GRC Specialist

Our goal is to make communication smarter, safer, and more efficient, while building trust across the world. With our roots in Sweden and a global reach, we deliver smart services that create meaningful social impact. We are committed to protecting you from fraud, harassment, scam calls, and unwanted messages, so you can focus on the conversations that matter.

• Top 20 most downloaded apps globally, and world’s #1 caller ID and spam-blocking service for Android and iOS, with extensive AI capabilities, with more than 450 million active users per month.
• Founded in 2009, listed on Nasdaq OMX Stockholm and is categorized as a Large Cap. Our focus on innovation, operational excellence, sustainable growth, and collaboration has resulted in consistently high profitability and strong EBITDA margins.
• A team of 400 people from ~45 different nationalities spread across our headquarters in Stockholm and offices in Bangalore, Mumbai, Gurgaon and Tel Aviv with high ambitions.

We at Truecaller's Security Team, are dedicated to building and maintaining a world-class security posture that enables trust in our products and services. We are a crucial partner to the entire organization, ensuring that as we innovate, we do so securely and in compliance with our global obligations. Our team covers the full spectrum of security, from hands-on security operations to strategic governance, risk, and compliance.

As a GRC Specialist You will be a cornerstone of our security program, responsible for managing risk, driving compliance initiatives, and maturing our security governance framework. Your work will be critical in ensuring we meet our regulatory obligations (like GDPR) and adhere to industry standards (like ISO 27001), thereby strengthening the trust our millions of users place in us. You will work across the entire organization, translating complex security and compliance requirements into actionable policies and controls.

The impact you will create:

• Risk Management: Conduct and support risk assessments across the organization to identify, analyze, and mitigate information security risks. This includes performing third-party risk assessments to evaluate vendor security practices and ensure they align with our standards.
• Compliance & Audit: Help maintain and mature our Information Security Management System (ISMS), ensuring compliance with regulations and frameworks like GDPR and ISO 27001. You'll coordinate and assist with internal and external audits, collecting evidence and tracking corrective actions to completion.
• Policy & Governance: Develop, update, and communicate information security policies, standards, and procedures, including those related to data classification and handling. You'll work to translate complex security requirements into clear, actionable guidelines for all business units.
• Control Assurance & Monitoring: Collaborate with technical teams to ensure security controls are effectively implemented, operating as intended, and continuously monitored. Help develop and track key risk indicators (KRIs) and key performance indicators (KPIs) for the security program.
• Training & Awareness: Develop and deliver security and data privacy awareness training and communications to employees. You'll play a key role in fostering a security-conscious culture by keeping staff informed about current threats and best practices.
• Business Continuity & Resilience: Contribute to the governance of business continuity and disaster recovery planning, ensuring that security and compliance requirements are integrated into resilience strategies.
• Incident Response Support: In collaboration with the Security Operations team, support the incident response process by helping to document and track security incidents, ensuring they are properly managed and that lessons learned are applied to improve our GRC program.

What you bring in:

• 3+ years of experience in a GRC and/or Information Security role.
• In-depth knowledge of information security principles and risk management practices.
• Hands-on experience with at least one major information security framework such as ISO 27001, NIST, or CIS.
• Strong understanding of data privacy regulations, particularly GDPR.
• Knowledge of core information security domains, including Identity and Access Management (IAM), network security principles, and data protection technologies.
• Familiarity with security controls and compliance in a major cloud platform (GCP experience is a strong plus).
• Experience with third-party risk management processes and tools.
• Familiarity with common application security vulnerabilities and frameworks like OWASP.

It would be great if you also have:

• Relevant certifications such as CISA, CISM, CRISC, or CISSP.
• Excellent analytical, documentation, and problem-solving abilities.
• Strong communication and presentation skills, with the ability to explain complex security concepts to both technical and non-technical audiences.

Life at Truecaller - Behind the code: https://www.instagram.com/lifeattruecaller/

Sounds like your dream job?

We will fill the position as soon as we find the right candidate, so please send your application as soon as possible. As part of the recruitment process, we will conduct a background check.

This position is based in Bangalore, India.

We only accept applications in English.

What we offer:

• A smart, talented and agile team: An international team where ~35 nationalities are working together in several locations and time zones with a learning, sharing and fun environment.
• A great compensation package: Competitive salary, 30 days of paid vacation, flexible working hours, private health insurance, parental leave, telephone bill reimbursement, Udemy membership to keep learning and improving and Wellness allowance.
• Great tech tools: Pick the computer and phone that you fancy the most within our budget ranges.
• Office life: We strongly believe in the in-person collaboration and follow an office-first approach while offering some flexibility. Enjoy your days with great colleagues with loads of good stuff to learn from, daily lunch and breakfast and a wide range of healthy snacks and beverages. In addition, every now and then check out the playroom for a fun break or join our exciting parties and or team activities such as Lab days, sports meetups etc. There is something for everyone!

Come as you are:

Truecaller is diverse, equal and inclusive. We need a wide variety of backgrounds, perspectives, beliefs and experiences in order to keep building our great products. No matter where you are based, which language you speak, your accent, race, religion, color, nationality, gender, sexual orientation, age, marital status, etc. All those things make you who you are, and that’s why we would love to meet you.