Security Lead (GRC & AppSec)

Security Lead (GRC & AppSec)

Location: Hyderabad India
Employment Type: Full-Time; Salaried
Compensation: Base Salary Bonus Stock Options Medical

About Innovapptive

Innovapptive is an enterprise SaaS company building an AI-powered Connected Worker Platform for industrial organizations. Our platform connects frontline workers back-office systems and assets in real-time to drive safety reliability and operational productivity.

Leading global enterprises including Shell Hess Westlake Chemical Kimberly-Clark Scott Miracle-Gro and Newmont Mining rely on Innovapptive to transform how work gets done across plants and field operations.

Our customers have achieved $50M EBITDA savings at a single enterprise 10 improvement in frontline productivity and 1520% reductions in maintenance costs.

Innovapptive is recognized as a Leader in Frost & Sullivans Frost Radar 2025 - Augmented Connected Worker Platforms with acknowledgments from Gartner and LNS Research and is backed by Vista Equity Partners and Tiger Global Management.

With headquarters in Houston and an engineering center in Hyderabad we have 300 employees across the U.S. India and ANZ and are on a strong trajectory toward $100M ARR.

Why This Role Exists

Innovapptive has zero security engineering today. 59 enterprise customers across regulated industries. Customers asking for SOC 2 compliance pen test reports security posture documentation. We have none.

You are the founding security hire. Build Security & Compliance from scratch: GRC AppSec pipeline vulnerability management security culture. Hire and lead a 3-person team.

What You Own

• Security program from zero: GRC framework risk register policies vendor assessments.
• SOC 2 Type II readiness.
• AppSec pipeline: SAST/SCA in CI/CD. 100% repo coverage.
• Vulnerability management: 95% Crit/High resolved within 7/30 days.
• Security review for high-risk changes.
• Incident response playbook.
• Security awareness and training.
• Team building: AppSec Engineer now Infra/Cloud in Q3.

You Must Have

• 6 years information security with 2 years leading programs.
• GRC: SOC 2 ISO 27001. Audit coordination.
• AppSec: SAST/DAST/SCA OWASP Top 10 threat modeling.
• Security tooling in CI/CD.
• Communicate risk in business terms.
• Building security from zero in growth-stage SaaS.

Nice to Have

• CISSP CISM CEH or AWS Security Specialty.
• Regulated industries (energy utilities manufacturing).
• SAP security patterns.
• PenTest experience.
• AI/ML security.

You Will Be Measured On

• SAST/SCA 100% repos within 60 days.
• 95% Crit/High resolved within 7/30 days.
• SOC 2 audit-ready by year end.
• Playbook v1 within 30 days.
• Team at 3 HC by Q3.
• 90% quarterly audits satisfactory.

Tech Stack & Tools

SAST/SCA: SonarQube Snyk Dependabot GitLab SAST

DAST: OWASP ZAP Burp Suite

Infrastructure: AWS (IAM GuardDuty Security Hub) Docker K8s

Identity: SAML OAuth 2.0 RBAC

Compliance: Vanta/Drata

Monitoring: CloudWatch Sentry Mixpanel

Compensation & Growth

Reports to VP SRE. Founding security role. Path to Head of Security / CISO.

What We Offer

• Competitive compensation and equity tied to measurable impact on AI accuracy and performance.
• A platform to shape the semantic intelligence layer of a category-defining industrial SaaS company.
• Access to cutting-edge AI data and observability toolchains for continuous learning and innovation.

Innovapptive does not accept and will not review unsolicited resumes from search firms.
Innovapptive is an equal opportunity employer and is committed to a diverse and inclusive workplace. Qualified applicants will receive consideration for employment without regard to race color religion or creed alienage or citizenship status political affiliation marital or partnership status age national origin ancestry physical or mental disability medical condition veteran status gender gender identity pregnancy childbirth (or related medical conditions) sex sexual orientation sexual and other reproductive health decisions genetic disorder genetic predisposition carrier status military status familial status or domestic violence victim status and any other basis protected under federal state or local laws