Senior Security Engineer - GRC (Governance Risk & Compliance)

The Governance, Risk & Compliance team is a central part of the Information security department, with
primary responsibility to provide robust metrics, data-driven insights, and effective technologies for
information security risk management. We aim to provide a structured approach to align information
security with business objectives, while effectively managing risk and meeting compliance requirements.
And responsible for ensuring Flipkart is adhering to mandated statutory and industry infosec
requirements.

About the role:

Flipkart is seeking a skilled, motivated, and collaborative GRC- Senior InfoSec Engineer (M&A cybersecurity)
In this role, you will be a key member in the Information Security team to move forward the Governance,Risk and Compliance practice by influencing business leaders across the Flipkart enterprise.
You will serve as an expert and be a mentor to the information security core team. You will be a strong communicator and influencer, customer focused, demonstrate curiosity to learn and understand the business.

What youll do:

Perform End-to-End Cyber M&A assessment which includes due diligence, On-boarding and integration, risk management, divestment and separation.
Perform cyber security optimisation review and targeted post-acquisition review.
Organize, conduct and perform technology and information security risk assessments, M&A
security governance to identify and evaluate risks in technology delivery areas and staff functions.
Act as a security advocate, supporting business owners requests related to security (evaluate
policy exception requests, complete third-party security assessment).
Perform technology security review on application, infrastructure & cloud security.
Identify the status of the applicable legal and regulatory compliance of the target company, based on the scope of acquisition.
Perform cybersecurity due diligence to Identify security risk exposures to support negotiation and drive remediation.
Identify early indicators of risk, based on publicly available information and passive threat hunting.
Understand the current InfoSec and privacy risk of the target company by conducting a detailed risk assessment.
Provide monitoring, independent oversight and facilitate the execution & continuous improvement of 3rd party risk management and M&A programs and processes.
Establish a governance model for ongoing compliance and incident handling.
Influence Security Control Automation efforts, security and compliance at scale.

What youll need:

Bachelors degree in Computer Science, Information Security, Engineering, or related field or equivalent experience
At least 6 years of working experience related to information security practices with a minimum of 3 years in GRC domains.
Possess of information security certifications, such as CISSP/CISM/CCSP/CRISC/CISA/CCSK
Excellent understanding & experience of security policy management, security standards and frameworks such as CSA CCM, ISO 27001:2013, NIST CSF, PCI-DSS, SOX and SOC2.
Knowledge and skill set with modern cloud infrastructure including SaaS, PaaS, IaaS,
containerization, serverless technologies, network security, endpoint security, data protection, and incident response.
Solid understanding of data privacy and data security principles and best practices
Effective at working as part of a collaborative, cross-functional team.
High sense of ownership, urgency, and drive.
Ability to establish credibility and earn trust with a variety of Stakeholders and Leadership
Senior level written and verbal communication skills
Ability to work well, collaborate, and lead within a team environment
An entrepreneurial spirit with the ability to drive innovation independently.
Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills
Passion to make things better and resourceful, solutions-based approach to partnership
Possess an understanding of core information security principles and associated risk
management principles
Have extensive experience with of process improvement, building, and strategic development
Experience with large enterprise environments
Experience with products and services
Experience with cross-organizational collaboration and negotiation