Lead - Control and Compliance Delivery

Job Description

About Zeta

• Gen Banking Tech company that empowers banks and fintechs to launch banking products for the future.

• Zeta Tachyon
• is the industry's first modern, cloud-native, and fully API-enabled stack that brings together issuance, processing, lending, core banking, fraud & risk, and many more capabilities as a single-vendor stack.

• with over 70%roles in R&D
• across locations in the US,EMEA, and Asia.

The Role

Collaborate with the Cloud and Product security team to drive Risk and compliance goals

• Responsible for Information Security controls & compliance of Zeta SaaS solutions & services of Major key account customers.
• Drive periodic technical assessments & validations of the security controls & compliance.
• Work with various levels of stakeholders within Zeta such as SREs, SDEs, OU heads, Product or Program managers, product engineers and cloud security engineers to maintain the SaaS application and cloud environment security posture at the higher standard.
• Ensure cyber risks are mitigated and tracked for closure.
• Drive Infosec and compliance audits and ensure compliance.
• Work closely with the customer stakeholders of major key accounts including Infosec group, Business group, Risk & Compliance team, Enterprise IT team and ensure controls & compliance mandates are delivered.
• Monitor the risk landscape and identify emerging and future risks.
• Collaborate with customer's IT & Infosec team & internal stakeholders such as SREs, DevSecOps, Product security, Process compliance and Application Engineers to establish security controls.
• Support initiatives with colleagues from throughout the organization to make sure our data is secured, environment is compliant to applicable standards, and protected.
• Collaborate & engage closely with customer partners to ensure technical & Infosec process audits, vendor audits and other external auditrequirements are complied.
• Conduct periodic controls & compliance stakeholders confidence meeting and apply necessary actions for continual improvements.

• Excellent experience in the Security best practices, standards and frameworks such as, CSA, NIST CSF, PCI DSS, PCI 3DS, PCI PIN, Secure Software framework, ISO 27000, Data Privacy, SOC2, ISO 22301
• Hands-on experience in Cloud Security, AWS services, Security assessments & tools configuration.
• Deep understanding of K8S (Nodes, PODs, Dockers, Containers), Cloud Workload protection, CSPM, Container Security, FOSS, API native application security are required.
• Experience in performing Cloud Risk assessments, Cloud native application security assessment, and technology risk assessment and identify mitigation controls to present wider audience.
• Good to have few Information Security certifications such as CISA, CCSP, CRISK, CSA-STAR, CISSP, CISM, PCI QSA, PCI Certified Implementation Professional (PCIP).
• Ability to prioritize and carry out duties in a highly dynamic & complex environment.
• Should be Curious to learn new things, contribute and manage difficult stakeholders and expectations and demonstrate ownership consistently.
• Self-motivated and directed, with good attention to detail.
• Able to work in dynamic environment and handle 100+ key stakeholders to drive the controls assurance programs.
• Program management and customer management skills

• 10-15 years of experience in Information Security with an expertise in handling larger infosec controls projects with various delivery programs including Cloud Security, Network security, access control, Cryptographic & Key management, Incident response management, data protection & privacy and application security controls.
• Bachelor of Technology (BE/), or ME in Computer Science, MCA or equivalent.