Vendor Risk Management and GRC

Who are we

Founded in 2014 by Khadim Batti and Vara Kumar, Whatfix is a leading global B2B SaaS provider and the largest pure-play enterprise digital adoption platform (DAP). Whatfix empowers companies to maximize the ROI of their digital investments across the application lifecycle, from ideation to training to the deployment of software. Driving user productivity, ensuring process compliance, and improving user experience of internal and customer-facing applications.

Whatfix has seven offices across the US, India, UK, Germany, Singapore, and Australia and a presence across 40+ countries.

Customers: 700+ enterprise customers, including over 80 Fortune 500 companies such as Shell, Microsoft, Schneider Electric, and UPS Supply Chain Solutions.

Investors: Raised a total of ~$270 million. Most recently Series E round of $125 Million led by Warburg Pincus with participation from existing investor SoftBank Vision Fund 2. Other investors include Cisco Investments, Eight Roads Ventures (A division of Fidelity Investments), Dragoneer Investments, Peak XV Partners, and Stellaris Venture Partners.

• With over 45% YoY sustainable annual recurring revenue (ARR) growth, Whatfix is among the Top 50 Indian Software Companies as per G2 Best Software Awards.
• Recognized as a Leader in the digital adoption platforms (DAP) category for the past 4+ years by leading analyst firms like Gartner, Forrester, IDC, and Everest Group.
• The only vendor recognized as a Customers Choice in the 2024 Gartner Voice of the Customer for Digital Adoption Platforms has once again earned the Customers Choice distinction in 2025. 4.5 on Gartner Peer Insights, and a high CSAT of 99.8%
• Highest-Ranking DAP on 2023 Deloitte Technology Fast 500 North America for Fourth Consecutive Year
• Only DAP to be among the top 35% companies worldwide in sustainability excellence with EcoVadis Bronze Medal

Role Summary:

Manage daily compliance tasks, ensure continuity of compliance run-books and SOPs, follow up with stakeholders, and manage compliance trackers.

Conduct vendor assessments, review vendor-provided evidence and artefacts, follow up with vendors, and manage vendor management trackers and SOPs.

RolesResposblities:

• Support the preparation, coordination, and documentation of compliance audits (e.g., ISO 27001, SOC 2, ISO 27701, etc.) by gathering and managing audit evidence, managing audit trackers, etc.

• Manage periodic updates of Information security policies in terms of annual updates, maintenance, etc.

• Assist in the development and delivery of security awareness training materials and campaigns to educate employees on security policies, procedures, and best practices.

• Research emerging trends, threats, and technologies in information security, GRC, and related areas, and assist in analyzing their potential impact on the organization.

• Assist in conducting risk assessments and due diligence activities on third-party vendors and suppliers to evaluate their security controls, practices, and compliance with contractual requirements.

• Aid in identifying and analyzing potential risks associated with third-party relationships, including data security, privacy and compliance risks.

• Monitor the Vendor Assessment tool continuously and ensure that the vendor and assessment records are appropriate at all times

• Maintain a track of all vendors due to periodic risk assessments and assist in conducting the periodic assessments

• Assist in maintaining accurate and up-to-date documentation of third-party risk assessments, findings, and remediation activities, and prepare reports for management and stakeholders as needed.

• Contribute to the development and enhancement of third-party risk management policies, procedures, and guidelines to ensure alignment with industry best practices and regulatory requirements.
  
  Functional Competencies

  • Entry-level understanding of at least 3 of the following areas viz. Regulatory and Compliance requirements; implementation knowledge in risk management, policy development, security controls implementation, incident response, technical proficiency, vendor management, monitoring and reporting, collaboration, and continuous improvement.

  • Fair understanding in Vendor Management, Risk Management, Facilitation, Communication Skills, Collaboration, Due Diligence and Compliance