The Role
The Infosec GRC Associate II is responsible for audit compliance, risk assessment, and vendor management related to PCI DSS and ISO 27001 standards, collaborating with internal teams and stakeholders.
Summary Generated by Built In
About us Build the future of banking.
Zeta is a next-generation banking technology company providing cloud-native, fully stackable processing and core banking platforms for issuers. With a focus on scalability, compliance, and innovation, Zeta empowers financial institutions to modernize their technology infrastructure and deliver secure, seamless digital banking experiences.
Our impact runs at real-world scale. Today, over 25 million cards are live on Zeta-powered platforms across 7 countries, supported by a passionate team of 1,700+ Zetanauts across India, the US, EMEA, and Asia. Backed by SoftBank Vision Fund, Mastercard, and other reputed strategic investors, we reached a valuation of $2 billion in 2025.
Our focus is on establishing product lines that focus on key outcomes by addressing real customer pain points, modernizing legacy systems, and strengthening core fundamentals. As a result, our systems and platforms support a wide range of banking and payments capabilities, including:
1. Tachyon, our cloud-native banking stack built for population-scale systems
2. Cipher, our unified authentication platform for secure, high-volume banking environments
3. Digital Credit as a Service, enabling banks to launch credit lines on UPI
4. Elena, our intelligent and conversational AI platform for banking
5. Pixel, India’s first digital-native credit card, launched in partnership with HDFC Bank, for whom we also revamped their PayZapp mobile app: Winner of the Celent Model Bank Award for Payments Innovation 2024
6. Sparrow, the leading card experience for non-prime cardholders in the US
…and more across cards, payments, lending, and core banking.
We are an engineering-first organization that values ownership, bias for action, and long-term thinking. Together, we solve some of the hardest problems in banking tech. Our culture is built around trust, collaboration, and creating the conditions for you to drive impact proportionate to your potential. Reinforcing our commitment to creating an inclusive and supportive workplace, we have been consistently recognized as a Great Place to Work.
If you want to build cutting-edge banking tech that enables banks to serve millions reliably, securely, and at a population scale, Zeta is your playground.
If you would like to learn more about how we have grown and evolved over the years, watch our journey here. You can also explore our website and follow us on LinkedIn, Instagram,YouTube, and X.
Zeta is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We encourage applicants from all backgrounds, cultures, and communities to apply and believe that a diverse workforce is key to our success.
The Role:
This role is part of the Information Security Process and Compliance Team of Zeta. The Sr. Associate of InfoSec Audit and compliance is responsible for preparing and supporting PCIDSS, ISO 27001 and SOC external Audits. Actively participate, strengthen and improve Internal Audit process and provide assurance on internal technology and process compliance. Collaborate with the Cloud and Product security team to drive Risk and compliance goals.
Responsibilities
- Work with internal and external stakeholders to assess the IT architecture or proposed IT architecture solutions to identify the risk areas with regards to PCI controls.
- Assess the network architecture and or reviews the Firewall rulesets, Network devices/appliances to see if they are aligned with the PCI control requirements and recommends compensatory controls where necessary.
- Execute operational activities to support audit and compliance activities including technical validation processes.
- Conduct PCI DSS scoping engagements, gap analysis and assessments related to securing the Cardholder Data Environment.
- Effectively multi-tasks on multiple assignments and deliverables.
- Actively accepts individual and team responsibilities to meet commitments. Takes responsibility for own performance and actions and demonstrates responsibility and teamwork towards overall team/department goals.
- Discuss the SOP document with all relevant stakeholders - right from process owner to the BU functional heads Detailed understanding of SOC reports (SOC2, Type 1, 2), ISMS reports and ability to relate the IT General Controls, IT Application Controls, Cyber Controls to the SOC framework.
- Develop and Maintain Vendor Risk Management /Third Party Risk Management Program including Vendor Onboarding Audit, Periodic Vendor Assessment, Maintain TPRM Database.
- Review and implement controls and policies as per RBI and other regulatory requirements. Maintain ISMS framework, evaluate effectiveness of implemented controls and provides recommendations for improvement.
- Facilitate Client Due - Diligence in collaboration with Business.
- Develop and Maintain Enterprise Risk Assessment framework.
- Perform Internal Assessment against various Standards to ensure the established policies are being followed and prepare internal reports.
- Contract review and providing responses to client Request for Proposal (RFP)
Skills
- Good Understanding of Technology Risk Assessment Frameworks and Application risk Assessment.
- Good Understanding and hands on experience on PCI DSS Standard and various PCI compliance is must.
- Experience of working in the Banking or Payment sector is preferred.
- Hands-on experience with various Audits and Standards Such as ISMS, SSAE 18, ISO 27001,ISO 31000, ISO 22301, CSA Star, NIST Risk framework, PCI DSS, PCI 3DS, PCI PA-DSS/SSF, PCI S3 etc.
- Good to have Information Security Certifications like CISA, CISM, CISSP etc.
- Experience of Vendor Risk Assessment and responding to client Request for Proposal(RFP).Excellent written and oral communication and penchant for technical documentation
Experience and Qualifications
- 2 - 5 years of experience in Information Security and Compliance in medium tolarge-sized companies.
- Bachelor of Technology (BE/B.Tech),M.Tech or ME in Computer Science, MCA or equivalent.
Top Skills
Csa Star
Isms
Iso 22301
Iso 27001
Iso 31000
Nist Risk Framework
Pci 3Ds
Pci Dss
Pci Pa-Dss/Ssf
Pci S3
Soc
Ssae 18
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Founded in 2015, Zeta is a provider of next-gen credit card processing platform. Zeta’s cloud-native and fully API-enabled stack offers a comprehensive range of capabilities, including processing, issuing, lending, core banking, fraud detection, and loyalty programs. With a strong focus on technology, Zeta has over 1700+ employees and contractors, with more than 70% dedicated to technology roles. Operating across the US, UK, Middle East, and Asia, Zeta has served a global customer base of 35+ clients who have issued over 15 million cards on Zeta's platform to date. Backed by prominent investors such as Softbank Vision Fund 2 and Mastercard, Zeta has raised $280 million, at a valuation of $1.5 billion.
.png)
