Manager-IT GRC

Company Description

KreditBee is a FinTech platform that facilitates instant personal loans of up to ?4 lakhs for professionals, aiming to solve the financial inclusion gap in various demographic segments through online tech-based and data-centric KYC processes. The platform is a Series-D funded entity, backed by leading investors such as Advent International, Premji Invest, Motilal Oswal Alternates, and others. KreditBee serves credit and personal finance needs via its in-house RBI-registered NBFC, Krazybee Services Private Limited, and partnerships with over 10 renowned financial institutions. With currently 10 million customers across India, KreditBee continues to expand its reach and impact.

Role Description

This is a full-time on-site role for a Manager-IT GRC at KreditBee, located in Bengaluru South. The Manager-IT GRC will be responsible for overseeing the IT governance, risk management, and compliance functions. Day-to-day tasks include providing technical support, troubleshooting issues, leading the IT team, and managing projects to ensure company-wide adherence to IT policies and regulations.

• Roles and Responsibilities:
• Ensure Compliance with the Regulatory requirements w.r.t the Information and Cyber Security requirements - RBI, UIDAI, CIC, etc.
• Identify and develop the InfoSec Policy, Processes, and Procedures to incorporate the industry benchmarks / best practices and the latest trends.
• To identify, track, monitor & ensure compliance with InfoSec Policy, Regulatory, Legal & Audit requirements.
• To develop & manage InfoSec Training & awareness.
• Work with respective stakeholders to ensure that the Policy/Procedures, regulatory, legal & audit requirements for Information and cyber security are understood and implemented on a continual basis. Monitor & track the compliance to all relevant processes/practices to ensure that they are followed as desired.
• Liaison with internal and external Security Audits and assessments VAPT, GDPR/ISO 27001 compliance.
• Establish continual improvement processes to mitigate identified gaps & improve overall maturity to provide adequate assurance.
• Establish security metrics based on agreed KGIs/KPIs to monitor & track compliance.
• Escalate deviations and violations on time.
• Remain updated with the latest security trends and related regulatory & legal requirements.

To maintain the required security posture for cloud security, primarily AWS & GCP

To maintain & improve code security & DevopsSec practices

• To maintain & improve the endpoint security, by bringing in DLP and data classification practices.
• To review and improve email, apps & network security.
• To run periodic phishing campaigns.
• To respond third-party risk assessment questionnaire
• Perform Independent Internal Audit and assessment in line with Regulatory requirements - RBI, UIDAI, CIC, V-CIP, DLG, etc.
• Key Skills and Qualifications
• Bachelor of Engineering/Computer Science or equivalent from a recognized University
• The ability to interact efficiently with peers and customers is required.
• 8-12 years with relevant experience in establishing & managing InfoSec Governance and compliance