Senior Consultant: Trust Assurance

Build the function

• Create delivery operating model: intake, scoping, SOWs, QA, SLAs, change control, and reporting.
• Build reusable IP: templates, playbooks, mapping libraries, workshop agendas, and QA rubrics.
• Hire and lead a team of specialists; build service-line pods over time.

Deliver and scale service lines (phased)

• Phase 1: framework digitisation & control/check mapping inside Sprinto.
• Phase 2: packaged services for risk assessment, privacy (DPIA), policy review, internal audits,                                  and audit readiness support.
• Phase 3: scale into security assurance programs and partner-led offerings (e.g., VAPT program management, vendor governance, QA, and customer outcomes).

Own commercial outcomes

• Define service packaging and pricing models (fixed-fee tiers, retainer options where relevant).
• Own utilization, margins, capacity planning, delivery forecasting, and predictable throughput.
• Partner with Sales/SE/CS to attach services appropriately and improve enterprise deal conversion + retention.
  
  

AI-enabled service productisation

• Create “AI-assisted playbooks” for repeatable services (DPIA, risk assessment, policy review, internal audit checklists).
• Build structured input forms/checklists that juniors can fill out, enabling consistent output.
• Define QA guardrails (mandatory source inputs, validation steps, human approval gates).
• Maintain an internal library of prompts/templates and continuously improve them based on audit/customer feedback.

Ensure quality and manage risk

• Establish acceptance criteria and review mechanisms for deliverables.
• Define boundaries and disclaimers to avoid uncontrolled liability.
• Build partner qualification standards and a QA framework for third-party-delivered services.
  
  

Experience

• 3–6+ years in GRC/security consulting, audit/advisory, or building managed compliance programs.
• Demonstrated experience building/scaling a services practice or delivery org (0→1 to repeatable).
• Strong experience with enterprise customers and multi-stakeholder delivery.

Domain mastery

• ISO 27001, SOC 2, GDPR; strong risk assessment experience.
• Privacy assessments (DPIA) hands-on.
• Comfort with complex frameworks like FedRamp, HITRUST, NIST family and regional regulations

Proficiency in building AI-enabled workflows

• Demonstrated ability to use AI tools (e.g., ChatGPT-style workflows) to reduce manual effort and standardize deliverables.
• Ability to translate domain expertise into reusable templates and guided systems.
• Strong judgment around accuracy, confidentiality, and review requirements.

Operator strengths

• Ability to productize services (packages, deliverables, QA, SLAs).
• Strong commercial ownership: pricing, margins, capacity planning.
• Excellent written communication and workshop leadership.
• Strong decision-making in ambiguity, without scope creep.
  
  

Preferred

• Prior leadership of multi-service GRC offerings (risk, privacy, internal audits, readiness).
• Experience in auditing and implementing GRC frameworks
• Certifications (good to have): ISO 27001 LA/LI, CISA, CISM, CISSP or  PCI QSA.
  
  

Success metrics

• Services revenue growth trajectory toward the long-term contribution target.
• Delivery cycle time, rework rate, QA pass rate, customer satisfaction.
• Utilisation and gross margin improvement via reuse and standardisation.
• Attach rate (services + product), deal unblock impact, retention uplift.