Head of Platform Security & Compliance
The Head of Platform Security & Compliance is responsible for leading platform security, compliance readiness, audit documentation, control evidence, and secure delivery practices across Digital & Transformation. This role reports directly to the VP, Platform Engineering and operates as a cross-functional leader supporting engineering, implementation, reliability, product, and architecture teams.
This role sits within the Digital & Transformation organization, helping to advance how DNV performs Due Diligence, Verification & Assurance, and Renewables Certification work across Energy Systems.
Working in close partnership with Product leadership, Platform Reliability, Application Engineering, Data & AI Engineering, Solution Engineering, Solution Architecture, Security, Legal, and Global Shared Services teams, this role ensures Digital & Transformation aligns with internal security baselines, SOC 2 Type II, ISO 27001, responsible AI expectations, and other applicable assurance requirements.
The Head of Platform Security & Compliance supports a multi-cloud platform environment across Azure, AWS, custom software, data and AI capabilities, and low-code or hybrid development environments. This role helps teams translate security and compliance expectations into practical controls, secure delivery practices, evidence collection, documentation, and repeatable operating procedures.
This role plays a key part in making security and compliance operational, practical, and auditable across platform delivery. The position is responsible for helping teams understand what must be controlled, what must be documented, what evidence must be maintained, and how secure practices can be embedded into day-to-day software delivery without creating unnecessary friction.
**This role is based at our DNV office in Chennai, India. Further details regarding role-specific requirements will be shared during the interview process.**
Key Responsibilities
Platform Security & Compliance Leadership
- Lead platform security and compliance activities across engineering, implementation, reliability, and operations teams.
- Translate security baselines, audit requirements, internal controls, and assurance expectations into practical delivery practices.
- Establish clear ownership, accountability, and documentation discipline for platform security and compliance activities.
- Coordinate evidence gathering, control mapping, and audit readiness for SOC 2 Type II, ISO 27001, internal security reviews, and other applicable assurance activities.
- Ensure platform teams maintain documentation needed for audits, attestations, customer assurance requests, and internal security reviews.
- Act as a practical bridge between engineering teams and enterprise security, legal, risk, and compliance stakeholders.
Secure Software Delivery & Engineering Practices
- Embed secure development practices into software delivery, platform implementation, and operational workflows.
- Partner with Application Engineering, Data & AI Engineering, Solution Engineering, and Platform Reliability to define security expectations for design, development, testing, deployment, and production support.
- Support secure coding, code review, access control, vulnerability management, dependency management, secrets management, logging, monitoring, and incident readiness practices.
- Help teams identify security and compliance risks early in the delivery lifecycle and define pragmatic remediation plans.
- Promote repeatable secure delivery patterns that can be adopted across custom software, APIs, data services, AI-enabled features, and low-code or hybrid platform implementations.
Audit Readiness, Evidence & Control Documentation
- Maintain practical documentation for controls, procedures, evidence, system ownership, access models, data flows, and security-related delivery practices.
- Coordinate audit evidence collection across globally distributed teams and ensure evidence is accurate, current, and traceable.
- Support control design and control operation activities for SOC 2 Type II, ISO 27001, and internal security requirements.
- Partner with platform and engineering teams to maintain evidence for CI/CD, change management, access reviews, incident management, vulnerability management, logging, backup, availability, and secure development practices.
- Improve repeatability and reduce audit burden by creating templates, evidence standards, documentation patterns, and clear operating procedures.
Modern Development, AI & Responsible Engineering
- Support secure adoption of AI-assisted development practices across engineering and implementation teams.
- Define practical expectations for use of LLM-enabled tools, including data handling, prompt and output review, code review, auditability, intellectual property considerations, and secure coding expectations.
- Partner with Data & AI Engineering, Product, Security, Legal, and Global Shared Services teams to support responsible AI practices for AI-enabled platform capabilities.
- Ensure security and compliance fundamentals remain central as teams increase delivery velocity through AI-enabled development workflows.
- Help establish evidence and documentation practices for AI-enabled features, AI-assisted development, model usage, prompt management, and production AI behaviors where applicable.
Architecture, Cloud Platforms & Interoperability
- Review platform architecture, integration patterns, identity models, access controls, data flows, and deployment models from a security and compliance perspective.
- Promote reusable security patterns, shared control documentation, and consistent data protection standards across platform services.
- Guide security considerations across Azure, AWS, custom software, APIs, data services, AI-enabled capabilities, and low-code or hybrid development environments.
- Partner with Solution Architecture and Platform Reliability to ensure security and compliance requirements are reflected in architecture decisions and operational practices.
- Support secure interoperability across applications, platform services, enterprise systems, data flows, authentication models, and customer-facing delivery workflows.
Risk Management, Governance & Stakeholder Coordination
- Identify, document, and communicate platform security and compliance risks in a clear, actionable way.
- Track remediation actions, control gaps, audit findings, and security improvements through resolution.
- Partner with Security, Legal, Global Shared Services, Product, and engineering leaders to clarify ownership and ensure alignment with enterprise policies.
- Support customer assurance, internal governance, and compliance-related requests by coordinating accurate and timely platform security information.
- Promote a culture where security, compliance, and auditability are treated as practical delivery responsibilities rather than separate after-the-fact activities.
- Bachelor's or Master's degree in Computer Science, Information Security, Engineering, Information Systems, or related field, or equivalent experience.
- 6+ years of experience in security, compliance, risk management, audit readiness, secure software delivery, platform engineering, cloud security, or related technical roles.
- Experience supporting SOC 2 Type II, ISO 27001, internal security reviews, or comparable security and compliance frameworks.
- Strong understanding of secure development practices, cloud security, identity and access management, logging, monitoring, vulnerability management, dependency management, secrets management, and audit evidence.
- Experience working with engineering, DevOps or platform reliability, product, architecture, legal, security, and compliance stakeholders.
- Experience supporting security and compliance activities in Azure, AWS, or comparable cloud environments.
- Experience maintaining documentation, evidence, controls, procedures, or audit artifacts across technical teams.
- Ability to translate security and compliance expectations into practical engineering and delivery practices.
- Excellent English communication, documentation, coordination, and stakeholder management skills.
- Ability to work effectively across globally distributed teams in a matrixed environment.
What is Preferred
- Experience in product-led or platform-based organizations.
- Familiarity with low-code or hybrid development environments.
- Experience supporting interoperability across multiple systems or enterprise platforms.
- Background in energy, infrastructure, renewables, assurance, certification, or other technically complex industries.
- Experience managing audit evidence and compliance documentation across globally distributed teams.
- Relevant certifications such as CISSP, CISM, CISA, CCSP, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, AWS Security Specialty, Azure Security Engineer, or comparable credentials.
- Flexible work arrangements for better work-life balance
- Generous Paid Leaves (Annual, Sick, Compassionate, Local Public, Marriage, Maternity, Paternity, Medical leave)
- Medical benefits ( Insurance and Annual Health Check-up)
- Pension and Insurance Policies (Group Term Life Insurance, Group Personal Accident Insurance, Travel Insurance)
- Training and Development Assistance (Training Sponsorship, On-The-Job Training, Training Programme)
- Additional Benefits (Long Service Awards, Mobile Phone Reimbursement)
- Company bonus/Profit share.
*Benefits may vary based on position, tenure/contract/grade level*
DNV is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without regard to gender, religion, race, national or ethnic origin, cultural background, social group, disability, sexual orientation, gender identity, marital status, age or political opinion. Diversity is fundamental to our culture and we invite you to be part of this diversity.