Compliance Programme Manager

At Unifize, we're building the AI-native product suite for regulated manufacturing companies — helping teams in medical devices, aerospace, defence, and precision manufacturing run and prove critical work faster.

Today, regulated manufacturers rely on a patchwork of disconnected tools — QMS, DMS, PLM, MES, spreadsheets, and email — to manage their processes. This fragmentation slows innovation, creates compliance risk, and forces teams to waste time manually connecting the dots. Unifize brings process, documentation, and communication together in one place. Whether it's managing CAPAs, resolving deviations, launching new products, or preparing for audits, teams work faster with full traceability and audit readiness built in.

We are ~60 people with offices in Bangalore and the US. Our customers start with one use case and consistently expand — 100% net expansion to date. Check out our website, case studies, and videos to learn more.

In March 2026, Unifize launched one of the most ambitious compliance programmes in Indian SaaS — seven frameworks, 18–24 months, and external certifications with direct customer and revenue consequences: SOC 2, ISO 27001, GDPR, HIPAA, ISO 9001, NIST 800-171, and CMMC Level 2.

A third-party NIST 800-171 assessment is already complete. ISO 27001 certification is targeted for June 2026. The clock is running — and there is currently no single person accountable for driving this programme.

We need a Compliance Programme Manager to own it end to end. Not advise on it. Not audit it. Own it — the plan, the milestones, the external auditor relationships, the cross-functional coordination, and the outcomes. You will report directly to the CEO and be the single point of accountability for the compliance programme.

• Maintain the master programme plan, milestone tracker, and compliance calendar across all seven frameworks
• Drive each framework through Discovery, gap analysis, remediation, and certification — in sequence, on schedule
• Deliver weekly status updates and quarterly programme reviews to leadership — structured, crisp, and ahead of problems
• Ensure every framework has complete, audit-ready evidence packages before certification or assessment milestones

• Confirm the certification body, validate the gap analysis, and run Stage 1 and Stage 2 audits to completion
• This is the most time-critical milestone. You will be accountable for it within weeks of joining

• Select and manage certification bodies (ISO 27001, ISO 9001), the C3PAO (CMMC), legal counsel (GDPR, HIPAA), and third-party consultants
• You own these relationships — not the CEO, not legal

• Align engineering, security, legal, HR, and QMS workstreams to the programme timeline
• Identify dependencies, resolve conflicts, and keep every workstream moving — without chasing

• Own the POA&M — 54 Not Met objectives require structured remediation across H2 2026
• Drive closure against the SPRS submission deadline

• Track programme spend against the approved budget envelope, flag variances early, and manage cost-driver decisions

• Write application code or implement technical controls — that's Engineering
• Perform security risk assessments or design security architecture — that's the Security / ISMS Lead
• Draft legal agreements (DPAs, BAAs, DFARS clauses) — that's Legal and external counsel
• Build or manage a compliance team — this is a sole-contributor role, not a people-management position

You are a programme manager first, compliance professional second. You have delivered a compliance programme — not participated in one, not audited one — but owned it end to end, including the external auditor relationships and the certification outcome.

You move fast without needing perfect information. You are deeply organised without being bureaucratic. You can give a CEO a crisp status update on seven frameworks in five minutes, and you know how to hold the programme together when engineering has competing product priorities and leadership wants to skip steps.

You are comfortable being the only dedicated compliance resource for 6–12 months. You are both the programme director and the person doing the work. There is no team to build — you are effective as a sole contributor from day one.

Must-have:

• Demonstrated track record of delivering a compliance programme to certification or assessment completion — end-to-end ownership including CB / auditor management. Advisory roles, audit support, and participation roles do not qualify
• Minimum 2–3 years of full-time, dedicated compliance experience — not part-time, not adjacent
• Experience with at least two of: ISO 27001, SOC 2, NIST 800-171 / CMMC, GDPR, HIPAA
• Strong programme management discipline — milestone tracking, dependency management, risk registers, and proactive stakeholder communication
• Comfortable operating as a sole contributor without a team below you
• Able to push back constructively on founders and engineering when the programme requires it
• Bangalore-based, or open to full remote within India

Good to have:

• Sprinto or similar GRC platform experience (learnable within 30 days)
• CMMC or federal compliance background
• Experience at a B2B SaaS company of 50–300 people
• No depth on DPDP Act is fine — no candidate will have it yet

Hard no:

• No track record of closing a certification or assessment — only advisory, audit support, or participation roles
• Strong compliance domain knowledge but poor programme management discipline — frameworks researched, never shipped
• Requires a team in place before they can operate effectively
• Cannot manage up and push back constructively when needed

This is a rare opportunity to own a compliance programme end to end from scratch — not inherit someone else's half-built framework, not manage a team executing it, but be the person who delivers it.

Seven frameworks. Real external milestones. Direct revenue consequences. You report to the CEO. Decisions happen in hours, not weeks.

The frameworks covered — ISO 27001, CMMC, NIST 800-171 — are credible, technically interesting, and increasingly rare in Indian SaaS. The person hired here will have a compliance delivery track record by end of 2027 that very few CPMs in India can match.

• Work on a programme that directly unlocks enterprise and federal manufacturing deals
• Ownership of outcomes, not just activities
• Direct access to the founding team — no layers, no bureaucracy
• Competitive compensation aligned with certification milestones and programme delivery

Unifize is an equal opportunity employer. We are building a diverse team and welcome applicants from all backgrounds.