senior risk and compliance - secure by design

9 Months ago • 4-8 Years • Legal

Job Summary

Job Description

Senior Risk & Compliance professional with 4-8 years experience in information assurance, data privacy & security compliance, managing audits and cyber security controls.

Must have:

Information Assurance
Data Privacy
Security Compliance
Cyber Security

Good to have:

PCI-DSS
RBI PSS
ISO27001
Cloud Security

Perks:

In-house Pantry
Health Insurance

5 skills required

5 skills required for this role

Add these skills to join the top 1% applicants for this job

construct

azure

aws

internal-audit

networking

Job Details

what is CRED?

CRED is an exclusive community for India’s most trustworthy and creditworthy individuals, where the members are rewarded for good financial behavior. CRED was born out of a need to bring back the focus on a long lost virtue, one of trust, the idea being to create a community centered around this virtue. a community that constantly strives to become more virtuous in this regard till they finally scale their behavior to create a utopia where being trustworthy is the norm and not the exception. to build a community like this requires a community of its own; a community special in its own way, working towards making this vision come true.

here’s a thought experiment: what do you get when you put a group of incredibly passionate and driven people and entrust them with the complete freedom to chase down their goals in a completely uninhibited manner? answer: you get something close to what we have at CRED; CRED just has it better.

here’s what will be in store for you at CRED once you join

objective of Secure by Design:to shift security, regulatory, privacy, regulatory contractual compliance to the left. we assess all the products right from design/ construct phase and ensure compliance to security, privacy and regulatory requirements

what you will do?

work and establish credibility with groups involved with payment / lending security and compliance matters (InfoSec, legal, business development, internal audit, fraud, physical security, developer community, networking, systems, etc.)
you will review new / modifications of products features and processes. should provide support to internal departments in areas of compliance with regulatory bodies (i.e. RBI, SEBI, IRDAI), and dissemination of circulars issued by regulators
you will create control frameworks in guidance of the team and conduct gap assessment against various regulatory guidelines and compliance requirements
you will collaborate with business/engineering teams to implement compliance plans to mitigate risks in the early stage of product development
you will identify and support opportunities for improving third-party risk posture and processes, including expanded monitoring, KRI tracking, etc. by applying knowledge of security, regulatory, and third-party risk lifecycle frameworks
you will remain up to date on regulations and fintech processes applicable to IT security of the organization and update policies accordingly
you will support in partner due-diligence activities by providing response to RFPs/ RFIs and client questionnaire
You will draft and maintain documentation for security compliance including but not limited to PCI-DSS, RBI PSS, ISO27001, card brands (Visa, Mastercard), etc.

you should apply If :

you have 4-8 years of relevant industry experience including information assurance, data privacy, and security compliance
handled compliance implementation or information assurance/audit, data privacy
experience in managing Audits and Cyber Security controls, standards and framework implementation
have knowledge of cyber threats, vulnerabilities and risk in the payment/lending industry
have experience in developing cyber security & privacy policies, procedures and standards
basic understanding of regulatory requirements inline with fintechs
basic knowledge of cloud (AWS / Azure / GCP)

how is life at CRED?

working at CRED would instantly make you realize one thing: you are working with the best talent around you. not just in the role you occupy, but everywhere you go. talk to someone around you; most likely you will be talking to a singer, standup comic, artist, writer, an athlete, maybe a magician. at CRED people always have talent up their sleeves. with the right company, even conversations can be rejuvenating. at CRED, we guarantee a good company.

hard truths: pushing oneself comes with the role. and we realise pushing oneself is hard work. which is why CRED is in the continuous process of building an environment that helps the team rejuvenate oneself: included but not limited to a stacked, in-house pantry, with lunch and dinner provided for all the team members, paid sick leaves and a comprehensive health insurance.

to make things smoother and to make sure you spend time and energy only on the most important things, CRED strives to make every process transparent: there are no work timings because we do not believe in archaic methods of calculating productivity, your work should speak for you. there are no job designations because you will be expected to hold down roles that cannot be described in one word. since trust is a major virtue in the community we have built, we make it a point to highlight it in the community behind CRED: all our employees get their salaries before their joining date. a show of trust that speaks volumes because of the skin in the game.

there are many more such eccentricities that make CRED what it is but that’s for one to discover. if you feel at home reading this, get in touch.