Senior Analyst I IT Governance
Who we are:
grofers is leading the charge in transforming India’s vast, unorganised grocery landscape through cutting-edge technology and innovation. We believe every Indian deserves the opportunity to continually improve their life – a process that often begins at home. As part of our mission of helping consumers make healthier, better choices when buying everyday products, we make a wide range of high-quality grocery and household products accessible, affordable, and available right at their doorsteps.
Built on a proprietary technology stack, the grofers platform serves as a convergence of consumers looking for everyday essentials, partner stores who serve their needs efficiently, and manufacturers looking for a channel to reach a nation of consumers. While our technology caters to the burgeoning population of urban India, it is ready and poised to serve the next 100+ million Indians who are yet to start shopping online.
We believe the ecosystem we power can transform the lives of a billion Indians significantly over the coming decade. They will have access to everyday essentials like groceries at the best value, be able to discover products that improve their health and wellbeing, and spend more meaningful time with their families – with the assurance that their essential needs are being looked after by us. On the other side of this virtuous cycle are the millions of local businesses catering to a nation’s needs, helping create more opportunities for employment, growth, and above all, a better life.
It's a $600 Billion challenge to solve, which is why we are looking at hiring smart, articulate and ambitious individuals to be a part of the team building the future at grofers. If this seems exciting to you, join us! Read more about us here.
Why you will love working with us:
- Customer love: We always put the interests of customers ahead of our own. We work hard to earn and keep their trust, and to bring them delight
- Bias for action: We dream big, take risks and have a strong bias for action. In difficult situations we make sound decisions and take thoughtful action
- Frugality: We are always looking for ways to do more with less - by creating the highest leverage possible with our time, as well as resources
- Confidence: We are tenacious and optimistic, and do not take no for an answer. Our people are quietly confident and openly humble
- Challenge status-quo: We are candid, authentic and transparent. We speak our mind, make connections that others miss and take smart risks
- Learner’s mindset: We keep learning and evolving to be able to meet our audacious goal of empowering every Indian to lead a better life
About the team:
IT Governance & Compliance is a never ending journey of keeping grofers products safe and trusted for customers. The mission of our IT Governance Team is to maintain a healthy compliance posture, audit and improve technology systems, and ensure a strong culture of compliance and risk management at grofers.
We do this by transforming our infrastructure and processes to make compliance as simple as possible, embedding risk management techniques in development and operations workflows as much as possible and educating teams about secure practices. We gravitate towards building the right systems for long term sustainable solutions. We own the IT risk management program including activities such as internal audits, continuous risk assessment of IT landscape (financial, data, security), consulting for and educating technology teams about risk.
About the role:
As a Senior Analyst, you will be responsible for managing projects, ensuring that you and your team timely deliver those projects while keeping all relevant stakeholders informed about requirements and progress. You will be expected to be a change agent in the organization to make sure that we are proactively mitigating risks.
What you will do:
- Work with operations and functional teams to ensure financial, security and data risk initiatives are understood and implemented. Work as a partner with teams to mitigate risks.
- Pro-actively analyze existing operations policies, processes, systems, controls and training material to assess areas for improvement in respect of GRC and data protection, and make recommendations to leadership for change.
- Work with our legal, finance and data teams to identify regulatory requirements across jurisdictions related to privacy and data protection.
- Develop and support a framework for monitoring and reporting ongoing compliance with regulation and standards.
- Execute internal privacy and compliance audits including documentation of audit scope, process understanding, risk & control identification, and testing strategies.
- Research on developments in privacy laws, other IT related regulations and maintain high-level understanding of e-commerce specific regulations and laws. Be a subject matter expert and advise the organization on all things risk.
- Understand the data infrastructure and prepare a plan for data governance and compliance. Update the data governance plan on a periodic basis in alignment with the leadership.
- Performing periodic audit activities such as rationalisation of technology and business controls, user access reviews, policy review and internal audits.
- Supporting the external and internal audit teams by coordinating with multiple stakeholders such as technology, security, finance, business and legal teams.
- Follow up with stakeholders on the due findings and remediations to drive closure. Complete testing of remediation actions confirmed as closed by the business.
- Through continuous monitoring, keep up to date with risks, issues and changes across relevant business units and use this knowledge to amend the audit approach where necessary.
- Ad-hoc work on company-wide projects around new processes or activities, investigation of incidents and due diligences for external stakeholders and investors
- Develop and monitor governance models for technology function with the leadership.
- Constantly be on top of regulatory requirements for Grofers. Plan execution of adhering to regulations with various stakeholders.
EXPERTISE AND QUALIFICATIONS
What you need:
- First and foremost, you must have a passion for GRC and data privacy
- 3-6 years of experience in IT Risk Management and Data Privacy.
- Experience of managing GRC projects with a team of analysts.
- Experience in IT Risk Assessment and Management, IT Audits, Data Privacy Audits.
- Excellent with data analysis using Excel.
- Some experience with SQL since you will be spending a lot of time analyzing SQL queries during internal and external audits.
- The desire to develop your skills in a fast-moving company. We are a startup. We are looking for people who can own problems end-to-end and are ready to learn anything required to get the job done. We will support you in this process from training to opportunities that expose you to different scenarios for your holistic development.
- Demonstrable Privacy and Data Protection experience, ideally gained in a digital business.
- Professional certifications related to GDPR, Privacy (e.g., CIPP) or others such as CISA / ISO27001 LA etc are preferable.
- Ability to work in a cross-functional, cross-cultural matrix environment.
- Strong analytical skills with the ability to develop and apply pragmatic solutions to complex legal / regulatory matters.
- Excellent stakeholder management and influencing skills
Good to have:
- Understanding of technologies and techniques such as DLP, DRM, data masking, tokenization and data classification.
- Experience with data analysis using SQL or Python.
- Experience with quantitative risk modelling techniques.
Excited? You will be, once you visit our Engineering Blog where you can deep dive into all the cool stuff that our engineers have been working on.