senior risk and compliance - secure by design

security & enterprise it – risk, compliance and privacy /
full time /
what is CRED?

CRED is an exclusive community for India’s most trustworthy and creditworthy individuals, where the members are rewarded for good financial behavior. CRED was born out of a need to bring back the focus on a long lost virtue, one of trust, the idea being to create a community centered around this virtue. a community that constantly strives to become more virtuous in this regard till they finally scale their behavior to create a utopia where being trustworthy is the norm and not the exception. to build a community like this requires a community of its own; a community special in its own way, working towards making this vision come true. 

here’s a thought experiment: what do you get when you put a group of incredibly passionate and driven people and entrust them with the complete freedom to chase down their goals in a completely uninhibited manner? answer: you get something close to what we have at CRED; CRED just has it better. 

here’s what will be in store for you at CRED once you join

objective of Secure by Design:to shift security, regulatory, privacy, regulatory contractual compliance to the left. we assess all the products right from design/ construct phase and ensure compliance to security, privacy and regulatory requirements

what you will do?

    • work and establish credibility with groups involved with payment / lending security and compliance matters (InfoSec, legal, business development, internal audit, fraud, physical security, developer community, networking, systems, etc.)
    • you will review new / modifications of products features and processes. should provide support to internal departments in areas of compliance with regulatory bodies (i.e. RBI, SEBI, IRDAI), and dissemination of circulars issued by regulators
    • you will create control frameworks in guidance of the team and conduct gap assessment against various regulatory guidelines and compliance requirements
    • you will collaborate with business/engineering teams to implement compliance plans to mitigate risks in the early stage of product development
    • you will identify and support opportunities for improving third-party risk posture and processes, including expanded monitoring, KRI tracking, etc. by applying knowledge of security, regulatory, and third-party risk lifecycle frameworks
    • you will remain up to date on regulations and fintech processes applicable to IT security of the organization and update policies accordingly
    • you will support in partner due-diligence activities by providing response to RFPs/ RFIs and client questionnaire 
    • You will draft and maintain documentation for security compliance including but not limited to PCI-DSS, RBI PSS, ISO27001, card brands (Visa, Mastercard), etc.

you should apply If :

    • you have 4-8 years of relevant industry experience including information assurance, data privacy, and security compliance
    • handled compliance implementation or information assurance/audit, data privacy 
    • experience in managing Audits and Cyber Security controls, standards and framework implementation
    • have knowledge of cyber threats, vulnerabilities and risk in the payment/lending industry 
    • have experience in developing cyber security & privacy policies, procedures and standards 
    • basic understanding of regulatory requirements inline with fintechs
    • basic knowledge of cloud (AWS / Azure / GCP)