Job Title : Application Developer Information Security & GRC

Experience Required : 10 to 12 years

Location : Chennai

Employment Type : Full-time

About the Role :

We are seeking an experienced Application Developer with a strong background in Information Security, Audit, and Governance, Risk & Compliance (GRC). The ideal candidate will have hands-on expertise in GRC platforms, attestation processes, control evidence management, and non-functional testing. You will work closely with cross-functional teams to ensure compliance with enterprise security frameworks and support audit readiness across large-scale application environments.

Key Responsibilities :

GRC & Security Compliance :

- Lead and manage attestation cycles, evidence collection, validation, and audit support for a large portfolio of applications.

- Ensure timely and accurate submission of control evidence in alignment with enterprise security policies and frameworks.

- Collaborate with compliance, audit, and security teams to interpret requirements and translate them into actionable tasks for application teams.

- Maintain deep understanding of security frameworks (e.g., ISO 27001, NIST, SOC2, PCI-DSS) and ensure application teams adhere to relevant controls.

- Monitor and track audit findings, risks, and remediation activities, ensuring closure within defined timelines.

GRC Tools & Architecture :

- Work extensively with GRC platforms such as Archer, ServiceNow GRC, or other enterprise tools to configure, run workflows, and manage evidence lifecycle.

- Contribute to enhancements in GRC architecture, workflows, and automation to strengthen compliance processes.

- Provide technical inputs for integrating applications with GRC systems for seamless attestation and reporting.

Audit & Evidence Management :

- Conduct end-to-end audit support activities, including scheduling, coordination, evidence review, gap identification, and documentation.

- Manage multiple concurrent audits with minimal supervision, ensuring quality, timeliness, and accuracy.

- Prepare and present audit observations, compliance dashboards, and risk summaries to senior leaders and governance committees.

Non-Functional Testing :

- Perform or coordinate non-functional testing (NFT) activities, including performance, scalability, reliability, and security-related assessments.

- Document NFT results, identify deviations, and work with engineering teams for remediation and optimization.

- Ensure non-functional requirements are embedded throughout software development and deployment cycles.

Collaboration & Stakeholder Management :

- Work closely with application owners, developers, product managers, and control owners to provide clarity on compliance deliverables.

- Conduct training sessions, workshops, and guidance sessions for application teams on attestation best practices and evidence preparation.

- Build strong partnerships with audit, risk, and compliance teams to promote accountability and continuous improvement.

Required Skills & Qualifications :

- 10+ years of hands-on experience in Information Security, IT Audit, GRC, or related domains.

- Strong working knowledge of GRC platforms such as Archer or ServiceNow GRC.

- Proven expertise in attestation management, evidence validation, and audit support.

- Experience with non-functional testing, including performance and security validations.

- Excellent analytical, documentation, and communication skills with the ability to simplify technical information for varied audiences.

- Strong understanding of enterprise security frameworks and associated controls.

- Ability to work independently and manage multiple audits simultaneously.

- Experience presenting to senior leadership and governance boards.