i
Flipkart
Proud winner of ABECA 2024 - AmbitionBox Employee Choice Awards
140 Flipkart Jobs
4-6 years
₹ 14 - 17.85L/yr (AmbitionBox estimate)
Bangalore / Bengaluru
1 vacancy
Senior Security Engineer - GRC (Governance Risk & Compliance)
Flipkart
posted 16hr ago
Flexible timing
Key skills for the job
About the team:
The Governance, Risk & Compliance team is a central part of the Information security department, with primary responsibility to provide robust metrics, data-driven insights, and effective technologies for information security risk management. We aim to provide a structured approach to align information security with business objectives, while effectively managing risk and meeting compliance requirements.
And responsible for ensuring Flipkart is adhering to mandated statutory and industry infosec
requirements.
About the role:
Flipkart is seeking a skilled, motivated, and collaborative GRC- Senior InfoSec Engineer (M&A
cybersecurity)
In this role, you will be a key member in the Information Security team to move forward the Governance,
Risk and Compliance practice by influencing business leaders across the Flipkart enterprise.
You will serve as an expert and be a mentor to the information security core team. You will be a strong
communicator and influencer, customer focused, demonstrate curiosity to learn and understand the
business.
What youll do:
Perform End-to-End Cyber M&A assessment which includes due diligence, On-boarding and
integration, risk management, divestment and separation.
Perform cyber security optimisation review and targeted post-acquisition review.
Organize, conduct and perform technology and information security risk assessments, M&A
security governance to identify and evaluate risks in technology delivery areas and staff functions.
Act as a security advocate, supporting business owners requests related to security (evaluate
policy exception requests, complete third-party security assessment).
Perform technology security review on application, infrastructure & cloud security.
Identify the status of the applicable legal and regulatory compliance of the target company, based
on the scope of acquisition.
Perform cybersecurity due diligence to Identify security risk exposures to support negotiation and
drive remediation.
Identify early indicators of risk, based on publicly available information and passive threat hunting.
Understand the current InfoSec and privacy risk of the target company by conducting a detailed
risk assessment.
Provide monitoring, independent oversight and facilitate the execution & continuous improvement
of 3rd party risk management and M&A programs and processes.
Establish a governance model for ongoing compliance and incident handling.
Influence Security Control Automation efforts, security and compliance at scale.
What youll need:
Bachelors degree in Computer Science, Information Security, Engineering, or related field or
equivalent experience
At least 6 years of working experience related to information security practices with a minimum of 3 years in GRC domains.
Possess of information security certifications, such as CISSP/CISM/CCSP/CRISC/CISA/CCSK
Excellent understanding & experience of security policy management, security standards and frameworks such as CSA CCM, ISO 27001:2013, NIST CSF, PCI-DSS, SOX and SOC2.
Knowledge and skill set with modern cloud infrastructure including SaaS, PaaS, IaaS,
containerization, serverless technologies, network security, endpoint security, data protection, and incident response.
Solid understanding of data privacy and data security principles and best practices
Effective at working as part of a collaborative, cross-functional team.
High sense of ownership, urgency, and drive.
Ability to establish credibility and earn trust with a variety of Stakeholders and Leadership
Senior level written and verbal communication skills
Ability to work well, collaborate, and lead within a team environment
An entrepreneurial spirit with the ability to drive innovation independently.
Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills
Passion to make things better and resourceful, solutions-based approach to partnership
Possess an understanding of core information security principles and associated risk
management principles
Have extensive experience with of process improvement, building, and strategic development
Experience with large enterprise environments
Experience with products and services
Experience with cross-organizational collaboration and negotiation
Skills Required:
Iso 27001 Lead Auditor
Education/Qualification:
CISA CISSP
Employment Type: Full Time, Permanent
Read full job descriptionPrepare for Senior Security Engineer roles with real interview advice
Great work culture Good WLB Interesting tasks
Nothing
Read 1 review4-6 Yrs
Bangalore / Bengaluru