Principal Information Security - GRC

FC Global Services India LLP (First Citizens India), a part of First Citizens BancShares, Inc., a top 20 U.S. financial institution, is a global capability center (GCC) based in Bengaluru. Our India-based teams benefit from the company’s over 125-year legacy of strength and stability. First Citizens India is responsible for delivering value and managing risks for our lines of business. We are particularly proud of our strong, relationship-driven culture and our long-term approach, which are deeply ingrained in our talented workforce. This is evident across all key areas of our operations, including Technology, Enterprise Operations, Finance, Cybersecurity, Risk Management, and Credit Administration. We are seeking talented individuals to join us in our mission of providing solutions fit for our clients’ greatest ambitions.

Job Description:

Value Preposition

We are seeking a dynamic and experienced Cyber Governance, Risk & Controls (GRC) Risk Assessment and Reg Compliance lead serving as a strategic partner to our US counterparts. This role will be instrumental in shaping, executing, and maturing our cyber risk programs while ensuring operational excellence and alignment to enterprise objectives. The ideal candidate is a strategic thought leader with deep understanding of governance and documentation standards, cyber technical ability and regulatory frameworks.

Job Details

Position Title:  Principal Information Security

Career Level:  P4

Job Category: Assistant Vice President

Role Type: Hybrid

Job Location: Bangalore

About the Team:

The Cyber Governance, Risk & Controls (GRC) team is a community of dedicated professionals committed to safeguarding our organization’s information security. Our values - inclusivity, transparency, and excellence – drive everything we do.

Impact (Job Summary/Why this Role Matters)

This is a high-impact role offering the opportunity to shape the future of our cyber risk landscape while enabling critical business functions across the globe. You will join a passionate, values-driven team committed to collaboration, innovation, and excellence in execution.

Key Deliverables (Duties and Responsibilities)

• Design, build, and pilot a targeted cyber risk assessment program to proactively identify, measure, and address emerging risks.
• Elevate the quality, clarity, and consistency of policy, standard, and procedure documentation in alignment with corporate governance frameworks.
• Drive corporate and industry regulatory mapping to ensure full traceability and compliance across frameworks (e.g., NIST, ISO, FFIEC, RBI).
• Execute regulatory compliance initiatives, including, performing change management impact assessments to new or modified cyber-related regulations and developing remediation plans, as required; tracking remediation plans through closure while liaising with the business and Compliance; conducting mapping exercises from regulations to controls, regulations to standards, regulations to assessments, etc.; and synthesizing recent updates in regulatory compliance initiatives into executive reporting
• Conduct comprehensive end-to-end cyber risk assessments across compliance, technical, and operational areas, factoring in industry best practices, identify and escalate risks, clearly document outcomes, while effectively engaging with key stakeholders
• Evaluate the effectiveness of controls, identify gaps, assess risk impact, and recommend appropriate mitigation strategies aligned with internal standards and industry best practices

Skills and Qualification (Functional and Technical Skills)

Functional Skills:

• Strategic mindset with the ability to see the big picture while delivering tactical outcomes.
• Deep knowledge of cybersecurity risk, controls, policy, and documentation standards within a highly regulated environment.
• Expertise in building forward-looking, resilient, and scalable programs grounded in market awareness and business alignment.
• Strong leadership presence with a passion for developing talent, building inclusive teams, and driving organizational growth
• Demonstrate strong technical aptitude across a broad range of cyber domains, including but not limited to, encryption, IAM, cloud security, network security, and vulnerability management.

Technical/Business Skills:

• Bachelor’s degree in information security, Risk Management, Business Administration, or related field; Master’s degree preferred.
• Minimum 12 years of experience in cybersecurity, governance, risk, or compliance and project/program management with good leadership skills
• Experience in the financial services sector strongly preferred.
• Strong working knowledge of key regulatory frameworks and standards, including NIST, ISO 27001, RBI, FFIEC, with the ability to interpret, apply, and align them to risk management efforts
• Proven ability to analyze, report, and communicate complex risks and data to senior leadership and executive stakeholders.
• Hold relevant security certifications such as CISSP, CISM, or equivalent

Accessibility Needs

We are committed to providing an inclusive and accessible hiring process. If you require accommodations at any stage (e.g. application, interviews, onboarding) please let us know, and we will work with you to ensure a seamless experience. 

Equal Employment Opportunity

FC Global Services India LLP (First Citizens India) is an Equal Employment Opportunity Employer. We are committed to fostering an inclusive and accessible environment and prohibit all forms of discrimination on the basis of gender, religion, caste, disability, sexual orientation, economic status or any other characteristics protected by the law. We strive to foster a safe and respectful environment in which all individuals are treated with respect and dignity. Our EEO policy ensures fairness throughout the employee life cycle.