Risk and Compliance - Secure by Design(Technology)

You must Sign In before continuing to the company website to apply.

Smart SummaryPowered by Roshi

Work and establish credibility with groups involved in payment security and compliance matters. Review new/modifications of products features and processes. Collaborate with business/engineering teams to implement compliance plans and mitigate risks. Stay updated on IT security laws and update policies accordingly. Support partner due-diligence activities and maintain documentation for security compliance.

what you will do?

work and establish credibility with groups involved with payment security and compliance matters (InfoSec, legal, business development, internal audit, fraud, physical security, developer community, networking, systems, etc.)
review new / modifications of products features and processes. should provide support to internal departments in areas of compliance with regulatory bodies, and dissemination of circulars issued by regulators
create control frameworks and gap assessment against various regulatory guidelines and compliance requirements
collaborate with business/engineering teams to implement compliance plans to mitigate risks in the early stage of product development
identify and support opportunities for improving third-party risk posture and processes, including expanded monitoring, KRI tracking, etc. by applying knowledge of security, regulatory, and third-party risk lifecycle frameworks
you will remain up to date on laws applicable to IT security of the organisation and update policies accordingly
support in partner due-diligence activities by providing response to RFPs/ RFIs and client questionnaire
draft and maintain documentation for security compliance including but not limited to PCI-DSS, RBI PSS, ISO27001, card brands (Visa, Mastercard), etc

you should apply If you have:

2-6 years of relevant industry experience including information assurance, data privacy, and security compliance
experience in managing Audits and Cyber Security controls, standards and framework implementation
knowledge of cyber threats, vulnerabilities and risk in the payment industry
experience in developing cyber security & privacy policies, procedures and standards
basic understanding of regulatory requirements inline with fintechs
basic knowledge of cloud (AWS / Azure / GCP)
good to have certifications such as CISA/CISSP/CISM or other information security-related certification. exposure to different compliance standards related to the payments ecosystem (PCI DSS, PCI 3DS etc) and understanding of HSM components

Set alert for similar jobsRisk and Compliance - Secure by Design(Technology) role in Bengaluru, India

Company

CRED

Job Posted

a year ago

Job Type

Full-time

WorkMode

On-site

Experience Level

3-7 Years

Related Jobs

AML compliance head

CRED

Bengaluru, Karnataka, India

Posted: a year ago

Design, operate, and monitor sanction screening program, ensuring lowest false positives and sanction violation risks. Review and design suspicious activity monitoring program. Build robust AML systems. Assess and mitigate money laundering and terrorist financing risks. Evaluate new products for ML & TF risks. Manage and train AML analysts. Participate in industry forums. Apply if you have 8+ years in Banking/Finance, managed AML programs, completed AML compliance certification, and experience with regulators.

System Engineer - Core (Enterprise IT)

CRED

Bengaluru, Karnataka, India

Posted: a year ago

Design, deploy, and support CRED’s IT Infrastructure and Operations. Manage corporate and hub offices automation. Create metrics dashboard to maintain alignment of deployed systems. Own technical projects related to Corp and Hub offices. Set up and run end user computing solutions. Deploy and support Enterprise Collaboration, Conference, and Content Management platforms. Monitor and maintain systems. Apply if you have experience in software development and automation, strong problem-solving abilities, and knowledge of networking and security.

Cloud Security

CRED

Bengaluru, Karnataka, India

Posted: a year ago

Work on a diverse domain of information security, including infrastructure and data security. Responsibilities include identifying security issues, implementing security for cloud-based systems in AWS, automating infrastructure security, conducting security reviews, and establishing a state of the art security culture. Help teams achieve compliance with industry best practices.

Threat Detection Engineer

CRED

Bengaluru, Karnataka, India

Posted: a year ago

As a Threat Detection Engineer at CRED, you will work on diverse information security domains, focusing on infrastructure and data security. You will be responsible for identifying and mitigating security issues, building solutions, and maintaining security for cloud-based systems. Additionally, you will research new detection ideas, respond to security incidents, automate incident responses, conduct threat hunting operations, and establish a strong security culture within the organization.

Governance Risk And Compliance Consultant(2-3yrs)

Atos

Bangalore Urban, Karnataka, India

Posted: a year ago

JOB DESCRIPTION Eviden is an Atos Group business with an annual revenue of circa € 5 billion and a global leader in data-driven, trusted and sustainable digital transformation. As a next generation digital business with worldwide leading positions in digital, cloud, data, advanced computing and security, it brings deep expertise for all industries in more than 47 countries. By uniting unique high-end technologies across the full digital continuum with 55,000 world-class talents, Eviden expands the possibilities of data and technology, now and for generations to come. Associate Engineer PROFESSIONAL SERVICES Experienced in Information Security Risk Management with experience in implementing and maintaining Risk Management frameworks (ISO 31000 & ISO 27001) • Should have executed and managed consulting and audit assignments for clients in the areas such as internal audit, operational risk management and compliance management. • Should be adept at conducting gap analysis, risk assessments to identify vulnerabilities. • Have worked with organizations to develop Business Continuity Plans and Disaster Recovery related processes. • Should be able to understand and explain technical vulnerabilities • Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security • Should have Knowledge on information security incident management. Specific Duties and Responsibilities Include: • Proactively protect the organizations information by ensuring appropriate information security controls are in existence and enforced • Conduct audits to verify the compliance to organizations security standards • Assist in Business Continuity Planning and Implementation. • Metrics collection & reporting Must Have Skills • Excellent communication and presentation skills. • Able to effectively interact with various functions. • Good to have Skills / Certification Minimum: ISO27001:2013 Lead Auditor course • Good to have: CISSP, CISA, CISM, ISO22301QualificationBE/ BTech, MCA, MBA with specialization in Information Security

Corporate Technology Integrations Engineer

Stripe

Toronto, Ontario, Canada

Posted: a year ago

What you’ll do In this role, you'll be responsible for ensuring the integrations we build are robust, scalable, and secure, meeting compliance and security requirements. In the first 30 days, you'll receive a thorough orientation and training on our systems and processes. You'll start by learning about our existing integrations and help to develop and contextualize our roadmap for future integrations. In the first 60 days, you'll help implement our iPaas solution to begin developing new integrations and migrate existing ones. By the end of the first 90 days, you'll have delivered several high-quality integrations that have made a positive impact on the business. The day-to-day in this role involves: Participating in Sprint Ceremonies    Collaborating with various stakeholders   Designing, implementing and testing new integrations   Enhancing or troubleshooting existing integrations   Responsibilities Design and implement integrations using an iPaaS solution   Collaborate with business analysts, developers, and end-users to gather requirements and build integrations that streamline business processes and improve efficiency   Ensure integrations are robust, scalable, and secure, meeting compliance and security requirements   Develop and maintain technical documentation, including design documents, database schema designs, and runbooks   Troubleshoot and resolve issues related to integrations, working with stakeholders and the iPaaS vendor as necessary   Participate in code reviews and adhere to software development lifecycle standards and best practices   Test and validate integrations with end-users to ensure they meet their needs and requirements   Participate in an on-call rotation   Who you are We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement. Minimum requirements Bachelor's degree (or equivalent experience) in Computer Science or related field   4+ years of experience in designing and implementing integrations using an iPaaS solution such as Mulesoft, Informatica, Boomi, Workato etc   Experience working with APIs, web services, and data formats such as JSON and XML   Proficient in at least one programming language, such as Java, Go, Ruby, Python, or JavaScript   Experience with database technologies such as SQL and NoSQL databases   Experience working in a faced paced environment   Strong communication and collaboration skills   Preferred qualifications Experience working in an Agile development environment   Deep understanding of authentication mechanisms such as OAuth and JWT   Experience building AWS lambdas, GCP cloud run, or AWS functions