Compliance Officer – Information Security & Privacy

About Alyve Health

At Alyve Health, we are building an AI-powered digital health ecosystem which helps our members achieve outcomes. This is an opportunity to be a part of a dynamic team and work with senior founders who come from excellent professional pedigrees. More importantly, this is an opportunity to significantly impact our members’ lives.

Work @ Alyve Health

In our prospective hires, we not only look for technical/functional skills but also a culture fit. Everything we do is targeted at improving health outcomes of our customers – we are obsessed with this one thing and it guides all our decision making. We have no “pyramids” – if you join us, you will be trusted with the same information and degree of freedom that our founders have. We are a team of doers and creators. Finally, we take a lot of pride in having the courage to do things which perhaps nobody else would have done in the past; we look to innovate every minute of every day and decide boldly as well as quickly.

Overview

We are looking for a proactive and detail-oriented Compliance Officer - GRC & Privacy to join Alyve Health’s Compliance & Risk Governance team.

In this role, you will manage and coordinate our internal compliance program across ISO 27001, ISO 42001, SOC 2, DPDP Act 2023, GDPR, healthcare regulatory requirements, and vendor/partner compliance. You will work closely with internal teams, auditors, clients, and vendors to track obligations, manage audits, maintain documentation, and ensure Alyve remains audit-ready at all times.

What You'll Do

1. Manage Compliance Programs

• Maintain the compliance register, risk register, and ISMS across ISO 27001, SOC 2, DPDP Act, GDPR, HIPAA, IRDAI, ISO 42001, and other applicable health-tech regulations.
• Conduct gap assessments across technology, operations, vendors, and data handling processes.
• Track risks, findings, and action items to timely closure.

2. Coordinate Audits & Stakeholders

• Act as the compliance point of contact for Product, Engineering, Data, Finance, HR, Ops, Legal, clients, vendors, and auditors.
• Manage audit activities including scheduling, evidence collection, auditor queries, and closure of observations.
• Support client due diligence, vendor reviews, and regulatory responses.

3. Maintain Documentation & Reporting

• Own the compliance dashboard and maintain audit-ready policies, SOPs, evidence logs, risk assessments, and vendor records.
• Prepare compliance updates, MIS reports, board summaries, and regulatory submissions as required.

4. Ensure Privacy & Regulatory Compliance

• Support privacy impact assessments, vendor risk assessments, and compliance reviews for new products, features, data flows, and third-party integrations.
• Ensure security, privacy, and contractual obligations are implemented across the platform and operations.

5. Drive Policy & Awareness

• Draft and update compliance policies, security procedures, data handling guidelines, and vendor compliance requirements.
• Conduct compliance awareness sessions for internal teams, especially Product, Engineering, and Operations.

Skills and Qualifications

▸ Bachelor's degree in Law, Business Administration, Information Technology, Computer Science, or a related field.

▸ Postgraduate qualification in Compliance, Information Security, Data Privacy, or Risk Management is an added advantage.

▸ 1–2 years of experience in compliance, information security governance, risk management, or a related domain.

▸ Prior exposure in a health-tech, insurtech, fintech, or regulated digital platform environment is strongly preferred.

▸ Hands-on experience with compliance registers, audit coordination, policy management, or vendor compliance is desirable.

▸ Working knowledge of ISO 27001, DPDP Act 2023, IRDAI cybersecurity guidelines, and HIPAA requirements.

▸ Ability to conduct gap analyses, control assessments, and risk treatment planning.

▸ Proficiency in maintaining compliance trackers, dashboards, and audit-ready documentation.

▸ Familiarity with cloud compliance posture (GCP / AWS / Azure) and SaaS data handling obligations.

▸ Experience with GRC tools (MetricStream, ServiceNow GRC, or similar) is a plus.

▸ Strong cross-functional coordination - comfortable working with Product, Engineering, Legal, and Business teams.

▸ Excellent written and verbal communication for drafting policies, compliance reports, and management presentations.

▸ High attention to detail with the ability to manage multiple priorities in a fast-paced startup environment.

▸ Proactive, ownership-driven mindset - able to identify compliance risks before they become issues.

▸ Discretion and integrity in handling sensitive member health data and contractual information.

Preferred Certifications

• ISO 27001 Lead Auditor (LA): Highly Preferred
• ISO 27001 Lead Implementer (LI): Highly Preferred
• ISO 27001 Foundation: Preferred
• DPDP / Data Privacy Practitioner: Preferred
• Certified Info. Systems Auditor (CISA): Good to Have
• CRISC: Good to Have
• HIPAA Compliance Certification: Good to Have