risk and compliance - secure by design(technology)
security & enterprise it – risk, compliance and privacy /
what is CRED?
CRED is an exclusive community for India’s most trustworthy and creditworthy individuals, where the members are rewarded for good financial behavior. CRED was born out of a need to bring back the focus on a long lost virtue, one of trust, the idea being to create a community centered around this virtue. a community that constantly strives to become more virtuous in this regard till they finally scale their behavior to create a utopia where being trustworthy is the norm and not the exception. to build a community like this requires a community of its own; a community special in its own way, working towards making this vision come true.
here’s a thought experiment: what do you get when you put a group of incredibly passionate and driven people and entrust them with the complete freedom to chase down their goals in a completely uninhibited manner? answer: you get something close to what we have at CRED; CRED just has it better.
here’s what will be in store for you at CRED once you join
objective of Secure by Design:to shift security, regulatory, privacy, regulatory contractual compliance to the left. we assess all the products right from design/ construct phase and ensure compliance to security, privacy and regulatory requirements
what you will do?
- work and establish credibility with groups involved with payment security and compliance matters (InfoSec, legal, business development, internal audit, fraud, physical security, developer community, networking, systems, etc.)
- review new / modifications of products features and processes. should provide support to internal departments in areas of compliance with regulatory bodies, and dissemination of circulars issued by regulators
- create control frameworks and gap assessment against various regulatory guidelines and compliance requirements
- collaborate with business/engineering teams to implement compliance plans to mitigate risks in the early stage of product development
- identify and support opportunities for improving third-party risk posture and processes, including expanded monitoring, KRI tracking, etc. by applying knowledge of security, regulatory, and third-party risk lifecycle frameworks
- you will remain up to date on laws applicable to IT security of the organisation and update policies accordingly
- support in partner due-diligence activities by providing response to RFPs/ RFIs and client questionnaire
- draft and maintain documentation for security compliance including but not limited to PCI-DSS, RBI PSS, ISO27001, card brands (Visa, Mastercard), etc
you should apply If you have:
- 2-6 years of relevant industry experience including information assurance, data privacy, and security compliance
- experience in managing Audits and Cyber Security controls, standards and framework implementation
- knowledge of cyber threats, vulnerabilities and risk in the payment industry
- experience in developing cyber security & privacy policies, procedures and standards
- basic understanding of regulatory requirements inline with fintechs
- basic knowledge of cloud (AWS / Azure / GCP)
- good to have certifications such as CISA/CISSP/CISM or other information security-related certification. exposure to different compliance standards related to the payments ecosystem (PCI DSS, PCI 3DS etc) and understanding of HSM components