Role Overview :
We are seeking a highly skilled and detail-oriented Senior GRC Analyst to lead and manage our regulatory compliance framework. In this role, you will be the primary custodian for all regulatory audits, ensuring our systems, products, policies, and processes strictly align with the evolving fintech and banking compliance landscape in India. The ideal candidate will have hands-on experience driving strict fintech frameworks and interfacing with external Qualified Security Assessors (QSAs) and CERT-In empanelled auditors.
Experience : Minimum 3+ years of dedicated experience in Information Security GRC, specifically within the Indian FinTech, Payment Aggregator (PA/PG), or Banking ecosystem.
Location : Gurugram
Employment Type : Full-time
Key Responsibilities :
1. Audit Management & Execution :
- Lead Regulatory Audits : Own the end-to-end lifecycle, evidence readiness, and mitigation strategy for all RBI, NPCI, and global security audits. Examples of audits you will head include:
1. RBI DL SAR (Data Localization System Audit Report) : Driving independent CERT-In empanelled auditor reviews to ensure strict compliance with RBI data residency laws.
2. RBI Master Direction Audits : Comprehensive alignment and reviews against IT Governance, Cyber Resilience, and Digital Payment Security Controls (DPSC).
3. NPCI UPI & Payment Security Audits : Annual and pre-production compliance audits required for UPI infrastructure, IMPS, and Prepaid Payment Instruments (PPI).
4. PCI-DSS & ISO 27001 Annual Audits : Directing regular external assessments, scoping exercises, and validation reporting with QSAs.
- Liaison : Act as the primary interface between internal technical teams, business stakeholders, and external regulatory auditors.
- Evidence Collection : Streamline the collection, validation, and archiving of technical and procedural audit artifacts to ensure seamless, surprise-free review cycles.
2. Risk Management & Compliance Monitoring :
- Gap Analysis : Conduct proactive gap assessments against new RBI circulars, NPCI procedural guidelines, and international updates.
- Remediation Tracking : Work closely with Engineering, DevOps, and Product teams to track, remediate, and close VAPT, PCI, or regulatory audit findings within stipulated SLA timelines.
- Risk Register : Maintain and update the IT Risk Register, highlighting risks specific to payment systems, network segmentation, and digital banking infrastructure.
3. Policy & Governance :
- Policy Formulation : Review, update, and draft Information Security policies, procedures, and frameworks to reflect current RBI, NPCI, ISO 27001, and PCI-DSS requirements.
- Awareness : Drive organization-wide compliance awareness and provide specialized training on regulatory requirements to technical and product teams.
Requirements & Qualifications :
Must-Have :
- Experience : 3+ years in Information Security GRC, IT Audit, or Cyber Security compliance within the BFSI/Fintech domain.
- Audit & Framework Expertise : Strong, demonstrable hands-on experience and knowledge in managing :
1. DL SAR (Data Localization) processes.
2. PCI-DSS requirements (managing QSA audits, ASV scans, network scoping/segmentation, and card data environments).
3. ISO/IEC 27001 ISMS implementation and auditing.
4. RBI Master Directions and NPCI procedural guidelines (UPI, IMPS, PPI, etc.).
- Technical Familiarity : Grounded understanding of cloud security (AWS/Azure), IAM, network security architectures, and data encryption concepts to effectively converse with engineering teams.
Preferred Certifications (Any of the following is a major plus) :
- ISO 27001 Lead Auditor / Lead Implementer
Work Location: In person
