Security Lead (GRC & AppSec)

Location: Hyderabad, India
Employment Type: Full-Time; Salaried 
Compensation: Base Salary, Bonus, Stock Options, Medical

About Innovapptive

Innovapptive is an enterprise SaaS company building an AI-powered Connected Worker Platform for industrial organizations. Our platform connects frontline workers, back-office systems, and assets in real-time to drive safety, reliability, and operational productivity.

Leading global enterprises including Shell, Hess, Westlake Chemical, Kimberly-Clark, Scott Miracle-Gro, and Newmont Mining, rely on Innovapptive to transform how work gets done across plants and field operations.

Our customers have achieved $50M+ EBITDA savings at a single enterprise, 10× improvement in frontline productivity, and 15–20% reductions in maintenance costs.

Innovapptive is recognized as a Leader in Frost & Sullivan's “Frost Radar 2025 -  Augmented Connected Worker Platforms”, with acknowledgments from Gartner and LNS Research, and is backed by Vista Equity Partners and Tiger Global Management.

With headquarters in Houston and an engineering center in Hyderabad, we have 300+ employees across the U.S., India, and ANZ and are on a strong trajectory toward $100M ARR.

Why This Role Exists

Innovapptive has zero security engineering today. 59 enterprise customers across regulated industries. Customers asking for SOC 2 compliance, pen test reports, security posture documentation. We have none.

You are the founding security hire. Build Security & Compliance from scratch: GRC, AppSec pipeline, vulnerability management, security culture. Hire and lead a 3-person team.

What You Own

• Security program from zero: GRC framework, risk register, policies, vendor assessments.
• SOC 2 Type II readiness.
• AppSec pipeline: SAST/SCA in CI/CD. 100% repo coverage.
• Vulnerability management: ≥95% Crit/High resolved within 7/30 days.
• Security review for high-risk changes.
• Incident response playbook.
• Security awareness and training.
• Team building: AppSec Engineer now, Infra/Cloud in Q3.

You Must Have

• 6+ years information security with 2+ years leading programs.
• GRC: SOC 2, ISO 27001. Audit coordination.
• AppSec: SAST/DAST/SCA, OWASP Top 10, threat modeling.
• Security tooling in CI/CD.
• Communicate risk in business terms.
• Building security from zero in growth-stage SaaS.

Nice to Have

• CISSP, CISM, CEH, or AWS Security Specialty.
• Regulated industries (energy, utilities, manufacturing).
• SAP security patterns.
• PenTest experience.
• AI/ML security.

You Will Be Measured On

• SAST/SCA 100% repos within 60 days.
• ≥95% Crit/High resolved within 7/30 days.
• SOC 2 audit-ready by year end.
• Playbook v1 within 30 days.
• Team at 3 HC by Q3.
• ≥90% quarterly audits satisfactory.

Tech Stack & Tools

SAST/SCA: SonarQube, Snyk, Dependabot, GitLab SAST

DAST: OWASP ZAP, Burp Suite

Infrastructure: AWS (IAM, GuardDuty, Security Hub), Docker, K8s

Identity: SAML, OAuth 2.0, RBAC

Compliance: Vanta/Drata

Monitoring: CloudWatch, Sentry, Mixpanel

Compensation & Growth

Reports to VP SRE. Founding security role. Path to Head of Security / CISO.

What We Offer

• Competitive compensation and equity tied to measurable impact on AI accuracy and performance.
• A platform to shape the semantic intelligence layer of a category-defining industrial SaaS company.
• Access to cutting-edge AI, data, and observability toolchains for continuous learning and innovation.

Innovapptive does not accept and will not review unsolicited resumes from search firms.
Innovapptive is an equal opportunity employer and is committed to a diverse and inclusive workplace.  Qualified applicants will receive consideration for employment without regard to race, color, religion or creed, alienage or citizenship status, political affiliation, marital or partnership status, age, national origin, ancestry, physical or mental disability, medical condition, veteran status, gender, gender identity, pregnancy, childbirth (or related medical conditions), sex, sexual orientation, sexual and other reproductive health decisions, genetic disorder, genetic predisposition, carrier status, military status, familial status, or domestic violence victim status and any other basis protected under federal, state, or local laws