Senior Security GRC Analyst
Experience: 4–5 years
Industry: Fintech (Payments, Cards, Lending, UPI)

Role Overview

We are looking for a hands-on Security GRC professional to own our information security governance, risk, and compliance programs. You will work closely with Engineering, Product, Risk, and Internal Audit teams to ensure regulatory and security compliance across our card, wallet, and UPI platforms.

Key Responsibilities

  • ISMS & Standards: Maintain, monitor, and improve the ISO 27001 Information Security Management System, including risk registers, SOA, policies, and control evidence.
  • PCI DSS Compliance: Support PCI DSS compliance for the credit card platform, including HSM-based protection of PIN data (PCI PTS HSM), scope reduction, and audit readiness.
  • SOC 2 Type 2: Support the implementation and audit of SOC 2 Type 2 controls.
  • CERT-IN / SAR DLA: Manage and coordinate SAR (System Audit Report) and DLA (Data Localisation Audit) compliance with CERT-IN empaneled auditors.
  • Regulatory Tracking: Monitor RBI, NPCI, and other applicable regulations; translate requirements into internal controls and roadmaps.
  • Risk Management: Conduct risk assessments, control gap analysis, and treatment tracking across the organization.
  • Audits & Assessments: Coordinate internal and external audits, including ISO 27001, PCI DSS, SOC 2, and regulatory audits; track remediation and closure.
  • Policy & Process: Develop, review, and maintain security policies, standards, procedures, and guidelines.
  • Vendor Risk: Perform security assessments of third-party vendors and partners.
  • Security Awareness: Drive security awareness, training, and phishing simulation programs.
  • Reporting: Prepare dashboards and reports for leadership, auditors, and regulators.

Required Qualifications

  • 4–5 years of experience in Information Security Governance, Risk, and Compliance within BFSI, fintech, or payments.
  • Hands-on experience with ISO 27001, SOC 2, and PCI DSS compliance.
  • Knowledge of RBI and NPCI guidelines relevant to payments, wallets, and card platforms.
  • Experience with risk assessments, control frameworks, and audit management.
  • Strong understanding of HSM concepts and key management for PCI DSS.
  • Excellent communication, documentation, and stakeholder management skills.
  • Relevant certifications such as CISA, CISM,CRISC, CGRC,ISO 27001 LA/LI are preferred.

Good-to-Have

  • Knowledge of the Digital Personal Data Protection (DPDP) Act 2023.
  • Exposure to AI security and AI governance frameworks.
  • PCI QSA / ISA or similar audit credentials.
  • Experience working in cloud environments (AWS, Azure, GCP).

What You Will Work On

  • Securing and governing a regulated payments ecosystem spanning credit cards, prepaid cards, wallets, and UPI credit lines.
  • Driving compliance maturity across ISO 27001, SOC 2 Type 2, PCI DSS, and CERT-IN requirements.
  • Building a scalable GRC function that aligns with RBI and NPCI expectations.