Manager Infosec, Process & Compliance
Zeta Interactive
About ZetaZeta is a Next-Gen Banking Tech company that empowers banks and fintechs to launch banking products for the future. It was founded by and Ramki Gaddipati in 2015.Our flagship processing platform - Zeta Tachyon - is the industry’s first modern, cloud-native, and fully API-enabled stack that brings together issuance, processing, lending, core banking, fraud & risk, and many more capabilities as a single-vendor stack. 20M+ cards have been issued on our platform globally.
Zeta is actively working with the largest Banks and Fintechs in multiple global markets transforming customer experience for multi-million card portfolios.
Zeta has over 1700+ employees - with over 70% roles in R&D - across locations in the US, EMEA, and Asia. We raised $280 million at a $1.5 billion valuation from Softbank, Mastercard, and other investors in 2021.Learn more @ , , ,
The Role: This role is part of the Information Security Process and Compliance Team of Zeta. The Manager Process & Compliance of InfoSec Audit and compliance is responsible for preparing and supporting PCIDSS, ISO 27001 and SOC external Audits. Actively participate, strengthen and improve Internal Audit process and provide assurance on internal technology and process compliance. Collaborate with the Cloud and Product security team to drive Risk and compliance goals.
ResponsibilitiesResponsible for entire security of Zeta’s Tech stack (Cloud & On-prem)Perform regular VA/PT for Web, Network, Cloud and Mobile applicationsIntegrate security testing tools (SAST, DAST) in to CI/CD pipelinesRegular code reviews, involve in application design discussionsMaintain audit and compliance (ISO 27001, PCI DSS/3DS, SSAE18,GDPR, UIDAI etc.) of infra and applicationsPerform Threat Modelling of Web/Mobile applicationsGuide the technology organization's security and privacy initiatives by participating in reviewsConduct and review data privacy, data governance, cybersecurity and testing standardsDesigns internal auditing procedures and ensures they are followedPerform auditing and compliance activities to ensure the established policy is being followedMonitors procedures for effectiveness and provides recommendations for improvementPlan and Assist in developing strategic direction for information security and compliance initiatives within Cloud and the traditional data centerContribute in maintaining ISO 27001, PCI DSS, SSAE18,GDPR, UIDAI etc. Security and Compliance StandardsDevelop and implement processes and controls applicable for privacy and data protection requirements i.e. GDPR, LGPD, CCPA, PDPA etc.Perform Privacy Assessment/Privacy Impact AssessmentReview relevant data privacy laws and provide inputs on product implementation on Privacy as Subject Matter Expert and address various data privacy client questionnairesMaintain Risk Assessment frameworkSkills Hands on experience with Audits and Standards (PCI DSS, PCI 3DS, PCI PA-DSS/SSF, SSAE 18, ISO 27001, GDPR etc)Good Understanding of Risk Assessment Frameworks (ISO 31000, NIST Risk framework etc.)Experience in Enterprise Risk Assessment and Application risk AssessmentExperience of Vendor Risk Assessment and respond to client Request for Proposal (RFP)Review configuration and hardening documents and guide teams to be compliant with PCI, ISO 27001, RBI etc. guidelinesThorough understanding of various Data privacy regulations and privacy conceptsExperience of General Data Protection Regulation (GDPR) implementationExperience in performing PIA, DPIA and Data mapping etc.Good to have Information Security Certifications like CIPP, CIPT, CISM, CISSP etc.Continuous improvement of network/infra/cloud securitySecure configuration and hardening of network/infra/cloudUnderstanding of production operations on public cloud infrastructureExcellent written and oral communication and penchant for technical documentationGood understanding of agile development practicesKnowledge of the following terms and technology:Knowing AWS Cloud is an added advantageKnowledge of anti-malware solutions, IDS/IPS, WAF, DLP, SIEM etc.Knowledge of different attacks DoS/DDoS, XSS, RansomwareKnowledge of Web Servers, AD/LDAP, Routers, SwitchesGood understanding of TechnologyTLS/SSL, HTTP(S), Cloud Security, Hardware Security ModuleExperience and Qualifications7 to 11 years of overall experience as GRC, Audit and Compliance Analyst in medium to large-sized product companies.Bachelor of Technology (BE/), or ME in Computer Science, MCA or equivalent.Equal OpportunityZeta is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We encourage applicants from all backgrounds, cultures, and communities to apply and believe that a diverse workforce is key to our success
Zeta is actively working with the largest Banks and Fintechs in multiple global markets transforming customer experience for multi-million card portfolios.
Zeta has over 1700+ employees - with over 70% roles in R&D - across locations in the US, EMEA, and Asia. We raised $280 million at a $1.5 billion valuation from Softbank, Mastercard, and other investors in 2021.Learn more @ , , ,
The Role: This role is part of the Information Security Process and Compliance Team of Zeta. The Manager Process & Compliance of InfoSec Audit and compliance is responsible for preparing and supporting PCIDSS, ISO 27001 and SOC external Audits. Actively participate, strengthen and improve Internal Audit process and provide assurance on internal technology and process compliance. Collaborate with the Cloud and Product security team to drive Risk and compliance goals.
ResponsibilitiesResponsible for entire security of Zeta’s Tech stack (Cloud & On-prem)Perform regular VA/PT for Web, Network, Cloud and Mobile applicationsIntegrate security testing tools (SAST, DAST) in to CI/CD pipelinesRegular code reviews, involve in application design discussionsMaintain audit and compliance (ISO 27001, PCI DSS/3DS, SSAE18,GDPR, UIDAI etc.) of infra and applicationsPerform Threat Modelling of Web/Mobile applicationsGuide the technology organization's security and privacy initiatives by participating in reviewsConduct and review data privacy, data governance, cybersecurity and testing standardsDesigns internal auditing procedures and ensures they are followedPerform auditing and compliance activities to ensure the established policy is being followedMonitors procedures for effectiveness and provides recommendations for improvementPlan and Assist in developing strategic direction for information security and compliance initiatives within Cloud and the traditional data centerContribute in maintaining ISO 27001, PCI DSS, SSAE18,GDPR, UIDAI etc. Security and Compliance StandardsDevelop and implement processes and controls applicable for privacy and data protection requirements i.e. GDPR, LGPD, CCPA, PDPA etc.Perform Privacy Assessment/Privacy Impact AssessmentReview relevant data privacy laws and provide inputs on product implementation on Privacy as Subject Matter Expert and address various data privacy client questionnairesMaintain Risk Assessment frameworkSkills Hands on experience with Audits and Standards (PCI DSS, PCI 3DS, PCI PA-DSS/SSF, SSAE 18, ISO 27001, GDPR etc)Good Understanding of Risk Assessment Frameworks (ISO 31000, NIST Risk framework etc.)Experience in Enterprise Risk Assessment and Application risk AssessmentExperience of Vendor Risk Assessment and respond to client Request for Proposal (RFP)Review configuration and hardening documents and guide teams to be compliant with PCI, ISO 27001, RBI etc. guidelinesThorough understanding of various Data privacy regulations and privacy conceptsExperience of General Data Protection Regulation (GDPR) implementationExperience in performing PIA, DPIA and Data mapping etc.Good to have Information Security Certifications like CIPP, CIPT, CISM, CISSP etc.Continuous improvement of network/infra/cloud securitySecure configuration and hardening of network/infra/cloudUnderstanding of production operations on public cloud infrastructureExcellent written and oral communication and penchant for technical documentationGood understanding of agile development practicesKnowledge of the following terms and technology:Knowing AWS Cloud is an added advantageKnowledge of anti-malware solutions, IDS/IPS, WAF, DLP, SIEM etc.Knowledge of different attacks DoS/DDoS, XSS, RansomwareKnowledge of Web Servers, AD/LDAP, Routers, SwitchesGood understanding of TechnologyTLS/SSL, HTTP(S), Cloud Security, Hardware Security ModuleExperience and Qualifications7 to 11 years of overall experience as GRC, Audit and Compliance Analyst in medium to large-sized product companies.Bachelor of Technology (BE/), or ME in Computer Science, MCA or equivalent.Equal OpportunityZeta is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We encourage applicants from all backgrounds, cultures, and communities to apply and believe that a diverse workforce is key to our success
Confirm your E-mail: Send Email
All Jobs from Zeta Interactive