What youll do:
Develop, implement, maintain and oversee enforcement of policies, procedures, standard and associated plans based on industry-standard best practices (ISO 27001, NIST, PCI-DSS, etc).
Establish, operate, and further develop compliance and risk management processes for Flipkart services in alignment with Group Security frameworks and business processes.
Organize, conduct and perform technology and information security risk assessments, M&A security governance to identify and evaluate risks in technology delivery areas and staff functions.
Act as a security advocate, supporting business owners requests related to security (evaluate policy exception requests, complete third-party security assessment).
Perform technology security review on application, infrastructure & cloud security.
Identifying, documenting and maintaining information security risk register & reporting to the security lead and other stakeholders.
Design requirements for security compliance automation tasks & Influence Security Control Automation efforts, security and compliance at scale.
Represents Security posture of Flipkart in internal & external audits.
Drive security awareness & conducts regular training on Flipkarts security policy and standard requirements through training, communication, and workshops.
Develops metrics that demonstrate the current risk state, indicators of progress, and business alignment
Establishes and regular reporting mechanisms for measuring compliance and performance of Management projects
What youll need:
Bachelors degree in Computer Science, Information Security, Engineering, or related field or equivalent experience
At least 8 years of working experience related to information security practices with a minimum of 4 years in GRC domains.
Possess of information security certifications, such as CISSP/CISM/CCSP/CRISC/CISA/CCSK
Excellent understanding & experience of security policy management, security standards and frameworks such as CSA CCM, ISO 27001:2013, NIST CSF, PCI-DSS, SOX and SOC2.
Knowledge and skill set with modern cloud infrastructure including SaaS, PaaS, IaaS, containerization, serverless technologies, network security, endpoint security, data protection, and incident response.
Solid understanding of data privacy and data security principles and best practices
Effective at working as part of a collaborative, cross-functional team.
High sense of ownership, urgency, and drive.
Ability to establish credibility and earn trust with a variety of Stakeholders and Leadership
Senior level written and verbal communication skills
Ability to work well, collaborate, and lead within a team environment
An entrepreneurial spirit with the ability to drive innovation independently.
Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills
Passion to make things better and resourceful, solutions-based approach to partnership
Possess an understanding of core information security principles and associated risk management principles
Have extensive experience with of process improvement, building, and strategic development
Experience with large enterprise environments
Experience with products and services
Experience with cross-organizational collaboration and negotiation
Keyskills: Security Engineering CCSP CCSK CISSP Information Security GRC Control Automation CISA CRISC CISM