GRC Analyst

Role: Governance, Risk and Compliance Anayst

Location: Aundh, Pune, Maharashtra

About the company

Credit cards haven't changed much for over half a century so our team of seasoned bankers, technologists, and designers set out to redefine the credit card for you - the consumer. The result is OneCard - a credit card reimagined for the mobile generation. OneCard is India's best metal credit card built with full-stack tech. It is backed by the principles of simplicity, transparency, and giving back control to the user.

Key Responsibilities:

1. Policy and Procedure Management: Assist in the regular review, development, and updating of information security policies, procedures, and standards to ensure they remain current with industry best practices and regulatory requirements.
2. Compliance Monitoring: Support continuous compliance monitoring activities across different frameworks. This includes tracking and reporting on Key Performance Indicators (KPIs) to measure the effectiveness of security controls.
3. Vulnerability Management: Collaborate with technical teams to track the remediation and closure of identified vulnerabilities, ensuring that they are addressed within agreed-upon timelines.
4. Vendor Risk Management: Participate in the third-party risk management program by conducting security due diligence and risk assessments of new and existing vendors to ensure they meet our security standards.
5. Reporting: Assist in preparing reports and dashboards for management on the status of GRC initiatives, risk posture, and compliance levels.
6. Audit Support: Provide support during internal and external audits by helping to gather evidence and documentation.

Experience:

0-2 years of relevant experience in a GRC, information security, or IT audit role with strong foundational knowledge of information security principles and practices.

Skills and Qualifications:

1. A Bachelor’s degree in Information Technology, Cyber Security, Computer Science, or a related field is required.
2. Framework Proficiency: Must have a strong understanding of security and compliance frameworks such as ISO 27001, SOC 2, and PCI DSS.
3. Analytical & Problem-Solving Skills: Excellent analytical skills with a keen eye for detail and a creative approach to problem-solving.
4. Ownership and Initiative: A proactive and self-motivated individual with a strong sense of ownership and responsibility. Capable of working independently on assigned tasks and making well-reasoned decisions.
5. Communication: Strong written and verbal communication skills, with the ability to collaborate effectively with cross-functional teams.
6. Certifications: Any additional cybersecurity or GRC-related certifications (e.g., CompTIA Security+, ISO 27001 LA/LI) are an advantage but not mandatory.
7. Nice to have - Regulatory Knowledge: Familiarity with RBI regulations and guidelines for Fintech companies in India is highly desirable.