CRED Looking for IT risk & compliance – secure by design at Bengaluru, Karnataka Full Time

CRED is an exclusive community for India’s most trustworthy and creditworthy individuals, where the members are rewarded for good financial behaviour. CRED was born out of a need to bring back the focus on a long lost virtue, one of trust, the idea is to create a community centred around this virtue. a community that constantly strives to become more virtuous in this regard till they finally scale their behaviour to create a utopia where being trustworthy is the norm and not the exception. to build a community like this requires a community of its own; a community special in its own way, working towards making this vision come true.

here’s a thought experiment: what do you get when you put a group of incredibly passionate and driven people and entrust them with the complete freedom to chase down their goals in a completely uninhibited manner? answer: you get something close to what we have at CRED; CRED just has it better.

here’s what will be in store for you at CRED once you join.

what will you do:
you will work and establish credibility with groups involved with payment security and compliance matters (InfoSec, legal, business development, internal audit, fraud, physical security, developer community, networking, systems, etc.).

you will maintain documentation for security compliance including but not limited to PCI-DSS, RBI PSS, ITGC, ISO27001, card brands (Visa, Mastercard), etc.

you will review new / modifications of products and processes. should provide functional support to internal departments in areas of compliance with regulatory bodies, and dissemination of circulars issued by regulators.

you will collaborate with business/service teams to implement compliance plans in developing risk registers covering various activities of the FinTech company.

you will identify and support opportunities for improving third-party risk posture and processes, including expanded monitoring, KRI tracking, etc. by applying knowledge of security, regulatory, and third-party risk lifecycle frameworks.

you will remain up to date on laws applicable to IT security of the organization and update policies accordingly.

you will understand and rationalize compliance requirements in the payment domains.

you should apply if you:
have 2-5 years of relevant industry experience including information assurance, data privacy, and compliance.

have CISA or other information security-related certification will be preferred.

have an experience in IT & Cyber Security risk as well as regulatory risk requirements. knowledge of periodic evaluation and review of the effectiveness of information security policies, procedures, standards, and processes.

have the ability to be a go-to person and communicate effectively with stakeholders (engineers, product, business teams)

have the drive to influence organizations and stakeholders by practicing a data-driven approach

have exposure to different regulatory compliance standards related to the payments ecosystem

how is life at CRED?

working at CRED would instantly make you realize one thing: you are working with the best talent around you. not just in the role you occupy, but everywhere you go. talk to someone around you; most likely you will be talking to a singer, standup comic, artist, writer, athlete, maybe a magician. at CRED people always have talent up their sleeves. with the right company, even conversations can be rejuvenating. at CRED, we guarantee a good company.

hard truths: pushing oneself comes with the role. and we realise pushing oneself is hard work. which is why CRED is in the continuous process of building an environment that helps the team rejuvenate oneself: included but not limited to a stacked, in-house pantry, with lunch and dinner provided for all the team members, paid sick leaves and comprehensive health insurance.

to make things smoother and to make sure you spend time and energy only on the most important things, CRED strives to make every process transparent: there are no work timings because we do not believe in archaic methods of calculating productivity, your work should speak for you. there are no job designations because you will be expected to hold down roles that cannot be described in one word. since trust is a major virtue in the community we have built, we make it a point to highlight it in the community behind CRED: all our employees get their salaries before their joining date. a show of trust that speaks volumes because of the skin in the game.

there are many more such eccentricities that make CRED what it is but that’s for one to discover. if you feel at home reading this, get in touch.