About Fi-Money [EpiFi Technologies]
Who we are: Simply put, a FinTech startup for digital natives. Our mission is to help our users demystify their finances, maximize their savings and spend intelligently. We are building a highly secure hub, a savings account that allows you to consolidate your finances in a single intuitive view.Who we are looking for: Exceptional, innovative people! Passionate about delightful user experiences, clear about doing the right thing and hungry to impact millions of lives.Why you should work with us: We are about doing the right thing always, both for our team and users. We are a positive, transparent and inclusive community celebrating success together, encouraging bias for action and individual brilliance. We are ambitious and want everyone thinking - impact and growth. Our office is not just fun, it is human, nimble and business-like.With rich experience in the worlds leading tech companies and banks, we deeply and equally understand both the fin- and - tech- in fintech. Funded by leading global VCs, we re in pursuit of a fantastic experience for both our consumers and colleagues.
What this role is about:
The Senior Security Analyst - GRC is responsible for ensuring that the organization maintains compliance with regulatory guidelines and industry-standard certifications such as ISO 27001, and PCI DSS.This role includes auditing and maintaining evidence required for external audits, creating and reviewing InfoSec policies/procedures, and providing recommendations about InfoSec controls based on the industrys best practices.You will foster an information security culture within the company and help assess IT controls, conduct risk assessments for a variety of information assets, collaborate in risk treatment decisions, and assist in implementing/monitoring controls to achieve compliance.
Responsibilities:
- Lead the planning, execution, and coordination of internal and external audits.
- Evaluate existing policies, procedures, and controls to ensure compliance with applicable laws, regulations, and industry standards.
- Assessing risk and compliance status against Information Security policies, proposing controls for risk remediation, and tracking the implementation status of controls.
- Ensure compliance with laws, regulations, and industry standards, and compliance programs like ISO 27001, PCI DSS, and various guidelines from RBI, NPCI, SEBI, etc.
- Support vendor due diligence process and help the third-party risk management efforts.
- Develop , implement, and monitor information security policies and procedures.
- Responsible for maintaining an IT Risk Register and collaborating with stakeholders for risk management.
- Basic understanding of cloud infrastructure and controls.
- Maintaining evidence required for external audits.
- Using project management techniques for planning, anticipating roadblocks, and stakeholder communication.
- Provide guidance and support to teams across the organisation on security best practices.
Requirements:
- 4 - 7 years of experience in Information Security, Risk Management, or IT audit.
- Strong understanding of security frameworks and standards (e.g., ISO 27001, PCI DSS, NIST).
- Knowledge of finance (Govt. ) Regulation & RBI Guidelines in India is a plus.
- Certification in information security management (e.g., CISM, CISSP, CISA) is preferable.
- Ability to work independently and productively without constant supervision.
- Critical thinking and analytical ability.
- Excellent verbal and written communication skills.
Selection Process : Once you apply via the career page, we will reach out and reach out to schedule 3-4 rounds of video interviews with leadership & key stakeholders. In addition to assessing your technical/coding experience, expect at least 3 rounds to assess your communication & articulation ability, general aptitude, attitude and cultural fitment.
We are currently functioning from office in Bangalore.
