Lead Analyst - Information Security - GRC

FC Global Services India LLP (First Citizens India), a part of First Citizens BancShares, Inc., a top 20 U.S. financial institution, is a global capability center (GCC) based in Bengaluru. Our India-based teams benefit from the company's over 125-year legacy of strength and stability. First Citizens India is responsible for delivering value and managing risks for our lines of business. We are particularly proud of our strong, relationship-driven culture and our long-term approach, which are deeply ingrained in our talented workforce. This is evident across all key areas of our operations, including Technology, Enterprise Operations, Finance, Cybersecurity, Risk Management, and Credit Administration. We are seeking talented individuals to join us in our mission of providing solutions fit for our clients greatest ambitions.

Job Description

Value Preposition

We are seeking a dynamic and experienced Cyber Governance, Risk & Controls (GRC) Risk Assessment and Reg Compliance lead serving as a strategic partner to our US counterparts. This role will be instrumental in shaping, executing, and maturing our cyber risk programs while ensuring operational excellence and alignment to enterprise objectives. The ideal candidate is a strategic thought leader with deep understanding of governance and documentation standards, cyber technical ability and regulatory frameworks.

Job Details

Position Title: Lead Analyst - Information Security - GRC

Career Level: P3

Job Category: Manager

Role Type: Hybrid

Job Location: Bangalore

About The Team

The Cyber Governance, Risk & Controls (GRC) team is a community of dedicated professionals committed to safeguarding our organization's information security. Our values - inclusivity, transparency, and excellence drive everything we do.

Impact

This is a high-impact role offering the opportunity to shape the future of our cyber risk landscape while enabling critical business functions across the globe. You will join a passionate, values-driven team committed to collaboration, innovation, and excellence in execution.

Key Deliverables

• Design, build, and pilot a targeted cyber risk assessment program to proactively identify, measure, and address emerging risks.
• Elevate the quality, clarity, and consistency of policy, standard, and procedure documentation in alignment with corporate governance frameworks.
• Drive corporate and industry regulatory mapping to ensure full traceability and compliance across frameworks (e.g., NIST, ISO, FFIEC, RBI).
• Deliver complete closure of MRA, MRIA's, and open issues across the organization. Proactively Identify dependencies across First Citizens and timelines to ensure on time delivery
• Proactively identify foundational security metrics, build proof of concepts, while drive full operational maturity to manage risk across the Bank.
• Provide technical guidance to ensure requirements are prioritized and implemented across all projects and products.
• Drive security-by-design principles in the development lifecycle by collaborating with engineering and teams on secure design patterns and architectural reviews.
• Design, implement, and maintain scalable, secure systems and infrastructure to protect the organization's assets and data.
• Actively build a One Team, One Bank, One ECSO culture aligned with FCB's mission, vision, and True North Values.
• Establish governance forums, reporting mechanisms, and decision-making structures for cyber risk and compliance
• Provide executive-level reporting on cyber risk posture, compliance status, and key risk indicators (KRIs)
• Lead the identification, assessment, and treatment of cybersecurity risks across technology, business, and third-party environments
• Maintain the cyber risk register, including risk ownership, impact analysis, and remediation tracking
• Facilitate risk assessments for new initiatives, systems, cloud services, and digital transformation programs
• Advise stakeholders on risk mitigation strategies and residual risk acceptance
• Integrate cyber risk into enterprise risk management (ERM) frameworks
  
  

Functional Skills

Skills and Qualification

• Strategic mindset with the ability to see the big picture while delivering tactical outcomes.
• Deep knowledge of cybersecurity risk, controls, policy, and documentation standards within a highly regulated environment.
• Expertise in building forward-looking, resilient, and scalable programs grounded in market awareness and business alignment.
• Strong leadership presence with a passion for developing talent, building inclusive teams, and driving organizational growth
• Demonstrate strong technical aptitude across a broad range of cyber domains, including but not limited to, encryption, IAM, cloud security, network security, and vulnerability management. Lead compliance activities related to applicable laws, regulations, and contractual obligations (e.g., GDPR, NIS2, SOX, PCI DSS, HIPAA, local financial or data protection regulations as applicable)
• Design and oversee cybersecurity control assurance and monitoring activities
• Partner with IT, Security Operations, Architecture, Legal, Privacy, Procurement, and business units to embed security by design
• Provide expert guidance and challenge to senior stakeholders on cyber risk decisions
• Promote a strong cyber risk culture and security awareness across the organization
  
  

Technical/Business Skills

• Bachelor's degree in Information Security, Risk Management, Business Administration, or related field; Master's degree preferred.
• 8-10 years of experience in cybersecurity, governance, risk, or compliance and project/program management
• Experience in the financial services sector strongly preferred.
• Strong working knowledge of key regulatory frameworks and standards, including NIST, ISO 27001, RBI, FFIEC, with the ability to interpret, apply, and align them to risk management efforts
• Proven ability to analyze, report, and communicate complex risks and data to senior leadership and executive stakeholders.
• Hold relevant security certifications such as CISSP, CISM, or equivalent
• Deep understanding of cybersecurity governance, risk management, and compliance principles
• Strong knowledge of security frameworks and standards (ISO 27001, NIST, COBIT, CIS, etc.)
• Experience conducting cyber risk assessments and translating risks into business-focused language
• Ability to interpret regulatory requirements and implement pragmatic, scalable controls
• Excellent written and verbal communication skills, including executive-level reporting
  
  

Relationships & Collaboration

Reports to: Senior Manager - Information Security

Partners: Senior leaders, cross- functional teams, end-users.

Accessibility Needs

We are committed to providing an inclusive and accessible hiring process. If you require accommodations at any stage (e.g. application, interviews, onboarding) please let us know, and we will work with you to ensure a seamless experience.

Equal Employment Opportunity

FC Global Services India LLP (First Citizens India) is an Equal Employment Opportunity Employer. We are committed to fostering an inclusive and accessible environment and prohibit all forms of discrimination on the basis of gender, religion, caste, disability, sexual orientation, economic status or any other characteristics protected by the law. We strive to foster a safe and respectful environment in which all individuals are treated with respect and dignity. Our EEO policy ensures fairness throughout the employee life cycle.