- Customer love: We always put the interests of customers ahead of our own. We work hard to earn and keep their trust, and to bring them delight
- Bias for action: We dream big, take risks and have a strong bias for action. In difficult situations we make sound decisions and take thoughtful action
- Frugality: We are always looking for ways to do more with less – by creating the highest leverage possible with our time, as well as resources
- Confidence: We are tenacious and optimistic, and do not take no for an answer. Our people are quietly confident and openly humble
- Challenge status-quo: We are candid, authentic and transparent. We speak our mind, make connections that others miss and take smart risks
- Learner’s mindset: We keep learning and evolving to be able to meet our audacious goal of empowering every Indian to lead a better life
- Work with operations and functional teams to ensure financial, security and data risk initiatives are understood and implemented. Work as a partner with teams to mitigate risks.
- Pro-actively analyze existing operations policies, processes, systems, controls and training material to assess areas for improvement in respect of GRC and data protection, and make recommendations to leadership for change.
- Work with our legal, finance and data teams to identify regulatory requirements across jurisdictions related to privacy and data protection.
- Develop and support a framework for monitoring and reporting ongoing compliance with regulation and standards.
- Execute internal privacy and compliance audits including documentation of audit scope, process understanding, risk & control identification, and testing strategies.
- Research on developments in privacy laws, other IT related regulations and maintain high-level understanding of e-commerce specific regulations and laws. Be a subject matter expert and advise the organization on all things risk.
- Understand the data infrastructure and prepare a plan for data governance and compliance. Update the data governance plan on a periodic basis in alignment with the leadership.
- Performing periodic audit activities such as rationalisation of technology and business controls, user access reviews, policy review and internal audits.
- Supporting the external and internal audit teams by coordinating with multiple stakeholders such as technology, security, finance, business and legal teams.
- Follow up with stakeholders on the due findings and remediations to drive closure. Complete testing of remediation actions confirmed as closed by the business.
- Through continuous monitoring, keep up to date with risks, issues and changes across relevant business units and use this knowledge to amend the audit approach where necessary.
- Ad-hoc work on company-wide projects around new processes or activities, investigation of incidents and due diligences for external stakeholders and investors
- Develop and monitor governance models for technology function with the leadership.
- Constantly be on top of regulatory requirements for Grofers. Plan execution of adhering to regulations with various stakeholders.
- 1-3 years of experience in IT Risk Management and Data Privacy.
- Experience in IT Risk Assessment and Management, IT Audits, Data Privacy Audits.
- Excellent with data analysis using Excel.
- Some experience with SQL since you will be spending a lot of time analyzing SQL queries during internal and external audits.
- The desire to develop your skills in a fast-moving company. We are a startup. We are looking for people who can own problems end-to-end and are ready to learn anything required to get the job done. We will support you in this process from training to opportunities that expose you to different scenarios for your holistic development.
- Demonstrable Privacy and Data Protection experience, ideally gained in a digital business.
- Professional certifications related to GDPR, Privacy (e.g., CIPP) or others such as CISA / ISO27001 LA etc are preferable.
- Ability to work in a cross-functional, cross-cultural matrix environment.
- Strong analytical skills with the ability to develop and apply pragmatic solutions to complex legal / regulatory matters.
- Excellent stakeholder management and influencing skills
- Understanding of technologies and techniques such as DLP, DRM, data masking, tokenization and data classification.
- Experience with data analysis using SQL or Python.
- Experience with quantitative risk modelling techniques.