Senior Security Analyst - GRC

7 Months ago • 4-7 Years

Job Summary

Job Description

As a Senior Security Analyst - GRC, you will be a key player in ensuring compliance with rigorous standards like ISO 27001, PCI DSS, and RBI guidelines. Your responsibilities will include planning and executing audits, maintaining security policies, assessing risks, managing third-party risk, and driving security awareness. This role requires collaboration with various teams to ensure the company's secure operations within the fintech industry.

Must have:

4-7 years in Information Security/Risk Management
Strong grasp of frameworks: ISO 27001, PCI DSS, NIST
Exposure to Indian finance regulations (RBI, SEBI, NPCI)
Strong communication and analytical skills

Good to have:

Relevant certifications preferred: CISM, CISSP, CISA
Understanding of cloud infra, SaaS environments, and security tooling

Perks:

20 days of paid time off + unlimited sick leave
Generous parental leave
Daily lunches, stocked micro kitchen, in-house gym, and Biryani Fridays
Medical + life insurance for you and your family
24x7 mental health support
Learning Stash — a fund for your upskilling and certifications
FiAspire Projects — our internal gig program to explore new roles and skills
Game rooms, Premier Leagues, and a genuinely fun work culture

5 skills required

5 skills required for this role

Add these skills to join the top 1% applicants for this job

cross-functional-collaboration

risk-management

cross-functional

saas-business-models

team-management

Job Details

Fi is a money management platform that helps people get better with their money — spend smarter, save better, and take control of their financial journey.

We’re not a bank — we’re reimagining how people interact with money. Founded by the team behind Google Pay India, we’re a Series C startup valued at $550M, backed by top-tier investors like Sequoia, Ribbit Capital, and Alpha Wave. Our mission is simple: help Indians maximise their financial potential — through thoughtful design, deep tech, and zero jargon.

Senior Security Analyst – GRC

This role sits at the intersection of regulations, real-time fintech, and secure scale. If you’re someone who enjoys digging into frameworks, translating policy into practice, and shaping how a fast-growing startup approaches trust and compliance — you’ll thrive here.

You’ll be a key part of a small, high-trust team, working directly with Engineering, DevOps, Legal, and Product to ensure Fi stays compliant with some of the most rigorous standards — ISO 27001, PCI DSS, RBI guidelines, and beyond.

We’re proud winners of the Best Digital Banking Security Practices Award – GFF 2024, and this role is central to how we earned it — and how we’ll keep raising the bar.

What you will do:

Own the planning, coordination, and execution of internal and external audits.
Maintain and review InfoSec policies, risk registers, and control implementation status.
Ensure ongoing compliance with frameworks like ISO 27001, PCI DSS, RBI, NPCI, SEBI and more.
Help assess and treat IT and third-party risk, and maintain audit-ready documentation.
Lead and streamline the vendor due diligence and TPRM (third-party risk management) process.
Collaborate cross-functionally to drive security awareness and control implementation.
Use project management skills to communicate, track, and unblock audit deliverables.

What we are looking for:

4–7 years in Information Security, Risk Management, or IT Audit roles.
Strong grasp of frameworks: ISO 27001, PCI DSS, NIST.
Exposure to Indian finance regulations (RBI, SEBI, NPCI) is a big plus.
Relevant certifications preferred: CISM, CISSP, CISA.
Bonus if you understand cloud infra, SaaS environments, and security tooling.
Independent, proactive, and great at cross-functional collaboration.
Strong communication and analytical skills.

What you get at Fi:

20 days of paid time off + unlimited sick leave
Generous parental leave
Daily lunches, stocked micro kitchen, in-house gym, and Biryani Fridays
Medical + life insurance for you and your family
24x7 mental health support
Learning Stash — a fund for your upskilling and certifications
FiAspire Projects — our internal gig program to explore new roles and skills
Game rooms, Premier Leagues, and a genuinely fun work culture

How We Work

We’re currently working from our office in Bangalore.

Once you apply, our team will reach out to schedule 3–4 rounds of interviews — to assess your domain expertise, problem-solving ability, and fit for our high-trust, high-ownership culture.

We aspire to create an inclusive culture of diverse people not just because it's the right thing to do but because heterogeneity inspires us and is more fun! We employ people solely on merit and do not discriminate against any employee or applicant because of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, marital status, pregnancy or related condition (including breastfeeding), or any other basis protected by law.