GRC (Governance, Risk & Compliance) Engineer

  • Security
  • Bangalore/Mumbai, India

GRC (Governance, Risk & Compliance) Engineer

Job description


About CoinDCX

CoinDCX is India's largest & safest crypto exchange, with a dedicated focus on making crypto accessible. Established in 2018, CoinDCX has solved numerous problems faced by the Indian crypto community with investing and trading solutions for crypto-based financial products for retail, HNI, and enterprise customers.It is our ultimate goal, to provide the best of the crypto space with the simplest and secure solutions. Insured by BitGo and ISO Certified, CoinDCX is now India’s first Crypto Unicorn! 


Imagine,

India’s cryptocurrency markets are booming, and post the SC verdict, the industry has grown manifold. More Indians want to join this exciting new industry. However, they are unsure how to enter, who should be their partner to help them grow in this space. You help them in their journey. You introduce them to a brand that is built for them and gain their trust. You make this happen. You make a difference,


Make a difference by,

● Execute end to end compliance initiatives in accordance with the compliance roadmap
● Design high-quality test plans and direct security control test activities
● Continuously improve CoinDCX's security control framework
● Draft and implement handbook pages, procedures, and runbooks related to security compliance
● Direct Internal & external audits
● Build and maintain security controls that map to CoinDCX security compliance requirements and provide implementation recommendations
● Peer review control test worksheets and provide feedback and guidance to Security Compliance Engineers
● Identify manual security compliance controls that can be improved through automation
● Design requirements for security compliance automation tasks
● Recommend new security compliance metrics and automate reporting of existing metrics
● Demonstrated experience with at least four security control frameworks (e.g. SOC 2, ISO, NIST, COSO, COBIT, etc.)
● Detailed understanding of how compliance works with cloud-native technology stacks
● Good understanding of implementing and managing emerging regulatory & compliance requirements

Job requirements

● 2-10 years prior experience in information security with specialization in Governance, Risk, and Compliance function.

● Detailed knowledge of common information security management frameworks, regulatory requirements, and applicable standards such as ISO 27001/2, ISO 27017, ISO 27018, SOC 2, HIPAA, GDPR, PCI, SOX, etc.

● Detailed knowledge of audit methodologies and standard deliverables

● Experience in Defining and shaping various compliance programs liaising with

internal business requirements and external regulatory requirements.

● Industry-recognized expert at building, maintaining, and improving compliance programs from the ground-up partnering with internal and external stakeholders.

● Good understanding of types of information security risk including but not limited to vendors and third parties.

● Direct experience of successful first-time external certification and attestation audits for CoinDCX

● Working knowledge of how compliance works with cloud-native technology stacks