risk and compliance - secure by design(technology)
CRED
IT, Design, Legal
Bengaluru, Karnataka, India
Posted on Thursday, August 24, 2023
what is CRED?
CRED is an exclusive community for India’s most trustworthy and creditworthy individuals, where the members are rewarded for good financial behavior. CRED was born out of a need to bring back the focus on a long lost virtue, one of trust, the idea being to create a community centered around this virtue. a community that constantly strives to become more virtuous in this regard till they finally scale their behavior to create a utopia where being trustworthy is the norm and not the exception. to build a community like this requires a community of its own; a community special in its own way, working towards making this vision come true.
here’s a thought experiment: what do you get when you put a group of incredibly passionate and driven people and entrust them with the complete freedom to chase down their goals in a completely uninhibited manner? answer: you get something close to what we have at CRED; CRED just has it better.
here’s what will be in store for you at CRED once you join
objective of Secure by Design:to shift security, regulatory, privacy, regulatory contractual compliance to the left. we assess all the products right from design/ construct phase and ensure compliance to security, privacy and regulatory requirements
what you will do?
- work and establish credibility with groups involved with payment security and compliance matters (InfoSec, legal, business development, internal audit, fraud, physical security, developer community, networking, systems, etc.)
- review new / modifications of products features and processes. should provide support to internal departments in areas of compliance with regulatory bodies, and dissemination of circulars issued by regulators
- create control frameworks and gap assessment against various regulatory guidelines and compliance requirements
- collaborate with business/engineering teams to implement compliance plans to mitigate risks in the early stage of product development
- identify and support opportunities for improving third-party risk posture and processes, including expanded monitoring, KRI tracking, etc. by applying knowledge of security, regulatory, and third-party risk lifecycle frameworks
- you will remain up to date on laws applicable to IT security of the organisation and update policies accordingly
- support in partner due-diligence activities by providing response to RFPs/ RFIs and client questionnaire
- draft and maintain documentation for security compliance including but not limited to PCI-DSS, RBI PSS, ISO27001, card brands (Visa, Mastercard), etc
you should apply If you have:
- 2-6 years of relevant industry experience including information assurance, data privacy, and security compliance
- experience in managing Audits and Cyber Security controls, standards and framework implementation
- knowledge of cyber threats, vulnerabilities and risk in the payment industry
- experience in developing cyber security & privacy policies, procedures and standards
- basic understanding of regulatory requirements inline with fintechs
- basic knowledge of cloud (AWS / Azure / GCP)
- good to have certifications such as CISA/CISSP/CISM or other information security-related certification. exposure to different compliance standards related to the payments ecosystem (PCI DSS, PCI 3DS etc) and understanding of HSM components