Search by job, company or skills

ZETA

Infosec GRC Associate II

ZETA
Bengaluru, India
2-5 Years
Save
new job description bg glownew job description bg glownew job description bg svg
  • Posted 2 hours ago
  • Be among the first 10 applicants
Early Applicant

Job Description

This role is part of the Information Security Process and Compliance Team of Zeta. The Associate II of InfoSec Audit and compliance is responsible for preparing and working on PCI DSS, PCI 3DS, SAR DL/Tokenisation, ISO 27001, SOC external Audits and internal audits. Actively participate, strengthen and improve Internal Audit process and provide assurance on internal technology and process compliance. The role requires strong stakeholder management, audit coordination skills, solid understanding of information security controls, and the ability to collect accurate evidence within defined timelines by working cross-functionally.

Responsibilities

  • Contribute towards internal and external information security audits, including (but not limited to):
  • Internal Audits
  • PCI DSS
  • PCI 3DS
  • SOC 1 Type II
  • SOC 2 Type II
  • Bharat QR
  • SAR DL
  • SAR Tokenisation
  • ISO/IEC 27001
  • Customer Audits
  • Contribute to end-to-end audit lifecycle, including scope, audit planning, control walkthroughs, evidence collection, audit responses, and closure of observations.
  • Work with internal and external stakeholders to assess the IT architecture or proposed IT architecture solutions to identify the risk areas with regards to PCI controls.
  • Assess the network architecture and or reviews the Firewall rulesets, Network devices/appliances to see if they are aligned with the PCI control requirements and recommends compensatory controls where necessary.
  • Execute operational activities to support audit and compliance activities including technical validation processes.
  • Conduct PCI DSS scoping engagements, gap analysis and assessments related to securing the Cardholder Data Environment.
  • Effectively multi-tasks on multiple assignments and deliverables.
  • Actively accepts individual and team responsibilities to meet commitments. Takes responsibility for own performance and actions and demonstrates responsibility and teamwork towards overall team/department goals.
  • Discuss the SOP document with all relevant stakeholders - right from process owner to the OU functional heads Detailed understanding of SOC reports (SOC2, Type 1, 2), ISMS reports and ability to relate the IT General Controls, IT Application Controls, Cyber Controls to the SOC framework.
  • Develop and Maintain Vendor Risk Management /Third Party Risk Management Program including Vendor Onboarding Audit, Periodic Vendor Assessment, Maintain TPRM Database.
  • Review and implement controls and policies as per RBI and other regulatory requirements. Maintain ISMS framework, evaluate effectiveness of implemented controls and provides recommendations for improvement.
  • Facilitate Client Due - Diligence in collaboration with Business.
  • Knowledge on risk assessment and Infosec policies.
  • Perform Internal Assessment against various Standards to ensure the established policies are being followed and prepare internal reports.
  • Contract review and providing responses to client Request for Proposal (RFP)

Skills

  • Good Understanding of audit frameworks and process.
  • Good Understanding and hands on experience on PCI DSS/3DS Standard and various PCI compliance is must.
  • Experience of working in the Banking or Payment sector is preferred.
  • Hands-on experience with cloud platforms like AWS/Azure/GCP which will enable to quickly understand Zeta's environments, assess configurations against security best practices, and effectively perform information security audits aligned with risk and compliance requirements.
  • Hands-on experience with various Audits and Standards Such as ISMS, SSAE 18, ISO 27001,ISO 31000, ISO 22301, CSA Star, NIST Risk framework, PCI DSS, PCI 3DS, PCI PA-DSS/SSF, SOC 2 Type 2, SOC 1 Type2, PCI S3 etc.
  • Knowledge on regulatory requirements relevant to FinTech/Banks including RBI, NPCI, etc.
  • Knowledge on IT General Controls (ITGC), IT Application Controls, and Cyber Controls to relevant audit and compliance frameworks.
  • Good to have Information Security Certifications like CISA, CISM, CISSP etc.
  • Experience of Vendor Risk Assessment and responding to client Request for Proposal(RFP).Excellent written and oral communication and penchant for technical documentation
  • Excellent stakeholder management and interpersonal skills; ability to mingle, follow up, and collaborate to get the right evidence at the right time.
  • Strong verbal and written communication skills.
  • High degree of ownership, accountability, and attention to detail.
  • Team-oriented mindset with the ability to work independently when required.

Experience and Qualifications

  • 2 - 5 years of experience in Information Security and Compliance in medium to large-sized companies.

More Info

Job Type:
Permanent Job
Industry:
Other
Function:
Information Security
Employment Type:
Full time

About Company

ZETA

Job ID: 147166525

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 11-05-2026 05:41:37 PM
Homejobs in Bengaluru / BangaloreInfosec GRC Associate II

Similar Jobs

Infosec GRC Associate II

Zeta Cards
Z