Lead Infosec Engineer - GRC

The CoinDCX journey: building tomorrow, today At CoinDCX, we believe CHANGE STARTS TOGETHER . You are the driving force that will help us make Web3 accessible to all. In the last six years, we have skyrocketed from being India s first crypto unicorn to carrying a community of over 125 million with us. To continue maximising the adoption and acceleration of Web3, we are now focused on developing cutting-edge products, addressing accessibility and security challenges, and bridging the gap between people and Web3 technologies. While we go ahead and keep dominating the Web3 world, we would like to HODL you on our team! Join our team of passionate innovators who are breaking barriers and building the future of Web3. Together, we will make the complex simple, the inaccessible accessible, and the impossible possible. Boost your innovation to an ALL TIME HIGH with us! You need to be a HODLer of these 7+ years of overall experience in the information security and privacy domain with 4 years of relevant experience in security and privacy Strong knowledge and implementation experience of information security and privacy management frameworks, regulatory requirements, and applicable standards such as ISO 27001(ISMS), ISO 27701(PIMS), NIST CSF, GDPR, DPDPA, CCSS(CryptoCurrency Security Standard), etc. Strong demonstrated experience in conducting risk assessments, security assessments, internal audits, and facilitating/driving external audits Solid experience in driving successful information security and privacy awareness programs, activities, and training across the organization Strong knowledge and experience in security governance, risk management and compliance frameworks, and related activities Ability to communicate effectively with technical and non-technical stakeholders Strong team player and collaborative problem solver, committed to achieving shared team goals and fostering a positive work environment Strong verbal, written communication, and interpersonal skills Proficient in managing tasks under time constraints, ad-hoc work assignments, adept at independently reassessing priorities with attention to detail Ability to deal with ambiguity and work towards the plan of action Professional certifications such as ISO 27001 LA/LI, ISO 27701 LA/LI, CRISC, CISA, or CISSP are a plus Good knowledge or understanding of Cloud platforms such as AWS, Azure or GCP is an advantage You will be mining through these tasks Design, plan, and execute readiness activities for ISO 27001, ISO 27701, NIST CSF, GDPR, DPDPA, CCSS, etc., management systems. Develop and implement surveillance and recurring activities to maintain existing certifications and standards. Drive information security and privacy awareness activities through various channels such as mailers, digital posters, fliers, games, events, campaigns, and communications. Identify training requirements through Security Assurance Proficiency Assessment (SAPA), develop and launch training programs, and ensure high completion rates across the organization. Conduct targeted phishing simulations, assign remedial training, and ensure high completion rates. Develop role-based training requirements and ensure high completion rates. Deliver information security and privacy awareness sessions to new joiners during induction. Identify and manage risks through risk assessments, collaboration with risk owners, and continuous risk reporting to management. Evaluate and monitor the effectiveness of security controls through internal audits and security assessments, ensuring timely remediation of any identified gaps. Facilitate external audits in collaboration with internal stakeholders and auditors, ensuring timely closure of audit findings. Design, develop, and publish information security policies, procedures, and guidelines, managing their lifecycle activities. Track and ensure timely publication of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) by respective internal stakeholders. Identify and escalate risks in third-party engagements by conducting third-party risk assessments for new requests and annual reviews, suggesting process improvements as needed. Develop dashboards and publish periodic reporting on information security risks, internal control compliance, and audit/assessment findings to management. Provide guidance and support to other infosec team members and less experienced colleagues. Plan, design, and execute security assessment activities for mergers and acquisitions, providing regular status updates to stakeholders. Continuously improve the security control framework and look for automation opportunities to reduce manual efforts in processes. Perform regulatory and statutory audit compliance activities with timely completion. Are you the oneOur missing block You are knowledge-hungry when it comes to VDA and Web3, always eager to dive deeper and stay ahead in this evolving space. The world of Web3 and VDA excites you, fueling your curiosity and driving you to explore new opportunities within this dynamic landscape. You act like an owner, constantly striving for excellence, impact, and tangible results in everything you do. You embrace a We over Me mindset, growing individually while fostering the growth of those around you. Change is your catalyst, igniting your passion to build and innovate. You think outside the box, unbound by limitations or doubt, always pushing the boundaries of what s possible. Perks That Empower You Our benefits are designed to make a lasting impact on your life, giving you the freedom to create a work-life balance that truly suits you. Design Your Own Benefit: Tailor your perk package to fit your unique needs. Whether you re eyeing a new gadget or welcoming a furry friend into your life, our flexible benefits ensure that you can prioritize what matters most to you. Unlimited Wellness Leaves: We believe in the power of well-being. Take the time you need to recharge, knowing that your health is our priority. With unlimited wellness leaves, you can return refreshed, ready to build and grow. Mental Wellness Support: Your mental health is as important as your professional growth. Benefit from access to health experts, free counseling sessions, monthly wellness workshops, and regular team outings, all designed to help you stay balanced and connected. Bi-Weekly Learning Sessions: These sessions are more than just updates they re opportunities to fuel your growth. Stay ahead with the latest industry knowledge, sharpen your skills, and accelerate your career in an ever-evolving landscape.