Security compliance lead

Posted: May 15, 2021, 6:45 a.m. - Full Time - Pune

About the company

Credit cards haven’t changed much for over half a century so our team of seasoned bankers, technologists, and designers set out to redefine the credit card for you - the consumer. The result is OneCard - a credit card reimagined for the mobile generation. OneCard is India’s best metal credit card built with full-stack tech. It is backed by the principles of simplicity, transparency, and giving back control to the user.

Check out our apps here:

OneCard (Best credit card app) :
OneScore (5 million downloads):

Our investors:
- Sequia
- Matrix Partners

Security Compliance Lead


Opportunity to build GRC practice grounds up for new Age Fintech startup, lead and implement PCI-DSS, ISO-27001, RBI compliances

What you will do:

Be SME for all applicable regulations, guidelines and industry best practices to manage risk and ensure compliance.
Be the single point of contact for all external entities related to Security and Compliance communications.
Owner for all security documentation such as policies, standards, and procedures.
Owner for driving security controls across all organisation functions.
Build continuous assessment practice which is superset of all required regulatory compliance.
Manages and supports Information Security Risk Management Life-cycle for the organization.
Provide adequate security and compliance against specific standards such as NIST 800-53, NIST 800-171, ISO 27001, SOX, PCI, HIPAA and other regulatory requirements.
Identifies and formally documents deviations from published standards, estimates risk level, recommends appropriate mitigation countermeasures in operational and non-operational situations.
Identify potential areas of IT compliance vulnerability and risk; guide the accountable stakeholders to develop/implement corrective action plans for resolution, and provide general guidance on how to avoid or deal with similar situations in the future. Risks should be identified, assessed and monitored on an ongoing firm-wide and individual entity basis

Experience Range:

4-6 years of experience in Cybersecurity & Risk Compliance Domain in areas including and limited to: System Security, Network Security , SOC, Risk & Compliance Management

Technical Expertise:

Auditing experience in ISO-27001, SOX, NIST, PCI-DSS
Experience with AWS Security and Compliance.
Prior experience in the Banking and Financial domain is nice to have.
Proven experience in Endpoint Security, Network Security, SIEM,SOC Advanced security tools – SOAR platform, Vulnerability Management, SIEM
Experience building Threat Modeling practice
Strong communication skills