Manager Information Security; Cyber GRC

Position: Manager Information Security (Cyber GRC)
The world's top banks use Zafin's integrated platform to drive transformative customer value. Powered by an innovative AI-powered architecture, Zafin's platform seamlessly unifies data from across the enterprise to accelerate product and pricing innovation, automate deal management and billing, and create personalized customer offerings that drive expansion and loyalty.

Zafin empowers banks to drive sustainable growth, strengthen their market position, and define the future of banking centered around customer value.

What is the Opportunity

Zafin is seeking a Cyber GRC Specialist to join our cybersecurity team. The successful candidate will be responsible for developing and maintaining governance, risk, and compliance (GRC) frameworks, conducting cyber risk assessments and audits, and ensuring that the organization adheres to regulatory requirements and industry standards. The Cyber GRC Analyst will collaborate with internal teams and clients to mitigate cyber risks and ensure that cybersecurity policies are enforced.

The role requires strong knowledge of cyber risk management, compliance practices, and GRC tools.

Job Mandate :

Governance, Risk, and Compliance (GRC ):
Frameworks:
Develop and implement governance, risk, and compliance frameworks for cybersecurity. Ensure that frameworks are aligned with industry standards, regulatory requirements, and internal policies. Continuously improve the GRC process to enhance risk management and compliance across the organization. Be an owner for Trust Center and Cyber GRC controls under the overall controls framework.
Cyber Risk Assessments and Audits :
Conduct comprehensive cyber risk assessments and support internal audits to evaluate security controls, processes, and compliance. Identify gaps in cybersecurity practices and recommend remediation measures. Provide evidence and documentation to internal audit teams and clients for certifications and compliance audits.
Vendor Risk Assessments:  Perform vendor risk assessments, focusing on information security and cybersecurity practices. Provide input to clients and internal teams on vendor risk and ensure that vendors meet cybersecurity requirements.
Regulatory Compliance Monitoring:  Monitor changes in cybersecurity regulations, industry standards, and best practices. Ensure that the organization remains compliant with relevant laws and regulatory requirements. Update policies and procedures to reflect these changes and provide training to relevant stakeholders.
Cybersecurity Policy Development and Maintenance:  Develop, review, and maintain all cybersecurity-related policies and procedures. Ensure policies are communicated to all employees and are integrated into day-to-day operations. Regularly review and update policies to adapt to emerging threats and new regulations.
Reporting and Risk Mitigation:  Prepare reports on the status of cybersecurity risks, compliance levels, and vendor assessments. Work with cross-functional teams, including IT, security, legal, and compliance, to develop strategies to mitigate identified risks and improve the organization's cybersecurity posture.

What do I need to succeed

Must have:

Bachelor's degree in computer science, Information Security, or a related field
Strong knowledge of GRC frameworks (e.g., NIST, ISO 27001, GDPR, etc.)
Minimum 6 years of experience in cybersecurity risk, governance, or compliance
Experience conducting risk assessments and audits
Experience working on Azure Environment
Experience in Vendor Risk Management (Information Security focus)

Few of the following certifications:

Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)
Certified in the Governance of Enterprise IT (CGEIT)
Certified Information Systems Security Professional (CISSP)
ISO/IEC 27001 Lead Auditor or equivalent
Experience using GRC tools for risk and compliance tracking

What's in it for you

Joining our team means being part of a culture that values diversity, teamwork, and high-quality work. We offer competitive salaries, annual bonus potential, generous paid time off, paid volunteering days, wellness benefits, and robust opportunities for professional growth and career advancement. Want to learn more about what you can look forward to during your career with us Visit our careers site and our openings:

Zafin welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.

Zafin is committed to protecting the privacy and security of the personal information collected from all applicants throughout the recruitment process. The methods by which Zafin contains uses, stores, handles, retains, or discloses applicant information can be accessed by reviewing Zafin's privacy policy at  By submitting a job application, you confirm that you agree to the processing of your personal data by Zafin described in the candidate privacy notice.