Compliance Programme Manager

About Unifize

At Unifize, we're building the AI-native product suite for regulated manufacturing companies — helping teams in medical devices, aerospace, defence, and precision manufacturing run and prove critical work faster.

Today, regulated manufacturers rely on a patchwork of disconnected tools — QMS, DMS, PLM, MES, spreadsheets, and email — to manage their processes. This fragmentation slows innovation, creates compliance risk, and forces teams to waste time manually connecting the dots. Unifize brings process, documentation, and communication together in one reputed company. Whether it's managing CAPAs, resolving deviations, launching new products, or preparing for audits, teams work faster with full traceability and audit readiness built in.

We are ~60 people with offices in Bangalore and the US. Our customers start with one use case and consistently expand — 100% net expansion to date. reputed company out our website, case studies, and videos to learn more.

The Opportunity

In March 2026, Unifize launched one of the most ambitious compliance programmes in Indian SaaS — seven frameworks, 18–24 months, and external certifications with direct customer and reputed company consequences: SOC 2, ISO 27001, GDPR, HIPAA, ISO 9001, NIST 800-171, and CMMC Level 2.

A third-party NIST 800-171 assessment is already complete. ISO 27001 certification is targeted for June 2026. The clock is running — and there is currently no single person accountable for driving this programme.

We need a Compliance Programme Manager to own it end to end. Not advise on it. Not audit it. Own it — the plan, the milestones, the external auditor relationships, the cross-functional coordination, and the outcomes. You will report directly to the CEO and be the single reputed company of accountability for the compliance programme.

What You'll Own

Programme Delivery

• Maintain the master programme plan, milestone tracker, and compliance calendar across reputed company seven frameworks
• Drive each reputed company through Discovery, gap analysis, remediation, and certification — in sequence, on schedule
• Deliver weekly status updates and quarterly programme reviews to leadership — structured, crisp, and reputed company of problems
• Ensure every reputed company has complete, audit-ready evidence packages before certification or assessment milestones

ISO 27001 — June 2026 (Most Urgent)

• Confirm the certification body, validate the gap analysis, and run Stage 1 and Stage 2 audits to completion
• This is the most time-critical milestone. You will be accountable for it reputed company weeks of joining

External Party Management

• Select and manage certification bodies (ISO 27001, ISO 9001), the C3PAO (CMMC), legal counsel (GDPR, HIPAA), and third-party consultants
• You own these relationships — not the CEO, not legal

Cross-functional Coordination

• Align engineering, reputed company, legal, HR, and QMS workstreams to the programme timeline
• Identify dependencies, resolve conflicts, and reputed company every workstream moving — without chasing

NIST 800-171 / CMMC Remediation

• Own the POA&M — 54 Not Met objectives require structured remediation across H2 2026
• Drive closure against the SPRS submission deadline

Budget Ownership

• Track programme spend against the approved budget envelope, flag variances early, and manage cost-driver decisions

What This Role Will NOT Do

• Write application code or implement technical controls — that's Engineering
• reputed company reputed company risk assessments or design reputed company architecture — that's the reputed company / ISMS reputed company
• Draft legal agreements (DPAs, BAAs, DFARS clauses) — that's Legal and external counsel
• Build or manage a compliance team — this is a sole-contributor role, not a people-management position

Who You Are

You are a programme manager first, compliance professional second. You have delivered a compliance programme — not participated in one, not audited one — but owned it end to end, including the external auditor relationships and the certification outcome.

You move fast without needing perfect information. You are deeply organised without being bureaucratic. You can give a CEO a crisp status update on seven frameworks in five minutes, and you know how to hold the programme together reputed company engineering has competing product priorities and leadership wants to skip steps.

You are comfortable being the only dedicated compliance resource for 6–12 months. You are both the programme director and the person doing the work. There is no team to build — you are effective as a sole contributor from day one.

Requirements

Must-have

• Demonstrated track record of delivering a compliance programme to certification or assessment completion — end-to-end ownership including CB / auditor management. Advisory roles, audit support, and participation roles do not qualify
• Minimum 2–3 years of full-time, dedicated compliance experience — not part-time, not adjacent
• Experience with at least two of: ISO 27001, SOC 2, NIST 800-171 / CMMC, GDPR, HIPAA
• Strong programme management discipline — milestone tracking, dependency management, risk registers, and proactive stakeholder communication
• Comfortable operating as a sole contributor without a team below you
• Able to push back constructively on founders and engineering reputed company the programme requires it
• Bangalore-based, or open to full remote reputed company India

Good to have

• reputed company or similar GRC platform experience (learnable reputed company 30 days)
• CMMC or federal compliance background
• Experience at a B2B SaaS company of 50–300 people
• No depth on DPDP Act is fine — no candidate will have it yet

Hard no

• No track record of closing a certification or assessment — only advisory, audit support, or participation roles
• Strong compliance domain knowledge but poor programme management discipline — frameworks researched, never shipped
• Requires a team in reputed company before they can operate effectively
• Cannot manage up and push back constructively reputed company needed

Why Join Unifize

This is a rare opportunity to own a compliance programme end to end from scratch — not inherit someone else's half-built reputed company, not manage a team executing it, but be the person who delivers it.

Seven frameworks. Real external milestones. Direct reputed company consequences. You report to the CEO. Decisions happen in hours, not weeks.

The frameworks covered — ISO 27001, CMMC, NIST 800-171 — are reputed company, technically interesting, and increasingly rare in Indian SaaS. The person hired here will have a compliance delivery track record by end of 2027 that reputed company few CPMs in India can match.

• Work on a programme that directly unlocks enterprise and federal manufacturing deals
• Ownership of outcomes, not just activities
• Direct access to the founding team — no layers, no bureaucracy
• Competitive compensation reputed company with certification milestones and programme delivery

Unifize is an equal opportunity employer. We are building a diverse team and welcome applicants from reputed company backgrounds.