GRC Lead
Aspire is the leading all-in-one finance operating system for growing businesses in APAC. We are on a mission to reinvent business finance for a new generation of entrepreneurs and business owners, empowering startups and MSME to realise their full potential.
Founded in 2018, Aspire has raised over USD 300M+ across equity and debt from world-class investors. In 2023, we successfully closed an oversubscribed USD 100 million Series C equity round led by Sequoia Capital and Lightspeed Ventures with participation of Tencent, Paypal Ventures, LGT Capital Partners, Picus Capital and MassMutual Ventures. To power our solutions, we have partnered with some of the best companies in the world such as Visa and Wise and helped more than 50,000 businesses using our suite of products.
For 2 consecutive years in 2022 & 2023, Aspire has been awarded Best Employer of the Year and Startup of the year by Asia FinTech Awards, and also LinkedIn’s Top Startup in Singapore. In 2023, we also made it to CB Insights’ Top 100 Global Fintech List.
You will be amazed by the energy and experience of our team! Aspire serves as an environment for you to innovate and drive change with our team of ex-entrepreneurs, ex-founders, and high-achievers with international and diverse backgrounds.
Are you a top talent who is passionate about entrepreneurship? Join our rapidly growing team to make an impact in the fintech space!
At Aspire, we recognize that data and infrastructure security are paramount to the success and trust of our customers. Our Security Team is at the forefront of protecting and securing our systems, ensuring compliance with industry best practices, and continuously learning and evolving to stay ahead of emerging threats. Our emphasis extends to data privacy, seamlessly integrating it into our security initiatives.
About the role:
As the Governance, Risk, and Compliance (GRC) Lead, you will be responsible for hands-on driving IT certification, audits and licensing efforts within Aspire and subsidiaries. You will be reporting to Aspire’s Head of Information Security and will have the exciting opportunity to be part of a fast-growing team in one of the top 100 fintech companies globally!
- Global Governance:
- Create, maintain, and periodically review IT security policies, procedures, guidelines, and frameworks in accordance with industry standards.
- Help to align IT/security solutions and infrastructure with MAS TRM, MAS Cyber Hygiene, PDPA, PCI-DSS, SOC2, ISO 27001, GDPR, DORA, CCPA, PDPO, CFI, Privacy Act 1988 and ACSC Essential Eight.
- Risk Management:
- Create and conduct risk assessments and drive other IT/security related activities and projects to identify vulnerabilities.
- Run the IT Risk committee
- Monitor the organization's risk posture and ensure mitigation strategies are in place.
- Vendor Due Diligence:
- Perform thorough due diligence on third-party vendors, assessing their security posture, compliance with relevant regulations, and overall risk level before onboarding.
- Regularly review vendor risk profiles and monitor them for any changes that could impact the organization.
- Compliance:
- Ensure practices and standards compliance, particularly concerning MAS TRM, MAS Cyber Hygiene, PDPA, PCI-DSS, SOC2, ISO 27001, GDPR, DORA, CCPA, PDPO, CFI, Privacy Act 1988 and ACSC Essential Eight.
- Conduct and drive audits, penetration tests, and other compliance efforts, addressing findings effectively.
- Collaboration:
- Liaise with internal and external auditors, plus directly with regulatory bodies across the region as well as in EU, US, AU, JP, HK and UK to ensure full compliance with technology related requirements.
- Collaborate and drive cross-departmentally communication and full compliance with technology risk requirements over the whole technology stack.
- Reporting:
- Provide regular precise and condensed updates to stakeholders about the company's GRC status and initiatives.
- Produce actionable reports based on audits, risk assessments, compliance efforts with key points, milestones, ETAs and high level considerations.
- Continuous Improvement:
- Drive information security awareness campaigns tailored to regulatory requirements and standards.
- Stay updated with the latest changes and best practices in MAS TRM, MAS Cyber Hygiene, PDPA, PCI-DSS, SOC2, ISO 27001, GDPR, DORA, CCPA, PDPO, CFI, Privacy Act 1988 and ACSC Essential Eight and implement these into the organization.
Minimum qualifications:
- A degree in Technology, Engineering, MBA or a related qualification.
- Proven experience in cybersecurity, GRC, with direct contact to a regulatory body.
- Minimum of 7 years of experience in the GRC sector.
- Strong understanding with at least PCI-DSS, SOC2, and ISO 27001.
- Proven experience to create/drive risk governance, policies and procedure from scratch
- Ability to navigate several projects at the same time with tight deadlines.
- Very strong communication skills in English, proficient in conveying complex technical and regulatory details in a structured and concise way.
- Able to condense complex topics into a well organized and visually appealing slide deck for senior management.
- Collaborative team player, eager to work across departments to ensure full compliance.
Preferred qualifications:
- Familiarity with MAS TRM, MAS Cyber Hygiene, PDPA
- Worked in MAS-regulated environments
- Relevant certifications such as CISM, CISA, CISSP, PCI QSA or ISO 27001 Lead Auditor are highly desirable
- Strong experience also in MAS TRM, MAS Cyber Hygiene, PDPA, GDPR, DORA, CCPA, PDPO, CFI, Privacy Act 1988 and ACSC Essential Eigh
- This will be a hybrid position (2 days in office) based in Gurgaon or Bangalore.
What we offer
- Uncapped flexible annual leave.
- Hybrid work arrangement.
- Training subsidy for your professional growth.
- Wellness benefit.
- Team bonding budget to foster collaboration and sense of belonging.
- Flexibility to work from anywhere (for up to 90 days per annum).
- Culture is Key: We always strive to cultivate a special culture that brings special talents together - You can learn more about our culture on our careers site and LinkedIn Life page.
Equal Opportunity Statement
Aspire is an equal opportunity employer and is committed to providing equal employment opportunities to all qualified individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or any other protected characteristic as outlined by applicable laws.
Please note: by submitting your application, you acknowledge that you have read and understood Aspire’s Data Protection Policy for Employees, Freelancers, Contractors and Job Applicants (the “Policy”), and consent to the collection, use and disclosure of your personal data by Aspire for the purposes set out in the Policy. You may withdraw consent for such collection, use and disclosure, and make an access or correction request in respect of your personal data, in accordance with the Policy by emailing people@aspireapp.com.
Apply for this job
*
indicates a required field