GRC (Governance, Risk & Compliance) Engineer

  • Security
  • Bangalore/Mumbai, India

GRC (Governance, Risk & Compliance) Engineer

Job description

About CoinDCX

Trusted by more than 10 million users, CoinDCX is India's fastest-growing and safest way to Crypto. We’re on a mission to make Crypto accessible to every Indian. Our aspirations are much bigger and we strive to contribute to the larger crypto ecosystem. For this, we’re looking for talented people like you to join our team and fulfill this vision.

Make a difference by,

● Execute end to end compliance initiatives in accordance with the compliance roadmap
● Design high-quality test plans and direct security control test activities
● Continuously improve CoinDCX's security control framework
● Draft and implement handbook pages, procedures, and runbooks related to security compliance
● Direct Internal & external audits
● Build and maintain security controls that map to CoinDCX security compliance requirements and provide implementation recommendations
● Peer review control test worksheets and provide feedback and guidance to Security Compliance Engineers
● Identify manual security compliance controls that can be improved through automation
● Design requirements for security compliance automation tasks
● Recommend new security compliance metrics and automate reporting of existing metrics
● Demonstrated experience with at least four security control frameworks (e.g. SOC 2, ISO, NIST, COSO, COBIT, etc.)
● Detailed understanding of how compliance works with cloud-native technology stacks
● Good understanding of implementing and managing emerging regulatory & compliance requirements

Job requirements

● 2-10 years prior experience in information security with specialization in Governance, Risk, and Compliance function.

● Detailed knowledge of common information security management frameworks, regulatory requirements, and applicable standards such as ISO 27001/2, ISO 27017, ISO 27018, SOC 2, HIPAA, GDPR, PCI, SOX, etc.

● Detailed knowledge of audit methodologies and standard deliverables

● Experience in Defining and shaping various compliance programs liaising with

internal business requirements and external regulatory requirements.

● Industry-recognized expert at building, maintaining, and improving compliance programs from the ground-up partnering with internal and external stakeholders.

● Good understanding of types of information security risk including but not limited to vendors and third parties.

● Direct experience of successful first-time external certification and attestation audits for CoinDCX

● Working knowledge of how compliance works with cloud-native technology stacks