HamburgerMenu
hirist
AI/ML

Artificial Intelligence

Machine Learning

NLP

Generative AI

Predictive Modeling

Query Segmentation

AI Interface

LLM

Deep Learning

MLOps

Security Architect - AI

Cloud Architect - ML/AI

Data Scientist

Data Modeling

Data Analytics

Data Analytics & BI

Data Engineering

Software Development

Backend Development

Frontend Development

Full Stack

Mobile Applications

Emerging Technologies

DevOps / SRE

CyberSecurity

Quality Assurance

Platform Engineering / SAP/Oracle

Product / Design

Product Management

Business Analysis and Project Management

UI & Design

Others

Semiconductor/VLSI/EDA

Others

Principal Engineer - GRC/Information Security

Fxconsulting
Bangalore
8 - 12 Years
GRCInformation SecurityCyber SecurityData SecurityCISAISOPCI-DSSISMSIT RiskVAPT

Posted on: 30/01/2026

Job Description

Description :

Principal Engineer GRC & Information Security

Experience : 8 to 12 Years

Location : Bangalore (In-Office)

Industry : Fintech / Cybersecurity / Enterprise Risk

Education : B.E. / B.Tech / MCA; Certifications like CISA or ISO 27001 Lead Auditor are highly desirable.

Role Summary :

We are seeking a high-caliber Principal Engineer specializing in Governance, Risk, and Compliance (GRC) to lead our information security audit and regulatory roadmap. In this senior leadership role, you will act as the "Security Architect of Trust," overseeing the independent auditing of our ISMS (ISO 27001) and ensuring rigorous compliance with PCI DSS and DPDP frameworks. You will leverage your deep expertise in infrastructure and application audits to identify systemic weaknesses and drive the automation of compliance workflows. The ideal candidate is a strategic lead who can translate complex regulatory requirements into actionable security policies while mentoring the team to maintain a robust organizational risk posture.

Responsibilities :

- Independent ISMS Leadership : Lead and conduct high-level independent audits of the Information Security Management System (ISMS) to validate its maturity and alignment with ISO 27001 standards.

- Internal Compliance Auditing : Act as the primary internal auditor for PCI DSS and DPDP compliance across the organization, ensuring data protection and payment security standards are met.

- GRC Strategy & Reporting : Prepare and present comprehensive risk posture and compliance status reports to senior management, providing data-driven insights into the organization's security health.

- Audit & Remediation Expertise : Apply advanced knowledge of IT Security, Application, and Infrastructure audits to pinpoint control gaps and design remedial actions.

- Compliance Automation : Drive an "Automation-First" culture by working with the engineering team to automate GRC workflows, monitoring, and evidence-collection processes.

- Standard Implementation & Maintenance : Lead the implementation of associated privacy controls for ISO 27701 and drive projects focused on regulatory initiatives like GDPR and the Digital Personal Data Protection (DPDP) Act.

- Policy Architecture : Develop, implement, and maintain clear, actionable security and privacy procedures that govern organizational data handling and access controls.

- IT Risk Management : Apply proven experience in vulnerability assessments and security control design to mitigate emerging threats across the tech stack.

- Audit Lifecycle Governance : Manage the full audit lifecycle, from developing comprehensive checklists to maintaining rigorous documentation for all compliance activities.

Technical Requirements :

- Senior Audit Experience : 812 years of progressive experience in IT Audit, Information Security, and Compliance.

- Standard Mastery : Proven track record in implementing ISO 27001, ISO 27701, and ISMS frameworks.

- Regulatory Depth : Strong working knowledge of PCI DSS, GDPR, and India's DPDP Act.

- Audit Execution : Demonstrable ability to conduct complex ISMS audits independently and set up security processes from scratch.

- Certification Proficiency : Expertise aligned with CISA or ISO 27001 Lead Auditor certifications.

Preferred Skills :

- Vulnerability Management : Experience collaborating with SOC/VAPT teams to align audit findings with technical vulnerability data.

- Tooling Expertise : Familiarity with GRC platforms (e.g., OneTrust, ServiceNow GRC, or Vanta) for automated compliance tracking.

- Fintech Experience : Prior exposure to high-growth fintech environments where payment security is paramount.

Core Competencies :

- Strategic Thinking : Ability to lead large-scale GRC projects that balance regulatory rigor with operational agility.

- Technical Credibility : Strong foundation in infrastructure security and application-level controls.

- Detail-Oriented : Meticulous oversight of audit documentation and evidence integrity.

- Collaborative Leadership : Ability to guide cross-functional teams toward a unified security and compliance goal.


info-icon

Did you find something suspicious?

Similar jobs that you might be interested in

Posted by

user_img

Rahul Rawat

Consultant at Fxconsulting

Last Active: 31 Jan 2026

Job Views:  
7
Applications:  9
Recruiter Actions:  0

Posted in

CyberSecurity

Functional Area

Cyber Security

Job Code

1608277

Jobs by location

Interview Questions for you

View All
Blog for regisnation

How to Write Leave Application for Urgent Work: Format & Samples (2025)

Blog for regisnation

Top 90+ Machine Learning Interview Questions and Answers

Blog for regisnation

Top 40+ Deep Learning Interview Questions and Answers