Collectively, we are a group of lifelong learners from IIT Kanpur and Stanford, having spent the
last decade working at the cutting edge of Finance and Technology at Citi, HSBC Google and
Oracle. At KredX, we are trying to solve the problem of access to much- needed working capital
finance for Small & Medium sized Enterprises (SME) in India. Our solution for this involves
building a platform for supply -chain financing, where investors can interact directly with
borrowers, powered by state-of-the-art technology at its core.
Responsibilities.: Information Security
• Lead and motivate a small team of security professionals and engineers to help ensure the company continues to operate in a secure and stable environment.
• Leverage information security and technology resources within Company or outside the organization to lead strategic security planning with IT Technology/Operations, development teams, and users across the organization to ensure a secure infrastructure, applications, and overall data security;
• Identify vendors, and roll out all practices across the organization
• Amend, implement and monitor a strategic, comprehensive enterprise information security program to ensure the integrity, confidentiality and availability of confidential company information/data
• Communicate and ensure compliance with organizational security policies and standards; proactively work with Company business units to implement practices that meet defined policies and standards for information security
• Provide support, guidance, mentoring and education, to ensure that appropriate monitoring and controls are in place for compliance with established security policies and procedures
• Direct comprehensive security assessments for all organizational information systems and advise on mitigating vulnerabilities
• Create and manage information security and risk management awareness training programs for employees, contractors, vendors and/or clients.
• Facilitate and identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification and protection
• Provide subject matter expertise to management on a broad range of information security standards, best practices, and compliance requirements.
• Drive further integration of Product Security across all the engineering teams.
• Work with developers and architects to ensure security is appropriately built into the software development cycle and DevOps pipeline and ensure appropriate internal testing of applications prior to deployment. Coordinate the performance of internal and external network and systems vulnerability assessments and penetration tests
• Audit vendor compliance with security requirements as needed
• Coordinate organizational efforts in response to security events
• Coordinate use of external resources involved in the information security program including negotiating vendor contracts and fees.
• Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program
• 8+ years of progressive IT solutions, compliance, regulatory experience and roles of increasing responsibility.
• Expertise in IT development, integration, delivery, and maintenance
• Minimum of 5 years of managerial experience with demonstrated success in a leadership role.
• Demonstrated understanding of security requirements for Sarbanes-Oxley, ISO Certifications, Data Privacy laws, and PCI. Cyber security, including strategy creation
• Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies
• Strong leadership, analytical and problem-solving skills
• Extensive interpersonal skills with the ability to work effectively with end-users, IT peers, managers and vendors
• Excellent written, verbal communication and presentation skills.
• Ability to effectively adapt to rapidly changing technology and apply it to business needs.