JOB PROFILE

Position
Location	Noida
Reporting Mgr. Name	Sushil Kumar
Department	IT Operations
Reporting Mgr. Designation	Infrastructure Head
Offered Grade

Our Purpose

At Niva Bupa, our purpose is “to give every Indian the confidence to access the best healthcare”.

Our Values

• Commitment
• Innovation
• Empathy
• Collaboration
• Transparency

Proficiency Level

(Please Tick)

• L1: HEAD OF FUNCTION/BUSINESS (Sr. Leadership Team)
• L2: MANAGER OF MANAGER
• L3: MANAGER
• L4: INDIVIDUAL CONTRIBUTOR

About Niva Bupa Health Insurance Company

Niva Bupa Health Insurance Company Limited (formerly known as Max Bupa Health Insurance Company Limited) is a joint venture between Fettle Tone LLP (an affiliate of True North Fund VI LLP), a leading Indian private equity firm, and the Bupa Group, a leading international healthcare company with a legacy of providing specialized healthcare services for over 70 years.

Niva Bupa’s growth story has been phenomenal. We are one of the fastest growing Stand Alone Health Insurers in the country with a current employee strength of 7000+ with growth rate of 154% since FY 20 and growing. We are a fully integrated health insurance provider with in-house claims processing; under-writing and servicing. Our goal is to achieve more than 10000 Cr GWP By 2027 & thus requires goal oriented individuals to be a part of this exciting growth journey to achieve it.

Niva Bupa is certified Great Place to Work for the 3rd year running and aims become one of the best workplaces in the BFSI industry.

Niva Bupa is an Equal Opportunity Employer committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. At Niva Bupa 12% of our team handling roles are led by women. We welcome specially-abled professionals to join our team.

ESG: Supporting action to protect, restore and regenerate local environments for the benefit of our customers our people, our communities and wider society.

For more Details visit our website - www.nivabupa.com

Job Summary

We are looking for a detailed-oriented Compliance / GRC Analyst to join our Infrastructure Management team. In this role, you will be responsible for ensuring that our IT infrastructure—including cloud environments, on-premises data centers, networks, and server environments—is aligned with internal governance policies, industry frameworks, and regulatory mandates.

You will work closely with infrastructure engineers and security teams to proactively identify operational risks, maintain our infrastructure risk register, and ensure our systems are always audit-ready.

Key Roles & Responsibilities

Governance & Policy Alignment:

Translate complex regulatory, legal, and security frameworks into clear, actionable technical policies and standards for the infrastructure teams. Conduct regular reviews of infrastructure documentation, standard operating procedures (SOPs), and architecture diagrams to ensure compliance alignment. Help define and monitor Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for infrastructure compliance.

Risk Management & Assessment:

Perform routine risk assessments across infrastructure domains (e.g., identity and access management, patch management, change control, and backup systems). Maintain and update the Infrastructure Risk Register; quantify risks and track risk acceptance/exception workflows. Collaborate with engineering teams to design and implement compensating controls where ideal compliance cannot be met.

Continuous Compliance Monitoring:

Implement and oversee continuous compliance monitoring processes (e.g., checking cloud configurations, firewall rule reviews, and vulnerability remediation tracking). Conduct internal pre-audit assessments to identify compliance gaps before external auditors find them. Ensure rigorous change management and access control processes are consistently followed and documented across all systems.

GRC Tooling & Evidence Management:

Administer and maintain data within our GRC platform (e.g., ServiceNow GRC, OneTrust, Archer, or Jira) to ensure a single source of truth for compliance data. Organize and maintain a library of reusable infrastructure compliance evidence, reducing fatigue on engineering teams during active audit cycles.

Key Requirements – Education & Certificates

Bachelor’s degree – BTech or equivalent.

Key Requirements - Experience & Skills

Technical

• Experience: 3–5 years of experience in an IT GRC, IT Compliance, IT Security, or IT Quality Assurance role, with a heavy focus on infrastructure.
• Framework Fluency: Hands-on experience working with at least two of the following: ISO 27001, SOC 2, NIST SP 800-53, CIS Benchmarks, PCI-DSS, or SOX ITGCs.
• Infrastructure Literacy: A foundational understanding of core infrastructure concepts—how firewalls work, cloud security basics (AWS/OCI), Active Directory/IAM structures, and patch cycles. (You don't need to configure them, but you must know how to audit them).
• Analytical Mindset: Exceptional eye for detail; ability to spot inconsistencies in massive log files, configurations, or process documents.
• Tooling: Experience utilizing GRC tools and project tracking systems (Jira/Confluence, ServiceNow, or equivalent compliance software).
• Collaboration: Strong interpersonal skills to partner with engineering teams, moving compliance from a "blocker" to an operational enabler.

Nice to have:

• Certifications such as CEH (Certified Ethical Hacker), Security+, CompTIA Linux+, or AWS/Azure Fundamentals.
• Experience working in an Agile/Scrum engineering environment.
• Knowledge of CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins) and how security tooling integrates into TechOps.

Behavioral

• Ownership and Accountability: Takes full responsibility for VAPT triaging.
• Collaboration and Influence: Works effective across internal teams and external vendors.
• Communication: Communicates technical issues clearly to both technical and non-technical audience.
• Analytical Thinking: Uses structured thinking and data-driven approach to solve problems, assess risks and make recommendations.
• Adaptability: Thrives in dynamic environment.

Key Functional Competencies

Functional competency

	Beginner	Intermediate	Expert
Competency 1
Competency 2

Targets/ KRA/ KPI (Tentative Business Nos./ Goals, Measure of Success & Weightages)

Goals	Measures of Success	Weightage
Company MOS	Defined as per Company Policy	Defined as per Company Policy

Functional Hierarchy/ Reporting Matrix

Hiring Manager has to inform the TA Team about the Reporting manager’s grade and the candidate’s grade. (Reporting Manager and Prospective New Hire Grade to be clearly mentioned below)