Senior Security Analyst - GRC

About Fi-Money [EpiFi Technologies]

Who we are: Simply put, a FinTech startup for digital natives. Our mission is to help our users demystify their finances, maximize their savings and spend intelligently. We are building a highly secure hub, a savings account that allows you to consolidate your finances in a single intuitive view.Who we are looking for: Exceptional, innovative people! Passionate about delightful user experiences, clear about doing the right thing and hungry to impact millions of lives.Why you should work with us: We are about doing the right thing always, both for our team and users. We are a positive, transparent and inclusive community celebrating success together, encouraging bias for action and individual brilliance. We are ambitious and want everyone thinking - impact and growth. Our office is not just fun, it is human, nimble and business-like.With rich experience in the world's leading tech companies and banks, we deeply and equally understand both the fin- and - tech- in fintech. Funded by leading global VCs, we’re in pursuit of a fantastic experience for both our consumers and colleagues.

What this role is about:

The Senior Security Analyst - GRC is responsible for ensuring that the organization maintains compliance with regulatory guidelines and industry-standard certifications such as ISO 27001, and PCI DSS.This role includes auditing and maintaining evidence required for external audits, creating and reviewing InfoSec policies/procedures, and providing recommendations about InfoSec controls based on the industry's best practices.You will foster an information security culture within the company and help assess IT controls, conduct risk assessments for a variety of information assets, collaborate in risk treatment decisions, and assist in implementing/monitoring controls to achieve compliance.

Responsibilities:

• Lead the planning, execution, and coordination of internal and external audits.
• Evaluate existing policies, procedures, and controls to ensure compliance with applicable laws, regulations, and industry standards.
• Assessing risk and compliance status against Information Security policies, proposing controls for risk remediation, and tracking the implementation status of controls.
• Ensure compliance with laws, regulations, and industry standards, and compliance programs like ISO 27001, PCI DSS, and various guidelines from RBI, NPCI, SEBI, etc.
• Support vendor due diligence process and help the third-party risk management efforts.
• Develop, implement, and monitor information security policies and procedures.
• Responsible for maintaining an IT Risk Register and collaborating with stakeholders for risk management.
• Basic understanding of cloud infrastructure and controls.
• Maintaining evidence required for external audits.
• Using project management techniques for planning, anticipating roadblocks, and stakeholder communication.
• Provide guidance and support to teams across the organisation on security best practices.

Requirements:

• 4 - 7 years of experience in Information Security, Risk Management, or IT audit.
• Strong understanding of security frameworks and standards (e.g., ISO 27001, PCI DSS, NIST).
• Knowledge of finance (Govt. ) Regulation & RBI Guidelines in India is a plus.
• Certification in information security management (e.g., CISM, CISSP, CISA) is preferable.
• Ability to work independently and productively without constant supervision.
• Critical thinking and analytical ability.
• Excellent verbal and written communication skills.