About the team
The Governance, Risk & Compliance team is a central part of the Information security department, with primary responsibility to provide robust metrics, data-driven insights, and effective technologies for information security risk management. We aim to provide a structured approach to align information security with business objectives, while effectively managing risk and meeting compliance requirements. And responsible for ensuring Myntra is adhering to mandated statutory and industry infosec requirements.
About the role
Myntra is seeking a skilled, motivated, and collaborative GRC Information Security Engineer - Governance Risk & Compliance (GRC). In this role, you will be a key member in the Information Security team to move forward the Governance, Risk and Compliance practice by influencing business leaders across the Myntra enterprise.
You will serve as an expert and be a mentor to the information security core team. You will be a strong communicator and influencer, “customer” focused, demonstrate curiosity to learn and understand the business.
What you’ll do:
- Implement and oversee enforcement of policies, procedures, standard and associated plans based on industry-standard best practices (ISO 27001, NIST, PCI-DSS, etc).
- Perform technology based risk assessments, 3rd party risk assessment, M&A security governance and exception management against the Myntra standards for applicable scenarios & manage risk to an acceptable level.
- Perform technology security review on application, infrastructure & cloud.
- Maintain continuous compliance of user access management on network, servers, applications.
- Maintain continuous compliance with network, servers, applications and workstation configurations against the security and hardening standards.
- Prepare compliance reports and remediation details from periodic review of application, workstation, servers, and network device configuration.
- Maintain continuous compliance of data Loss Prevention (DLP) and CASB for all applications, infrastructure and systems supporting Myntra operations to prevent data leakage.
- Perform risk assessment on application during SDLC and compliance check related to access control and data sanitization.
- Identifying, documenting and maintaining information security risk register & reporting to the security lead and other stakeholders.
- Provide monitoring, independent oversight and facilitate the execution & continuous improvement of 3rd party risk management and M&A programs and processes.
- Influence Security Control Automation efforts, security and compliance at scale.
- Represents Security posture of Myntra in internal & external audits.
- Drive security awareness & conducts regular training on Myntra’s security policy and standard requirements through training, communication, and workshops.
What you’ll need:
- Bachelor’s degree in information technology or other related field.
- At least 3 years of working experience related to information security practices with a minimum of 1 years in GRC domains.
- Excellent understanding & experience of security policy management, security standards and frameworks such as CSA CCM, ISO 27001:2013, NIST CSF, PCI-DSS, SOX and SOC2.
- Solid understanding of operational and organizational structures, and experience in global, matrix organizations, Vendor & 3rd party Risk Management.
- Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls, network security, cloud security, application security, endpoint security, data protection, and incident response.
- Experience with agile approaches and experience in DevOps or DevSecOps, and how they impact risk management and compliance.
- Possess of information security certifications, such as CISSP/CISM/CRISC/CEH/ISO 27001.
- Experience in HLD & LLD review and driving cross-functional programs.
- Excellent problem solving, interpersonal,communication and presentation skills.