Senior Security Engineer - GRC (Governance Risk & Compliance)

Description

About the team:

The Governance, Risk & Compliance team is a central part of the Information security department, with
primary responsibility to provide robust metrics, data-driven insights, and effective technologies for
information security risk management. We aim to provide a structured approach to align information
security with business objectives, while effectively managing risk and meeting compliance requirements.
And responsible for ensuring Flipkart is adhering to mandated statutory and industry infosec
requirements.

About the role:

Flipkart is seeking a skilled, motivated, and collaborative GRC- Senior InfoSec Engineer (M&A
cybersecurity)
In this role, you will be a key member in the Information Security team to move forward the Governance,
Risk and Compliance practice by influencing business leaders across the Flipkart enterprise.
You will serve as an expert and be a mentor to the information security core team. You will be a strong
communicator and influencer, “customer” focused, demonstrate curiosity to learn and understand the
business.

What you’ll do:

● Perform End-to-End Cyber M&A assessment which includes due diligence, On-boarding and
integration, risk management, divestment and separation.
● Perform cyber security optimisation review and targeted post-acquisition review.
● Organize, conduct and perform technology and information security risk assessments, M&A
security governance to identify and evaluate risks in technology delivery areas and staff functions.
● Act as a security advocate, supporting business owners’ requests related to security (evaluate
policy exception requests, complete third-party security assessment).
● Perform technology security review on application, infrastructure & cloud security.
● Identify the status of the applicable legal and regulatory compliance of the target company, based
on the scope of acquisition.
● Perform cybersecurity due diligence to Identify security risk exposures to support negotiation and
drive remediation.
● Identify early indicators of risk, based on publicly available information and passive threat hunting.
● Understand the current InfoSec and privacy risk of the target company by conducting a detailed
risk assessment.
● Provide monitoring, independent oversight and facilitate the execution & continuous improvement
of 3rd party risk management and M&A programs and processes.
● Establish a governance model for ongoing compliance and incident handling.
● Influence Security Control Automation efforts, security and compliance at scale.

What you’ll need:

● Bachelor’s degree in Computer Science, Information Security, Engineering, or related field or
equivalent experience
● At least 6 years of working experience related to information security practices with a minimum
of 3 years in GRC domains.
● Possess of information security certifications, such as CISSP/CISM/CCSP/CRISC/CISA/CCSK
● Excellent understanding & experience of security policy management, security standards and
frameworks such as CSA CCM, ISO 27001:2013, NIST CSF, PCI-DSS, SOX and SOC2.
● Knowledge and skill set with modern cloud infrastructure including SaaS, PaaS, IaaS,
containerization, serverless technologies, network security, endpoint security, data protection, and
incident response.
● Solid understanding of data privacy and data security principles and best practices
● Effective at working as part of a collaborative, cross-functional team.
● High sense of ownership, urgency, and drive.
● Ability to establish credibility and earn trust with a variety of Stakeholders and Leadership
● Senior level written and verbal communication skills
● Ability to work well, collaborate, and lead within a team environment
● An entrepreneurial spirit with the ability to drive innovation independently.
● Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills
● Passion to make things better and resourceful, solutions-based approach to partnership
● Possess an understanding of core information security principles and associated risk
management principles
● Have extensive experience with of process improvement, building, and strategic development
● Experience with large enterprise environments
● Experience with products and services
● Experience with cross-organizational collaboration and negotiation

Skills Required

Iso 27001 Lead Auditor

Education/Qualification

CISA CISSP