The InfoSec GRC Specialist serves as the strategic architect of the Krazybees digital trust, operating at the critical intersection of advanced cloud engineering, corporate governance, and complex financial regulation. Rather than merely reacting to technical threats, this role acts as a vital bridge between engineering teams and executive leadership, translating rigorous regulatory mandates into actionable, secure architecture while articulating risk profiles to stakeholders. In the high velocity FinTech landscape, where robust compliance is a powerful driver of business growth, this position proactively shapes the enterprise defensive posture from embedding automated secure software development protocols to enforcing global data privacy framework. This is to ultimately safeguard the company's operational integrity, institutional partnerships, and brand reputation.
Key & Policy Compliance
- Ensure continuous alignment with major financial and data regulators, including RBI, UIDAI, and DLG.
- Design, implement, and update robust information security frameworks, policies, and procedures rooted in industry benchmarks (e.g., ISO 27001).
- Coordinate and facilitate internal and external security evaluations, vulnerability assessments, penetration testing (VAPT), and statutory audits.
- Evaluate and respond to external security assessment questionnaires to maintain partner and vendor trust.
- Oversee and strengthen security postures across cloud ecosystems, specifically AWS and GCP.
- Establish, monitor, and report on security performance indicators (KPIs/KGIs) via executive dashboards or GRC tools.
- Promptly flag and escalate security anomalies, policy deviations, and violations.
- Design, execute, and manage enterprise-wide InfoSec training modules and regular phishing simulation exercises.
- Monitor global security trends, legislative updates, and evolving threat landscapes to proactively mitigate organizational gaps.
Qualifications & Core Skills
- Bachelors or Masters degree in Engineering, Computer Science, or a closely related technical field.
- Strong foundational understanding of cloud environments (AWS/GCP) and modern Data Privacy Frameworks (such as Digital Personal Data Protection Act).
- Exceptional analytical capabilities alongside strong communication skills to collaborate effectively with both internal stakeholders and external clients.
- Professional security certifications such as CISA, or ISO 27001 Lead Auditor are highly advantageous but not mandatory.
Why Youll Love Working With Us
We move fast, but we never compromise on security around here. Compliance is backed by leadership and treated as a competitive edge, not a roadblock. Youll have real ownership from day one, with the freedom to design frameworks, run campaigns, and call the shots on our multi cloud defense without being micromanaged. The guardrails you build will have a massive, tangible impact, directly protecting millions of users and transactions every single day. There are no boring routines here; between evolving financial laws and a scaling infrastructure, you'll work alongside a sharp, tech-savvy team solving genuinely interesting job description is intended to outline the general nature and key responsibilities of the position. It is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the role. The responsibilities and qualifications described may be subject to change, and other duties may be assigned as needed. Employment is at-will, meaning the employee or the employer may terminate the employment relationship at any time, with or without cause, and with or without notice.
Data Utilization Disclaimer
By applying for this position, you acknowledge and agree that any personal data you provide may be used for recruitment and employment purposes. The data collected will be stored and processed in accordance with our privacy policy and applicable data protection laws. Your information will only be shared with relevant internal stakeholders and will not be disclosed to third parties without your consent, unless required by law.
(ref:hirist.tech)
