Manager - Infosec GRC

About Zeta

Zeta is a Next-Gen Banking Tech company that empowers banks and fintechs to launch banking products for the future. It was founded by Bhavin Turakhia and Ramki Gaddipati in 2015.

Our flagship processing platform - Zeta Tachyon - is the industry’s first modern, cloud-native, and fully API-enabled stack that brings together issuance, processing, lending, core banking, fraud & risk, and many more capabilities as a single-vendor stack. 20M+ cards have been issued on our platform globally.

Zeta is actively working with the largest Banks and Fintechs in multiple global markets transforming customer experience for multi-million card portfolios.

Zeta has over 1700+ employees - with over 70% roles in R&D - across locations in the US, EMEA, and Asia. We raised $280 million at a $1.5 billion valuation from Softbank, Mastercard, and other investors in 2021.

Learn more @ www.zeta.tech, careers.zeta.tech, Linkedin, Twitter

The Role:

This role is part of the Information Security Process and Compliance Team of Zeta. The Manager Process & Compliance of InfoSec Audit and compliance is responsible for preparing and supporting PCIDSS, ISO 27001 and SOC external Audits. Actively participate, strengthen and improve Internal Audit process and provide assurance on internal technology and process compliance. Collaborate with the Cloud and Product security team to drive Risk and compliance goals.

Responsibilities

• Responsible for entire security of Zeta’s Tech stack (Cloud & On-prem)Perform regular VA/PT for Web, Network, Cloud and Mobile applications
• Integrate security testing tools (SAST, DAST) in to CI/CD pipelines
• Regular code reviews, involve in application design discussions
• Maintain audit and compliance (ISO 27001, PCI DSS/3DS, SSAE18,GDPR, UIDAI etc.) of infra and applications
• Perform Threat Modelling of Web/Mobile applications
• Guide the technology organizations security and privacy initiatives by participating in reviews
• Conduct and review data privacy, data governance, cybersecurity and testing standards
• Designs internal auditing procedures and ensures they are followed
• Perform auditing and compliance activities to ensure the established policy is being followed
• Monitors procedures for effectiveness and provides recommendations for improvement
• Plan and Assist in developing strategic direction for information security and compliance initiatives within Cloud and the traditional data center
• Contribute in maintaining ISO 27001, PCI DSS, SSAE18,GDPR, UIDAI etc. Security and Compliance Standards
• Develop and implement processes and controls applicable for privacy and data protection requirements i.e. GDPR, LGPD, CCPA, PDPA etc
• Perform Privacy Assessment/Privacy Impact Assessment
• Review relevant data privacy laws and provide inputs on product implementation on Privacy as Subject Matter Expert and address various data privacy client questionnaires
• Maintain Risk Assessment framework
  
  
  

• Hands on experience with Audits and Standards (PCI DSS, PCI 3DS, PCI PA-DSS/SSF, SSAE 18, ISO 27001, GDPR etc)
• Good Understanding of Risk Assessment Frameworks (ISO 31000, NIST Risk framework etc.)
• Experience in Enterprise Risk Assessment and Application risk Assessment
• Experience of Vendor Risk Assessment and respond to client Request for Proposal (RFP)Review configuration and hardening documents and guide teams to be compliant with PCI, ISO 27001, RBI etc. guidelines
• Thorough understanding of various Data privacy regulations and privacy concepts
• Experience of General Data Protection Regulation (GDPR) implementation
• Experience in performing PIA, DPIA and Data mapping etc
• Good to have Information Security Certifications like CIPP, CIPT, CISM, CISSP etc
• Continuous improvement of network/infra/cloud security
• Secure configuration and hardening of network/infra/cloud
• Understanding of production operations on public cloud infrastructure
• Excellent written and oral communication and penchant for technical documentation
• Good understanding of agile development practices
• Knowledge of the following terms and technology:
• Knowing AWS Cloud is an added advantage
• Knowledge of anti-malware solutions, IDS/IPS, WAF, DLP, SIEM etc
• Knowledge of different attacks DoS/DDoS, XSS, Ransomware
• Knowledge of Web Servers, AD/LDAP, Routers, Switches
• Good understanding of Technology
• TLS/SSL, HTTP(S), Cloud Security, Hardware Security Module
  
  
  

• 7 to 11 years of overall experience as GRC, Audit and Compliance Analyst in medium to large-sized product companies
• Bachelor of Technology (BE/B.Tech), M.Tech or ME in Computer Science, MCA or equivalent
  
  
  

• Zeta is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We encourage applicants from all backgrounds, cultures, and communities to apply and believe that a diverse workforce is key to our success