Ocrolus is hiring a
Senior Security Advisor in India

Summary

At Ocrolus, a high-growth fintech startup, the candidate will maintain security policies, conduct risk assessments, implement security controls, manage compliance monitoring, handle external audits, develop cybersecurity training programs, and work with engineering teams to ensure secure infrastructure. The ideal candidate has 5-8 years of experience in a GRC role, understanding of regulatory compliance requirements, and experience with SOC 2, ISO 27001, PCI DSS, GDPR, CCPA, and AWS. Ocrolus offers benefits such as remote work, professional development opportunities, and wellness programs.

Requirements

• 5-8 years of working experience in a GRC role
• Excellent understanding of regulatory compliance requirements
• Experience in evaluating and implementing SOC 2, ISO 27001, and PCI DSS
• Experience documenting policies and procedures, attention to detail, and analytical skills
• Experience in risk assessment methodologies, tools, and technical risk assessments
• Practical experience or a solid conceptual understanding of the AWS cloud platform to define controls for cloud environments and recommend best practices. (Certification is a plus)
• Experience in implementing security controls to address requirements of privacy regulations, including GDPR, CCPA, and other international regulations
• Experience in developing test plans, testing security controls, internal audit
• Ability to communicate with various stakeholders effectively across the organization
• Ability to prioritize identified areas for improvement and propose practical solutions
• Ability to work in a remote environment with teams in India and in the United States
• Excellent verbal and written communication skills (in English)
• Desire to continuously seek and update technical security skills as required for the job
• Being Proactive and able to work with little direct supervision

Responsibilities

• Maintain security policies, procedures, standards, checklists, and other necessary documentation
• Conduct gap assessments and implement/mature security processes and controls in line with industry frameworks and regulations
• Conduct comprehensive risk assessments, including technical security risks, threat modeling, and compliance evaluations
• Develop and implement mitigation strategies to address identified risks
• Perform periodic due diligence and risk assessment for Vendors, Sub-Processors
• Own the compliance monitoring program for security controls. Communicate with and present to Senior Management on progress and testing results
• Manage external compliance audits and other reviews, working with audit firms and internal parties
• Respond to customer due diligence requests; Attend customer calls (if required) and work closely with customer-facing teams on security-related matters
• Develop and deliver cybersecurity training and awareness programs to educate employees on security best practices and compliance
• Track compliance requirements and contractual obligations related to security
• Monitor and track relevant metrics for the security program's effectiveness
• Work closely with all engineering and product teams to ensure consistent and practical implementation of requirements for the Ocrolus infrastructure

Preferred Qualifications

• Security certifications such as CISSP, CRISC, and AWS certifications
• Knowledge of Financial Services domain (Mortgage, Lending, etc..)

Benefits

• Remote work
• Professional development opportunities
• Wellness programs