework, not manage a team executing it, but be the person who delivers it.Seven frameworks. Real external milestones. Direct revenue consequences. You report to the CEO. Decisions happen in hours, not weeks.The frameworks covered — ISO 27001, CMMC, NIST 800-171 — are credible, technically interesting, and increasingly rare in Indian SaaS. The person hired here will have a compliance delivery track record by end of 2027 that very few CPMs in India can match.Work on a programme that directly unlocks enterprise and federal manufacturing dealsOwnership of outcomes, not just activitiesDirect access to the founding team — no layers, no bureaucracyCompetitive compensation aligned with certification milestones and programme deliveryUnifize is an equal opportunity employer. We are building a diverse team and welcome applicants from all backgrounds.

Apply Now