About the Role:

The Underwriting Quality Auditor ensures the accuracy, consistency, and compliance of underwriting decisions by conducting structured case audits, identifying quality gaps, and driving continuous improvement across the underwriting function.

Roles and Responsibilities:

• Audit underwriting cases to evaluate risk decisions, evidence utilization, and documentation quality against carrier guidelines and SOPs
• Track and report quality metrics — error rates, decision accuracy, and SLA compliance
• Provide structured feedback and support coaching interventions for underwriters
• Identify trends in errors and evidence quality; escalate systemic issues to leadership
• Collaborate with training team on identifying training needs
• Contribute to process improvement, SOP enhancement, and automation initiatives

Qualifications and Skills

• Graduate/Postgraduate in Medicine, or related field (M Pharma / Nursing/MBBS preferred)
• >5 years in Life/Health Insurance Underwriting with exposure to quality or audit functions
• Strong knowledge of APS/EHR/Lab Piq interpretation and US based underwriting guidelines
• High attention to detail and analytical thinking
• Strong communication for feedback and reporting
• Proficiency in MS Excel for trend analysis and scorecards

#LI-KP1
#LI-Hybrid

About Us

OpenFX is on a mission to move money as freely as data, unrestricted by time zones, banking hours, or legacy systems. We are building the infrastructure that will power the next generation of cross-border payment systems for institutions. The team's execution has been exceptional, and we're scaling at a remarkable pace. Our stellar early team comes with experience in companies like J.P. Morgan, Goldman Sachs, FalconX, Paypal, Affirm, Polygon, Kraken, Nium & others. We're backed by Accel, Faction, NfX, Accomplice, and other top-tier investors.

Role Overview

OpenFX is expanding globally in a heavily regulated financial environment. As we scale into new regions, regulators, auditors, and enterprise partners expect provable, continuously operating security controls. We need someone who can turn regulatory requirements into real, running controls—and then prove to auditors that they work. You will own the security controls and evidence that regulators and auditors care about, end to end, ensuring compliance is built into the platform rather than bolted on after the fact.

Key Responsibilities

• Design, implement, and maintain technical and operational controls for SOC 2, ISO 27001, GDPR, DORA, and future regional requirements
• Ensure controls are not just documented, but actually enforced in AWS, Kubernetes, and application layers
• Translate regulatory language into concrete security mechanisms in partnership with Legal and Compliance
• Own audit preparation, evidence collection, walkthroughs, and remediation tracking
• Build repeatable, automated evidence pipelines instead of last-minute scrambles
• Work with engineering to design systems that are secure by default and defensible to regulators
• Ensure logging, access controls, encryption, monitoring, and change management meet regulatory expectations
• Build tooling and scripts to continuously validate controls (access reviews, logging coverage, config drift)
• Reduce manual compliance work over time by pushing checks into code and infrastructure
• Monitor new regulations and assess technical impact across the platform

What We're Looking For

Required

• 6+ years in security engineering, cloud security, or compliance-focused security roles
• Hands-on experience supporting SOC 2, ISO 27001, GDPR, DORA, or similar regulatory frameworks
• Ability to translate regulatory requirements into technical controls
• Strong working knowledge of AWS security fundamentals (IAM, logging, encryption, networking)
• Comfortable owning auditor interactions and explaining systems clearly
• Experience building or automating security/compliance processes (Python, Bash, Go, etc.)

Preferred

• Experience securing Kubernetes environments
• Familiarity with AppSec tooling (SAST/DAST, manual testing)
• Experience with AWS security services (GuardDuty, Config, Security Hub)
• Prior work in fintech, payments, or regulated infrastructure
• Security or compliance certifications (CISSP, CISA, ISO 27001 Lead Implementer, AWS Security)

What We Offer

• Competitive salary and benefits package.
• Equity in a rapidly growing company.
• Opportunity to work in a fast-paced startup at the forefront of fintech innovation.
• Opportunity to make a significant impact on global financial infrastructure.
• Collaborative work culture with emphasis on personal and professional growth.

We are committed to building a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

JOB DESCRIPTION

Senior/Staff Engineer – InfoSec Risk & Compliance

Location: Bengaluru, India | Department: Information Security
Experience Level: 6-9+ years | Employment Type: Full-Time, Permanent

Lead compliance transformation and security governance scaling at Netradyne. Own enterprise GRC platform implementation, manage multi-framework audits (ISO 27001/42001, SOC 2, HIPAA), and drive customer compliance acceleration enabling enterprise revenue growth.

KEY RESPONSIBILITIES

Facilitate Audit & Certification

• Drive ISO 42001 (AI governance), SOC 2 Type II, RED Directive EN 18031, ISO 27001, HIPAA programs
• Design vendor risk assessment program with SLA enforcement
• Manage external audits and certification timelines

GRC Platform Implementation

• Lead enterprise GRC tool deployment and configuration across all frameworks
• Build automated evidence collection, remediation tracking, and compliance reporting
• Create executive risk dashboards and governance reporting

Customer Compliance & Revenue

• Build RFP/RFI response framework reducing turnaround to <10 business days
• Develop customer-facing Trust Centre portal reducing RFP volume
• Manage customer security questionnaires and account support

Risk Optimization & International Support

• Design quarterly self-assessment (QSA) process via GRC automation
• Maintain AI risk register (model degradation, bias, privacy risks)
• Support 15-country compliance expansion (GDPR, local regulations)

REQUIRED QUALIFICATIONS

Education & Certifications

• Bachelor’s/master’s degree in information security, Computer Science, or related field
• Active professional certification: CISSP, CCSP, CISM, CCSK, ISO 27001/42001 Lead Auditor, or equivalent
• Demonstrated audit Senior/Staff: ISO 27001 and/or SOC 2 field audit participation (2+ cycles)

Core Technical Competencies (Must Have)

KNOWLEDGE & PROFESSIONAL SKILLS

Technical Skills: (Should Have)

• Enterprise Resilience:Design BCP/DR, failover testing, 24/7 uptime SLAs for multi-region expansion
• AI Security:Threat modelling, adversarial attack scenarios, responsible AI assurance (ISO 42001)
• Cloud Compliance:Data classification, multi-region governance, DLP enforcement, CloudTrail/Azure Logs monitoring
• Infrastructure-as-Code:Terraform/CloudFormation for audit-trail automation
• API Integration:REST APIs for GRC, ticketing systems, SIEM/DLP tool integration

Preferred: IoT/embedded systems (RED Directive), RPA, network-layer authentication (RADIUS/LDAP), certificate management

Professional:

• Collaborate with cross-functional teams (IT, Engineering, Sales, Device, Finance, Legal, Privacy, HR) for compliance alignment
• Lead GRC platform implementation and governance workflow design
• Communicate risk and compliance status to executive leadership and board
• Support 24/7 on-call rotation for security incidents and emergencies
• Continuous learning mindset; ability to adopt emerging compliance frameworks (AI governance, new regulations)