Manager - Information Security (Governance, Risk and Compliance)

About the Team

At Navi, the InfoSec team safeguards our digital ecosystem - ensuring the confidentiality, integrity, and availability of critical systems and data. We lead the charge on cyber risk management, regulatory compliance, and data protection, while championing a security-first culture across all teams.

Our mission: Protect what powers Navi - securely, compliantly, and confidently.

About the Role

Navi is looking for an Associate Manager II – Information Security to pilot key aspects of its group-wide information security and regulatory compliance program. This role involves interpreting and implementing information security and technology risks mandates from regulators such as RBI, IRDAI, SEBI, and NPCI, ensuring continuous tech compliance across all business units. You will collaborate closely with engineering, infrastructure, legal, and IT teams to establish and maintain robust security policies, frameworks, and controls. Additionally, the role includes conducting risk assessments, enabling audit readiness, managing third-party/vendor security audits, and driving awareness initiatives across the organization, while also representing Navi in internal and external forums when needed.

What We Expect From You

• As Navi operates in the regulatory space, this role requires interpreting and helping implement regulations related to cyber security by Reserve Bank of India (RBI), IRDAI and SEBI, as well as any other applicable regulatory guidance related to the service offerings issued by relevant institutions.
• Further to the point above, ensure on-going monitoring and tech-compliance with existing regulatory expectations across these dimensions
• Lead the Information security - GRC practice for Navi group level.
• Ensuring that information security principles, policies, frameworks, standards and controls are defined, implemented and managed effectively.
• Partner and collaborate extensively with cross-functional teams, such as Engineering, Infrastructure, IT, Legal, and help minimize information security risks
• Architect and deliberate on the solutions that are compliant with relevant regulatory cybersecurity requirements
• Conduct and review results of Technology Risk Assessment, recommending mitigation strategies to bring the Risk to appropriate levels Nav is looking for a Senior Manager Information Security (GRC) to be part of the information security
• Ensure readiness of the organization for internal and external audits by keeping all documents, evidences, ready
• If required, represent Navi in Board and Board Committee meetings, as well as in discussions with regulators
• Conduct Security awareness programs, train personnel on data security & privacy related processes and responsibilities
• Review / conduct Third Party Risk Assessments & Vendor assessments before onboarding
• Review security solutions / controls implemented by Tech / Engineering teams, controls at data center,
• cyber / information security incidents, IT BCP and DR drills, cloud security controls
• Identify and define Security KPIs including weekly, monthly reports and update Security Dashboards

Must Haves

• Minimum 7
  + years of experience
  working in information security GRC
• Prior experience in the
  Fintech/Startup industry
  and knowledge of one of the regulatory compliances like
  PCI DSS, RBI Master Directives, IRDA, SEBI cyber security guideline
  is preferred.
• Hands-on approach in solving complex security problems
• Experience with
  Information Security & Risk Management frameworks
  like ISO27001, NIST SP 800-37, etc Cyber Kill Chain, MITRE ATT&CK, or other relevant frameworks
• Working knowledge of Cloud environments like
  AWS, GCP, Oracle cloud
  is beneficial
• Exposure to
  Agile methodologies, DevOps, Cloud technologies
  is beneficial

Soft Skills

• Ability to multitask and meet deadlines, and to prioritize in a highly dynamic work environment
• Ability to balance risk, potential impact, resourcing, business drivers, and timelines
• Excellent verbal and written communication skills
• Strong Product Thinking
• Strong problem solving
• Business acumen
• Technology grounding
• Strategic thinking
• Strong written and verbal communication skills with a talent for articulating.

Inside Navi

We are shaping the future of financial services for a billion Indians through products that are simple, accessible, and affordable. From Personal & Home Loans to UPI, Insurance, Mutual Funds, and Gold - we're building tech-first solutions that work at scale, with a strong customer-first approach.

Founded by
Sachin Bansal & Ankit Agarwal
in 2018, we are one of India's fastest-growing financial services organisations. But we're just getting started

Our Culture

The Navi DNA

Ambition. Perseverance. Self-awareness. Ownership. Integrity.

We're looking for people who dream big when it comes to innovation. At Navi, you'll be empowered with the right mechanisms to work in a dynamic team that builds and improves innovative solutions. If you're driven to deliver real value to customers, no matter the challenge, this is the place for you.

We chase excellence by uplifting each other and that starts with every one of us.

Why You'll Thrive at Navi

At Navi, it's about how you think, build, and grow. You'll thrive here if:

• You're impact-driven :
  You take ownership, build boldly, and care about making a real difference.
• You strive for excellence :
  Good isn't good enough. You bring focus, precision, and a passion for quality.
• You embrace change :
  You adapt quickly, move fast, and always put the customer first.