IT Governance & Compliance is a never ending journey of keeping grofers products safe and trusted for customers. The mission of our IT Governance Team is to maintain a healthy compliance posture, audit and improve technology systems, and ensure a strong culture of compliance and risk management at grofers.
We do this by transforming our infrastructure and processes to make compliance as simple as possible, embedding risk management techniques in development and operations workflows as much as possible and educating teams about secure practices. We gravitate towards building the right systems for long term sustainable solutions. We own the IT risk management program including activities such as internal audits, continuous risk assessment of IT landscape (financial, data, security), consulting for and educating technology teams about risk.
About the role:
As an Analyst on the IT Governance team, you will be responsible for providing technical expertise with respect to technology risk, data privacy risk and financial risk in various product and platform engineering initiatives, driving application and infrastructure level architectural changes with counterparts on other technology teams to strengthen security & compliance and ensure compliance of regulations and governance in alignment with business and technology strategy. Also, you will be involved in driving the compliance and regulatory projects which are guided towards achieving compliances and certifications such as ISO27001, data privacy related compliances, etc.
What you will do:
- Work with operations and functional teams to ensure financial, security and data risk initiatives are understood and implemented. Work as a partner with teams to mitigate risks.
- Pro-actively analyze existing operations policies, processes, systems, controls and training material to assess areas for improvement in respect of GRC and data protection, and make recommendations to leadership for change.
- Work with our legal, finance and data teams to identify regulatory requirements across jurisdictions related to privacy and data protection.
- Develop and support a framework for monitoring and reporting ongoing compliance with regulation and standards.
- Execute internal privacy and compliance audits including documentation of audit scope, process understanding, risk & control identification, and testing strategies.
- Research on developments in privacy laws, other IT related regulations and maintain high-level understanding of e-commerce specific regulations and laws. Be a subject matter expert and advise the organization on all things risk.
- Understand the data infrastructure and prepare a plan for data governance and compliance. Update the data governance plan on a periodic basis in alignment with the leadership.
- Performing periodic audit activities such as rationalisation of technology and business controls, user access reviews, policy review and internal audits.
- Supporting the external and internal audit teams by coordinating with multiple stakeholders such as technology, security, finance, business and legal teams.
- Follow up with stakeholders on the due findings and remediations to drive closure. Complete testing of remediation actions confirmed as closed by the business.
- Through continuous monitoring, keep up to date with risks, issues and changes across relevant business units and use this knowledge to amend the audit approach where necessary.
- Ad-hoc work on company-wide projects around new processes or activities, investigation of incidents and due diligences for external stakeholders and investors
- Develop and monitor governance models for technology function with the leadership.
- Constantly be on top of regulatory requirements for Grofers. Plan execution of adhering to regulations with various stakeholders.
EXPERTISE AND QUALIFICATIONS
What you need:
- First and foremost, you must have a passion for GRC and data privacy
- 1-3 years of experience in IT Risk Management and Data Privacy.
- Experience in IT Risk Assessment and Management, IT Audits, Data Privacy Audits.
- Excellent with data analysis using Excel.
- Some experience with SQL since you will be spending a lot of time analyzing SQL queries during internal and external audits.
- The desire to develop your skills in a fast-moving company. We are a startup. We are looking for people who can own problems end-to-end and are ready to learn anything required to get the job done. We will support you in this process from training to opportunities that expose you to different scenarios for your holistic development.
- Demonstrable Privacy and Data Protection experience, ideally gained in a digital business.
- Professional certifications related to GDPR, Privacy (e.g., CIPP) or others such as CISA / ISO27001 LA etc are preferable.
- Ability to work in a cross-functional, cross-cultural matrix environment.
- Strong analytical skills with the ability to develop and apply pragmatic solutions to complex legal / regulatory matters.
- Excellent stakeholder management and influencing skills
Good to have:
- Understanding of technologies and techniques such as DLP, DRM, data masking, tokenization and data classification.
- Experience with data analysis using SQL or Python.
- Experience with quantitative risk modelling techniques.
Excited? You will be, once you visit our Engineering Blog where you can deep dive into all the cool stuff that our engineers have been working on.