Senior Security Analyst - GRC
Bangalore
About Fi-Money [EpiFi Technologies]
Who we are: Simply put, a FinTech startup for digital natives. Our mission is to help our users demystify their finances, maximize their savings and spend intelligently. We are building a highly secure hub, a savings account that allows you to consolidate your finances in a single intuitive view.Who we are looking for: Exceptional, innovative people! Passionate about delightful user experiences, clear about doing the right thing and hungry to impact millions of lives.Why you should work with us: We are about doing the right thing always, both for our team and users. We are a positive, transparent and inclusive community celebrating success together, encouraging bias for action and individual brilliance. We are ambitious and want everyone thinking - impact and growth. Our office is not just fun, it is human, nimble and business-like.With rich experience in the world's leading tech companies and banks, we deeply and equally understand both the fin- and - tech- in fintech. Funded by leading global VCs, we’re in pursuit of a fantastic experience for both our consumers and colleagues.
What this role is about:
The Senior Security Analyst - GRC is responsible for ensuring that the organization maintains compliance with regulatory guidelines and industry-standard certifications such as ISO 27001, and PCI DSS.This role includes auditing and maintaining evidence required for external audits, creating and reviewing InfoSec policies/procedures, and providing recommendations about InfoSec controls based on the industry's best practices.You will foster an information security culture within the company and help assess IT controls, conduct risk assessments for a variety of information assets, collaborate in risk treatment decisions, and assist in implementing/monitoring controls to achieve compliance.
We are currently functioning from office in Bangalore.
We aspire to create an inclusive culture of diverse people not just because it's the right thing to do but because heterogeneity inspires us and is more fun! We employ people solely on merit and do not discriminate against any employee or applicant because of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, marital status, pregnancy or related condition (including breastfeeding), or any other basis protected by law.
Who we are: Simply put, a FinTech startup for digital natives. Our mission is to help our users demystify their finances, maximize their savings and spend intelligently. We are building a highly secure hub, a savings account that allows you to consolidate your finances in a single intuitive view.Who we are looking for: Exceptional, innovative people! Passionate about delightful user experiences, clear about doing the right thing and hungry to impact millions of lives.Why you should work with us: We are about doing the right thing always, both for our team and users. We are a positive, transparent and inclusive community celebrating success together, encouraging bias for action and individual brilliance. We are ambitious and want everyone thinking - impact and growth. Our office is not just fun, it is human, nimble and business-like.With rich experience in the world's leading tech companies and banks, we deeply and equally understand both the fin- and - tech- in fintech. Funded by leading global VCs, we’re in pursuit of a fantastic experience for both our consumers and colleagues.
What this role is about:
The Senior Security Analyst - GRC is responsible for ensuring that the organization maintains compliance with regulatory guidelines and industry-standard certifications such as ISO 27001, and PCI DSS.This role includes auditing and maintaining evidence required for external audits, creating and reviewing InfoSec policies/procedures, and providing recommendations about InfoSec controls based on the industry's best practices.You will foster an information security culture within the company and help assess IT controls, conduct risk assessments for a variety of information assets, collaborate in risk treatment decisions, and assist in implementing/monitoring controls to achieve compliance.
Responsibilities:
- Lead the planning, execution, and coordination of internal and external audits.
- Evaluate existing policies, procedures, and controls to ensure compliance with applicable laws, regulations, and industry standards.
- Assessing risk and compliance status against Information Security policies, proposing controls for risk remediation, and tracking the implementation status of controls.
- Ensure compliance with laws, regulations, and industry standards, and compliance programs like ISO 27001, PCI DSS, and various guidelines from RBI, NPCI, SEBI, etc.
- Support vendor due diligence process and help the third-party risk management efforts.
- Develop, implement, and monitor information security policies and procedures.
- Responsible for maintaining an IT Risk Register and collaborating with stakeholders for risk management.
- Basic understanding of cloud infrastructure and controls.
- Maintaining evidence required for external audits.
- Using project management techniques for planning, anticipating roadblocks, and stakeholder communication.
- Provide guidance and support to teams across the organisation on security best practices.
Requirements:
- 4 - 7 years of experience in Information Security, Risk Management, or IT audit.
- Strong understanding of security frameworks and standards (e.g., ISO 27001, PCI DSS, NIST).
- Knowledge of finance (Govt. ) Regulation & RBI Guidelines in India is a plus.
- Certification in information security management (e.g., CISM, CISSP, CISA) is preferable.
- Ability to work independently and productively without constant supervision.
- Critical thinking and analytical ability.
- Excellent verbal and written communication skills.
We are currently functioning from office in Bangalore.
We aspire to create an inclusive culture of diverse people not just because it's the right thing to do but because heterogeneity inspires us and is more fun! We employ people solely on merit and do not discriminate against any employee or applicant because of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, marital status, pregnancy or related condition (including breastfeeding), or any other basis protected by law.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
0
0
0
Categories:
Analyst Jobs
Compliance Jobs
Tags: Audits CISA CISM CISSP Cloud Compliance Finance FinTech ISO 27001 Monitoring NIST PCI DSS Risk assessment Risk management
Perks/benefits: Startup environment
Region:
Asia/Pacific
Country:
India
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Penetration Tester jobsInformation Security Specialist jobsSenior Cybersecurity Engineer jobsInformation Security Officer jobsInformation Systems Security Officer jobsInformation System Security Officer jobsSenior Cyber Security Engineer jobsPrincipal Security Engineer jobsSenior Network Security Engineer jobsCloud Security Architect jobsSecurity Consultant jobsChief Information Security Officer jobsSenior Penetration Tester jobsStaff Security Engineer jobsSenior Information Security Analyst jobsSecurity Specialist jobsIT Security Engineer jobsCyber Security Specialist jobsSecurity Operations Analyst jobsThreat Intelligence Analyst jobsCyber Security Architect jobsInformation System Security Officer (ISSO) jobsSenior Product Security Engineer jobsCybersecurity Consultant jobsSenior Information Security Engineer jobs
CI/CD jobsRMF jobsEncryption jobsSDLC jobsMalware jobsSQL jobsIPS jobsGDPR jobsForensics jobsIDS jobsEDR jobsSplunk jobsTop Secret jobsFinance jobsDoDD 8570 jobsBash jobsITIL jobsCompTIA jobsOWASP jobsTerraform jobsCRISC jobsUNIX jobsIntrusion detection jobsGIAC jobsTCP/IP jobs
Docker jobsSANS jobsData Analytics jobsActive Directory jobsThreat detection jobsBanking jobsCCSP jobsPolygraph jobsClearance Required jobsOSCP jobsAnsible jobsIT infrastructure jobsVPN jobsOracle jobsSOAR jobsSOX jobsJavaScript jobsSOC 2 jobsSecurity strategy jobsDNS jobsCyber defense jobsJira jobsArtificial Intelligence jobsSAP jobsGCIH jobs