Security Engineer - GRC

Job Description

About the Team:

The Governance, Risk & Compliance (GRC) team is an integral part of the Information Security department at Flipkart. Our primary responsibility is to provide robust metrics, data-driven insights, and effective technologies for information security risk management. We aim to align information security with business objectives while effectively managing risk and meeting compliance requirements. The team ensures that Flipkart adheres to mandated statutory and industry information security requirements.

About the Role:

Flipkart is seeking a skilled, motivated, and collaborative individual for the position of Information Security - Governance Risk & Compliance (GRC). As a key member of the Information Security team, you will advance the GRC practice by influencing business leaders across Flipkart. You will serve as an expert and mentor to the information security core team, demonstrating strong communication and influence, along with a curiosity to learn and understand the business.

Responsibilities:

• Establish, operate, and develop compliance and risk management processes for Flipkart services in alignment with Group Security frameworks and business processes.
• Organize, conduct, and perform technology and information security risk assessments, including M&A security governance, to identify and evaluate risks in technology delivery areas and staff functions.
• Act as a security advocate, supporting business owners' requests related to security (e.g., evaluating policy exception requests and completing third-party security assessments).
• Perform technology security reviews on applications, infrastructure, and cloud security.
• Conduct compliance assessments against the ISO/IEC 27001 standard and Flipkart’s information security framework.
• Ensure all compliance findings and risk records are tracked and addressed by the involved teams and stakeholders.
• Create, communicate, and present compliance and risk reports to different stakeholders.
• Identify, document, and maintain an information security risk register, reporting to the security lead and other stakeholders.
• Support the successful completion of various internal compliance assessments and external compliance certification programs.
• Drive information security awareness and conduct regular training on Flipkart’s security policy and standard requirements through training, communication, and workshops.

Requirements:

• Bachelor’s degree in information technology or a related field.
• At least 3-5 years of experience related to information security practices, with a minimum of 2 years in GRC domains.
• Excellent understanding and experience with security standards and frameworks such as CSA CCM, ISO 27001:2013, NIST CSF, PCI-DSS, SOX, and SOC2.
• Proficiency in security policy management and security standards/frameworks such as CSA CCM, ISO 27001:2013, NIST CSF, PCI-DSS, SOX, and SOC2.

Open Positions: 1

Skills Required: GRC

Location: Bangalore, Karnataka

Role: Security Engineer