Senior Compliance Associate
- Full-time
Company Description
slice, feel easy with money.
slice’s purpose is to make the world better at using money and time, with a major focus on providing the best consumer experience. We believe that the best product will always transcend customer demographics, like how great music touches most of us. slice app brings a fast and simple way to make payments and access credit with its cornerstone products: slice account, slice UPI, and slice borrow.
At slice, you’ll have the opportunity to make a significant and positive impact on people's lives with your career. Today, we have employees with an average age of 26, sharing the same belief in innovation, self-motivation, and happiness. We tailor our working experience with the belief that the present moment is the only real thing in life. And we have harmony in the present the most when we feel happy and successful together.
We are also backed by leading investors such as Tiger Global, Insight Partners, Advent International, Blume Ventures, and Gunosy Capital.
We believe in equality. Period.
At slice, we are committed to building a diverse and talented workforce. We never discriminate on the basis of race, sex, religion, colour, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status,medical condition, disability, or any other class or characteristic protected by the applicable law.
We consider all qualified job-seekers with criminal histories in a manner consistent with the applicable law. Additionally, we are committed to providing reasonable accommodations to qualified individuals with physical or mental disabilities in order to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment.
Come join our crew!
Job Description
About the role
The Senior Compliance Associate will be responsible for supporting the Head of Cyber Security and Compliance in planning and coordinating the implementation of compliance requirements such as ISO 27001, PCI DSS, RBI master directions, and Vendor Security assessments. The ideal candidate is a motivated individual who has exceptional interpersonal skills and the ability to interact proactively with employees and leadership at all levels. The person in this role will need to be highly organized and able to thrive in a fast-paced environment.
What You will do
- Evaluate and Enhance Security Infrastructure: Assess and document information security policies, processes, and technical controls. Develop, implement, and maintain policies, procedures, and standards based on industry best practices (e.g., ISO 27001, NIST, PCI DSS). Modify existing documentation to align with industry standards, best practices, and regulatory requirements (e.g., RBI, IT Act).
- Risk Assessment and Management: Conduct security risk assessments of information systems, infrastructure, and applications. Perform technology-based gap risk assessments and third-party risk assessments. Identify, document, and maintain an information security risk register.
- Compliance and Enforcement: Ensure rigorous enforcement of security policies and standards. Perform compliance checks for user access management and security hardening standards. Prepare compliance reports and remediation plans based on periodic reviews.
- Vendor Due Diligence and Third-Party Risk Management: Conduct vendor due diligence assessments to identify security weaknesses and gaps. Provide oversight and facilitate continuous improvement of third-party risk management programs and processes.
- Security Awareness and Training: Conduct security training sessions and presentations for company personnel. Drive security awareness initiatives and regular training on security policies and requirements.
- Data Loss Prevention and Compliance Monitoring: Monitor and maintain compliance of Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) solutions. Perform compliance checks during the Software Development Life Cycle (SDLC) and ensure adherence to access control and data sanitization standards.
- Audit Representation and Security Control Automation: Participate in internal and external audits, providing representation of the company's security posture. Influence security control automation efforts to enhance security and compliance scalability.
Qualifications
- 2 to 5 years of technical experience in the Information Security area with specialization in Governance, Risk, and Compliance (GRC) domains.
- A Bachelor’s degree in Information technology or a related discipline, or equivalent work experience
- Exceptional written and interpersonal communication skills
- Proficiency in security policy management and a deep understanding of security standards and frameworks, such as ISO 27001, NIST, PCI DSS, ITIL and COBIT
- Knowledge of security areas such as Auditing, Policy, Database Security, Firewall Design and Implementation, Risk Analysis, Identity Management, Vulnerability Management, Penetration testing, Access/Entitlements Management, or Web Services is very desirable
- Strong knowledge of core security principles such as least privilege access, defense in depth, preventative vs. detective controls, network security, cloud security, application security, endpoint security, data protection, and incident response.
- Possession of information security certifications, such as CISSP, CISM, CRISC, CEH, or ISO 27001, demonstrates expertise and will be an added benefit.
- Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
- Remain vigilant while continuing to maintain and enhance the overall security of slice and the clients receiving our services.
- Maintain awareness about the potential risks based on the business requirements they are operating in.
Additional Information
Life at slice
Life so good, you’d think we’re kidding:
- Competitive salaries. Period.
- An extensive medical insurance that looks out for our employees & their dependants. We’ll love you and take care of you, our promise.
- Flexible working hours. Just don’t call us at 3AM, we like our sleep schedule.
- Tailored vacation & leave policies so that you enjoy every important moment in your life.
- A reward system that celebrates hard work and milestones throughout the year. Expect a gift coming your way anytime you kill it here.
- Learning and upskilling opportunities. Seriously, not kidding.
- Good food, games, and a cool office to make you feel like home. An environment so good, you’ll forget the term “colleagues can’t be your friends”.