GRC Security Specialist

GrowwBengaluru, Republic Of India, IN

9 days ago

Job description

About Groww

We are a passionate group of people focused on making financial services accessible to every Indian through a multi-product platform. Each day, we help millions of customers take charge of their financial journey.

Customer obsession is in our DNA. Every product, every design, every algorithm down to the tiniest detail is executed keeping the customers’ needs and convenience in mind.

Our people are our greatest strength. Everyone at Groww is driven by ownership, customer-centricity, integrity and the passion to constantly challenge the status quo.

Are you as passionate about defying conventions and creating something extraordinary as we are? Let’s chat.

Our Vision

Every individual deserves the knowledge, tools, and confidence to make informed financial decisions. At Groww, we are making sure every Indian feels empowered to do so through a cutting-edge multi-product platform offering a variety of financial services.

Our long-term vision is to become the trusted financial partner for millions of Indians.

Our Values

Our culture enables us to be what we are — India’s fastest-growing financial services company. It fosters an environment where collaboration, transparency, and open communication take center-stage and hierarchies fade away. There is space for every individual to be themselves and feel motivated to bring their best to the table, as well as craft a promising career for themselves.

The values that form our foundation are :

Radical customer centricity
Ownership-driven culture
Keeping everything simple
Long-term thinking
Complete transparency

EXPERTISE AND QUALIFICATIONS

What you’ll do :

Policy Development and Enforcement : Develop, implement, and maintain policies, procedures, standards, and associated plans based on industry best practices such as ISO 27001, NIST, ITGC, PCI-DSS, etc. Ensure rigorous enforcement of these policies.

Risk Assessment and Management : Conduct technology-based gap risk assessments, third-party risk assessments, and M&A security governance. Manage exceptions against Groww standards to maintain risk at an acceptable level.

Compliance Checks : Perform compliance checks for user access management on network, servers, and applications. Additionally, ensure compliance with security and hardening standards for network, servers, applications, and workstations.

Compliance Reporting : Prepare compliance reports and remediation plans based on periodic reviews of application, workstation, server, and network device configurations.

Data Loss Prevention (DLP) and CASB : Monitor and maintain compliance of Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) for all applications, infrastructure, and systems supporting Groww operations to prevent data leakage.

SDLC Risk Assessment : Conduct risk assessments on applications during the Software Development Life Cycle (SDLC) and perform compliance checks related to access control and data sanitization.

Risk Register Management : Identify, document, and maintain an information security risk register. Regularly report to the security lead and other stakeholders.

Third-Party Risk Management : Provide monitoring, independent oversight, and facilitate the execution and continuous improvement of third-party risk management and M&A programs and processes.

Security Control Automation : Influence security control automation efforts to enhance security and compliance at scale.

Audit Representation : Represent Groww's security posture in both internal and external audits.

Security Awareness : Drive security awareness initiatives and conduct regular training on Groww’s security policies and standard requirements through training sessions, communication, and workshops.

What we're looking for :

A bachelor’s degree in information technology or a related field provides a strong foundation.

A minimum of 1-3 years of professional experience in information security practices, with at least 1 year specializing in Governance, Risk, and Compliance (GRC) domains.

Previous experience in managing SEBI, RBI, and IRDAI compliance and audits is highly valuable.

Proficiency in security policy management and a deep understanding of security standards and frameworks, including CSA CCM, ISO 27001 : 2013, NIST CSF, PCI-DSS, SOX, and SOC2.

Solid grasp of operational and organizational structures, including experience in global, matrix organizations, and third-party risk management.

Strong knowledge of core security principles such as least privilege access, defense in depth, preventative vs. detective controls, network security, cloud security, application security, endpoint security, data protection, and incident response.

Familiarity with agile methodologies and experience in DevOps or DevSecOps practices, along with an understanding of how they impact risk management and compliance.

Possession of information security certifications, such as CISSP, CISM, CRISC, CEH, or ISO 27001, demonstrates expertise and will be an added benefit.

Experience in reviewing High-Level Design (HLD) and Low-Level Design (LLD) and driving cross-functional programs is a plus.

Create a job alert for this search

Security Specialist • Bengaluru, Republic Of India, IN

Related jobs

Promoted

Cyber Security Specialist - Forgerock

Tata Consultancy ServicesBengaluru, Karnataka, India

Extensive knowledge of Java and Java programming tools, JavaScript, Groovy, Linux, Networking, SQL, Webservices / API, Secure Software Development Lifecycle, Python, using application servers such as...Show moreLast updated: 30+ days ago

Promoted

SAP GRC Governance, Risk & Compliance Specialist

Tech MahindraBengaluru, Republic Of India, IN

Skill / Role : SAP GRC Product Expert.Preferably Immediate starters preferrred.To Support our GRC Team and deliver GRC projects. Dynamically consulting with our team on GRC knowledge and skills, inc...Show moreLast updated: 19 days ago

Promoted
New!

Security Engineer - GRC

GrowwBengaluru, Karnataka, India

Promoted

Information Security GRC Leader

SagilityBengaluru, Karnataka, India

Sagility is a tech-enabled BPM services provider, a thought partner providing a broad spectrum of transformational services, to enable our clients provide efficient and hi-quality care across the h...Show moreLast updated: 21 days ago

Promoted

SAP GRC Security Specialist

Tata Consultancy ServicesBengaluru, Republic Of India, IN

Experience Range - 5 to 14 Years.Should be an expert in performing SAP Security related activities like User Management, Role Management. Must have a strong understanding of the GRC 10.AC components...Show moreLast updated: 30+ days ago

Promoted

GRC & Security Lead

ConfidentialBengaluru / Bangalore, India

We're Pentland Brands; a dynamic, global family business, and proud owners and licensees of many iconic active and footwear brands. With a community of over 1,300 team members worldwide, we embrace ...Show moreLast updated: 4 days ago

Promoted

AVP -Cyber Security Specialist

MUFG Global Service (MGS)Bengaluru, India

Japans premier bank, with a global network spanning in more than 40 markets.Outside of Japan, the bank offers an extensive scope of commercial and investment banking products and services to busine...Show moreLast updated: 30+ days ago

Promoted

SAP GRC Security Consultant

Tech MahindraBengaluru, Republic Of India, IN

Promoted

Contractor Security Engineer Level 3 – GRC Tech Solutions

MindlanceBangalore, IN

Remote Role | Contractor Security Engineer Level 3 – GRC Tech Solutions.This position focuses on enabling process clarity, automation, and efficiency while creating insights that empower our busine...Show moreLast updated: 14 days ago

Promoted

Senior Security Engineer - GRC

GrowwBengaluru, Karnataka, India

Promoted

SAP GRC / Security - Senior

ConfidentialBengaluru / Bangalore, India

Experience with development and implementation of the full suite of SAP GRC products, at least SAP GRC Access Control and SAP GRC Process Control but also experience in other SAP application such a...Show moreLast updated: 4 days ago

Promoted

Analyst - GRC (Governance, Risk & Compliance)

AmagiBengaluru, India

This role has been established to support the business in building sustainable governance andcompliance practices at Amagi. The basic factor required to be successful in this role warrants a good un...Show moreLast updated: 8 days ago

Promoted

Security GRC 2LoD

ConfidentialBengaluru / Bangalore, India

Governance, Risk, and Compliance) 2nd Line of Defense (.The role involves monitoring risk remediation efforts, providing expert guidance, and supporting the first line of defense (1LoD) in achievin...Show moreLast updated: 4 days ago

Promoted

GRC Analyst

Demandbasehosur, tamil nadu, in

Demandbase is seeking a motivated and detail-oriented GRC Sr Analyst to support its global Governance, Risk, and Compliance program. Reporting to the Senior Director of GRC, you’ll collaborate cross...Show moreLast updated: 22 days ago

Promoted

Lead Security Engineer

Arcanahosur, tamil nadu, in

As our Lead Security Engineer, you'll own and elevate Arcana's overall security posture - cloud, on-prem, and everything in between. You'll design and enforce policies, automate controls, and harden...Show moreLast updated: 30+ days ago

Promoted

Cyber Security Specialist

Tiger Advisoryhosur, tamil nadu, in

Tiger Advisory provides premier cybersecurity consulting services, helping clients manage risks, strengthen resilience, and achieve compliance in an ever-evolving digital landscape.Our mission is t...Show moreLast updated: 30+ days ago