Senior Security Analyst - GRC

7 Months ago • 4-7 Years

Job Summary

Job Description

The Senior Security Analyst - GRC is responsible for ensuring the organization maintains compliance with regulatory guidelines and industry-standard certifications such as ISO 27001 and PCI DSS. This role involves auditing and maintaining evidence for external audits, creating and reviewing InfoSec policies/procedures, and providing recommendations about InfoSec controls based on industry best practices. The analyst will also foster an information security culture, assess IT controls, conduct risk assessments, collaborate on risk treatment decisions, and assist in implementing and monitoring controls to achieve compliance. Responsibilities include leading audits, evaluating policies, assessing risk, ensuring compliance, supporting vendor due diligence, developing and monitoring policies, maintaining an IT Risk Register, understanding cloud infrastructure controls, and providing guidance on security best practices.

Must have:

4-7 years of experience in Information Security or IT audit
Strong understanding of security frameworks (ISO 27001, PCI DSS, NIST)
Ability to work independently without constant supervision
Critical thinking and analytical ability
Excellent verbal and written communication skills

Good to have:

Knowledge of finance regulation & RBI Guidelines in India
Certification in information security management (CISM, CISSP, CISA)

3 skills required

3 skills required for this role

Add these skills to join the top 1% applicants for this job

communication

internal-audit

risk-management

Job Details

About Fi-Money [EpiFi Technologies]

Who we are: Simply put, a FinTech startup for digital natives. Our mission is to help our users demystify their finances, maximize their savings and spend intelligently. We are building a highly secure hub, a savings account that allows you to consolidate your finances in a single intuitive view.Who we are looking for: Exceptional, innovative people! Passionate about delightful user experiences, clear about doing the right thing and hungry to impact millions of lives.Why you should work with us: We are about doing the right thing always, both for our team and users. We are a positive, transparent and inclusive community celebrating success together, encouraging bias for action and individual brilliance. We are ambitious and want everyone thinking - impact and growth. Our office is not just fun, it is human, nimble and business-like.With rich experience in the world's leading tech companies and banks, we deeply and equally understand both the fin- and - tech- in fintech. Funded by leading global VCs, we’re in pursuit of a fantastic experience for both our consumers and colleagues.

What this role is about:

The Senior Security Analyst - GRC is responsible for ensuring that the organization maintains compliance with regulatory guidelines and industry-standard certifications such as ISO 27001, and PCI DSS.This role includes auditing and maintaining evidence required for external audits, creating and reviewing InfoSec policies/procedures, and providing recommendations about InfoSec controls based on the industry's best practices.You will foster an information security culture within the company and help assess IT controls, conduct risk assessments for a variety of information assets, collaborate in risk treatment decisions, and assist in implementing/monitoring controls to achieve compliance.

Responsibilities:

Lead the planning, execution, and coordination of internal and external audits.
Evaluate existing policies, procedures, and controls to ensure compliance with applicable laws, regulations, and industry standards.
Assessing risk and compliance status against Information Security policies, proposing controls for risk remediation, and tracking the implementation status of controls.
Ensure compliance with laws, regulations, and industry standards, and compliance programs like ISO 27001, PCI DSS, and various guidelines from RBI, NPCI, SEBI, etc.
Support vendor due diligence process and help the third-party risk management efforts.
Develop, implement, and monitor information security policies and procedures.
Responsible for maintaining an IT Risk Register and collaborating with stakeholders for risk management.
Basic understanding of cloud infrastructure and controls.
Maintaining evidence required for external audits.
Using project management techniques for planning, anticipating roadblocks, and stakeholder communication.
Provide guidance and support to teams across the organisation on security best practices.

Requirements:

4 - 7 years of experience in Information Security, Risk Management, or IT audit.
Strong understanding of security frameworks and standards (e.g., ISO 27001, PCI DSS, NIST).
Knowledge of finance (Govt. ) Regulation & RBI Guidelines in India is a plus.
Certification in information security management (e.g., CISM, CISSP, CISA) is preferable.
Ability to work independently and productively without constant supervision.
Critical thinking and analytical ability.
Excellent verbal and written communication skills.

Selection Process : Once you apply via the career page, we will reach out and reach out to schedule 3-4 rounds of video interviews with leadership & key stakeholders. In addition to assessing your technical/coding experience, expect at least 3 rounds to assess your communication & articulation ability, general aptitude, attitude and cultural fitment.

We are currently functioning from office in Bangalore.

We aspire to create an inclusive culture of diverse people not just because it's the right thing to do but because heterogeneity inspires us and is more fun! We employ people solely on merit and do not discriminate against any employee or applicant because of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, marital status, pregnancy or related condition (including breastfeeding), or any other basis protected by law.