General Manager - Product Security

You can become a part of …

… a truly aspirational brand, one of India’s fastest growing fintech companies that offers a range of financial services & products for merchants, Kirana store owners and end consumers. Valued at over $2.8 Bn within a short span of 3+ years, we focus on empowering small business owners and retailers with business ranging from QR & PoS payments to easy loans to high-yield investment products which in turn enables them to grow and transform. We understand that business

and culture are two sides of the same coin. So, alongside business, we are equally focused on building a culture where employees succeed unconditionally.

We believe we are in an ever-evolving space with immense opportunity to build for Bharat! Our people will enable this journey with their ideas, innovations and capabilities. We value diversity, where we encourage different points of view, ways of thinking, new capabilities to strengthen and improve the lives of our customers. And that is not all, we have a lot of fun while we explore new ideas, solve real problems, collaborate, connect — and we do it all together.

Connect with us over social media, coffee or call. We promise to excite you with an opportunity that will “change the game”!

Responsibilities will include …

Functional Expertise

This position is responsible for cyber security operations across all security platforms and technologies. This position will also take up the administrative functions, including cost and budget management. This position is also responsible for catering to all access management requests and changes. This role is also responsible for identifying, analyzing, monitoring, mitigating, and managing threats and vulnerabilities to IT systems and networks.

The role shall be responsible to use defensive measures and multi-source information to report events and respond to incidents.

Problem Solving

 In-depth knowledge of Cybersecurity principles and practices

 Proficiency in risk management and incident response

 Strong leadership and team management skills

 Excellent communication and interpersonal skills

 Continuous learning and adaptability to emerging technologies and threats

 Leading and collaborating across IT domains to implement and maintain security roadmap components.

 Evaluating and recommending new information security technologies and counter measures against threats to information or privacy

Interaction

 Coordinating with operational groups and business units to identify and implement measures to prevent or detect security incidents or breaches

 Drive coordination of strategic planning processes and ensure alignment with broader strategic objectives.

 Be trusted advisor to the leadership team based on functional requirements

 Participate in governing bodies, industry bodies, and steering committees according to cadence as required.

 Work in partnership with Business and senior leaders on strategic initiatives to continuously improve policies, standards and procedures by sharing knowledge and best practices.

To succeed in the role

Qualification & Experience

(type & industry)

● Bachelor’s degree in computer science or equivalent.

● At least 10+ years of experience in Cybersecurity.

● Maintain certification in CISA, CISM, ISO 27001 LA, or equivalent.

● Experience in using various Cybersecurity Tools.

● Strong understanding of Information Technology, Cloud and IT Security.

● Develop and execute a comprehensive product security strategy that aligns with the company & goals and risk appetite

● Lead, mentor, and grow a high-performing team of product security engineers, fostering a culture of security awareness and ownership across the engineering organization

● Integrate security best practices and automated tooling into the entire Software Development Lifecycle (SDLC), from design and threat modeling to testing and deployment

● Drive the security of our CI/CD pipeline and implement supply chain security measures

● Establish and enforce API security standards and best practices across the organization

● Implement and manage security controls for Infrastructure as Code (IaC) to ensure secure cloud deployments

● Oversee the application security program, including static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and manual penetration testing

● Establish and manage a mature incident response process for product- related security events and vulnerabilities

● Develop guidelines and implement safeguards for utilizing AI tools in development securely

● Establish comprehensive secure coding practices, and define logging and monitoring specifications for applications

● Partner with engineering, product, and platform teams to enhance Greenlight Application’s security features

● Define and track key performance indicators (KPIs) to measure the effectiveness of the product security program and communicate posture to executive leadership

● Stay current with the latest security threats, vulnerabilities, and industry best practices to continuously evolve our security controls and processes

Skills & know-how

 In-depth understanding of regulatory compliance requirements and designing the associated policies and procedures (NCA, ISO 27001, NIST,PCI DSS, GDPR, etc.).

 Strong knowledge of data privacy and data protection regulation. Sufficient knowledge of information technology and data management systems required.

 Deep technical knowledge of web and mobile application security, common vulnerabilities (OWASP Top 10), and secure coding practices

 Deep technical knowledge of CI/CD pipeline and relevant tools for web and mobile applications

 End to end experience on implementing tools for Product Security (i.e. API Security, Mobile Protection, SAST, runtime scanning, etc.)

 Hands-on experience with security tools for SAST, DAST, IAST, and penetration testing

 Proven success in implementing and maturing a Secure SDLC in a fast-paced, agile environment

 Strong understanding of cloud security principles in AWS environments

 Excellent communication skills with the ability to articulate complex security concepts to both technical and non-technical audiences

 Flexible, self-starting, and tenacious with an exceptional aptitude for dealing with ambiguity in an environment where policies and processes are being created.

 Examines the status quo and thinks of how to improve it.

 Proficient Word Processing Skills, including Outlook, Word, PowerPoint, and Excel.

 Positive attitude and high levels of personal commitment.

 Strong knowledge of cybersecurity principles.

 Strong understanding of intrusion detection technologies.

 Ability to effectively conduct vulnerability scans.

 Ability to identify, capture, contain and report malware.

 Ability to design countermeasures to identified security risks.

 Skill in configuring and utilizing computer protection tools.

 Skill in conducting forensic analysis in multi-system environments.

 Understanding of the impact of a cybersecurity breach on the organization.

 Understanding of new technologies and solutions from a cybersecurity perspective.

 Excellent time management and organizational skills.

 Teamwork and collaboration, including the ability to establish and maintain effective internal and external working relationships with executive clients, technical and non-technical individuals.

 Flexibility, reliable and self-motivated, with the ability to perform under pressure.

 Strong knowledge of the Cybersecurity threat landscape.

 Strong knowledge of vulnerabilities in critical infrastructure environments.

 Strong knowledge of the principles of cybersecurity and privacy.

 Strong knowledge of cybersecurity defence tools and their capabilities.

 Strong knowledge of the cybersecurity aspects of business continuity and disaster recovery planning and testing.

 Strong knowledge of best practice analysis principles and methods.

 Strong knowledge of the organization’s risk management principles and

procedures.

Behaviors

● Extremely high ownership.

● Self-starter.

● Ability to operate in a high ambiguity environment.

● Robust Interpersonal Skills for collaborating with various Units for facilitating closures

● Effective Team Player.