Role : Infosec Engineer

Experience : 5-12 Years

Location : Bangalore

Working Days: 5 Days a week

About InCred

InCred was founded by Bhupinder Singh in 2016. InCred is credited for Incredible India. We use technology and data-science to make lending quick, simple and hassle-free. We believe traditional ways of lending can exclude those most in need because of outdated, rigid and often inefficient processes. At InCred, we have simplified the lending process with a sharp focus on serving our borrowers’ unique needs and circumstances – offering our customers a truly superior borrowing experience.

Company Address: Vasanth Nagar. No 8, Second Floor, Feather Lite Vista Building, MV Jayaram Road, Vasanth Nagar, Bangalore-560052

Funding: $254.4M

Team Size: 5000+

InCred’s vision:

To create a trustworthy, transparent, and highest integrity financial institution that positively advances the socio-economic well-being of lower middle class to middle-class Indian households while protecting the interests of all stakeholders

About InCred product and services:

InCred is a new-age financial services group that leverages technology and data-science to make lending quick and easy.

At InCred Financial Services we build cloud native distributed services to solve the most challenging problems of scale. These services are developed in different programming languages as we pick up the best language to solve a problem. Following are some of the languages we use to build our services NodeJS, Python, Java, Elixir, Golang and Typescript.

Our infrastructure is developed using IAAC where the DevOps team uses CloudFormation, Terraform, Ansible, AWS-CDK to create and maintain the infrastructure. We are working on real time streaming problems in the areas of lending, disbursement, customer engagement. We are leveraging Apache Spark, Kafka, Kinesis for designing different solutions.

JD

Information Security Engineer
Job Description
● Develop and finalize policies, procedures, and guidelines related to IT and Infosec domains in alignment with industry best practices (ISO 27001 , GDPR and SOC 2)
● Align internal IT and Infosec processes as per ISO 27001 and SOC 2 standards and security guidelines
● Assist in defining and reviewing the key metrics for management reporting
● Develop of cyber security standards, including incorporating industry practices and applicable compliance requirements
● Maintain the the security risk register and related policies
● Maintain the inventory of IT vendors as per regulatory guidelines.
● Develop review checklists, questionnaire, and manage evidences to assist the IT vendor risk management process
● Perform 3rd party security due-diligence reviews and periodic vendor risk assessments to assess vendor compliance.
● Coordinate with external stakeholders and auditors for IT and Infosec related reviews
● Coordinate for conducting periodic penetration testing exercises on in-scope applications
and related infrastructure. Coordinate with stakeholders for timely closure of open risks.
● Assist in imparting security awareness training and executing phishing simulation exercises to employees.
● Assist IT and Infosec in gathering the metrics data and prepare management dashboards
● Lead the periodic IT and Infosec governance review meetings and gather feedback for improvement
● Assess the existing IT and Infosec processes and provide recommendations to improve
● Identify opportunities for IT and Infosec governance automation and lead the continuous compliance initiatives
● Support cross-entity teams/group entities to mirror the best practices implemented at the parent entity
● Develop templates for incident reporting and manage artifacts. Assist during incident investigation and collaborating with stakeholders.
● Audit Coordination:
○ Coordinate and facilitate SOC 2 audits, acting as the primary point of contact for the external auditor.
○ Gather evidence and documentation to demonstrate compliance with SOC 2 requirements.
○ Address any audit findings and implement corrective actions.

Key Areas: SOC 2 Type 1 and Type 2, ISO 27001, GDPR ,security governance, vendor security due-diligence, vendor security reviews and assessment, preparation of security checklist, security awareness/phishing simulation, management dashboards, manage key metrics for IT and Infosec, Certifications: good to have - CISSP, CISM, ISO 27001, or CISA (Knowledge and experience in SOC 2 is mandatory)
Experience
● Should have 5 - 12 years of experience in information security domain and minimum
should have 4 of years in overall IT and Infosec governance related activities.
● Must have sound knowledge in defining processes, developing policies, procedures, and
guidelines, and preparing management reporting dashboards.
● Must have experience in guiding teams with respect to SOC 2 requirements
● Developing and implementing enterprise governance, risk, and compliance strategy and
solutions
● Ability to document and explain details in a concise & understandable manner
● Industry recognized certificates relevant to the roles such as SOC 2, ISO 27001 are
desired
● Ability to lead complex, cross-functional projects, and problem-solving initiatives.
● Passionate about IT/information security and update knowledge on daily basis to support the organization
● Candidates must have excellent verbal and written communication skills
● Familiarity with industry standards and regulations including PCI, ISO27001, SOC 2, GDPR, CIS, NIST is desired.
● Candidates from BFSI experience will be preferred
● Fair understanding of public cloud models (e.g. AWS, Google, Microsoft Azure) and their security implications
Skills:
● Candidate should be a good team player
● Should have good interpersonal skills
● Good written communication skills including ability to develop process documentation and security guidelines.
● Ability to apply critical thinking and logic to a wide range of intellectual and practical problems
● Ability to maintain composure under pressure and work calmly during an emergency
● Ability to manage multiple tasks and schedules