Kissht - Senior Manager - GRC

We are looking for an experienced Information Security professional with certifications like CISSP or CISA, and a strong background in leading compliance initiatives for SOC 2 Type II, ISO 27001, PCI DSS, and IOCFR.
Direct experience working with RBI regulations and auditors is mandatory.
The ideal candidate should have hands-on knowledge of AWS cloud security, and familiarity with tools such as GuardDuty, Wiz/Orca, Splunk, Crowdstrike, and Vanta.
Experience in fast-paced sectors like FinTech, E-commerce, or Payment Solutions is a strong plus.
What You'll Do:
- Governance & Compliance: Develop and maintain information security policies and drive compliance with ISO 27001, SOC 2, and RBI guidelines.
- Act as the primary contact for audits and inspections.
- Risk Management: Conduct risk assessments, manage risk registers, and oversee third-party/vendor security reviews.
- Security Operations: Oversee tools and processes for SIEM, DLP, EDR, patch management, and incident response.
- Lead security incident simulations and resolution.

- Cloud & App Security: Manage AWS security architecture, implement CSPM programs, and embed secure coding and DevSecOps practices across CI/CD pipelines.
- Business Continuity & DR: Maintain and test disaster recovery and continuity plans (RTO: 60 mins; near-zero RPO).
- Awareness & Culture: Run regular security training, phishing drills, and promote a security-aware culture across the organization.
- Reporting & Strategy: Present security metrics, dashboards, and risk reports to leadership and participate in strategic IT governance forums.
What We're Looking For:
- 8+ years in cybersecurity or information security roles; at least 3 years in a leadership capacity.
- Background in fintech, NBFC, or regulated financial services preferred.
- Proven track record in managing audits (ISO 27001, SOC 2), incident response, and cloud security (AWS).
- Strong knowledge of cybersecurity tools and frameworks: AWS, SIEM, CSPM, IAM, patch management, DLP, EDR.
- Familiar with secure SDLC, DevSecOps, threat modeling, and regulatory compliance.
- Effective communicator with experience working across cross-functional teams.

Certifications (preferred):
CISSP, CISM, CISA, ISO 27001 Lead Auditor/Implementer, AWS Security Specialty.
Bonus: DCPP, CIPP/E, or other data privacy/RBI-focused certifications.
About Kissht:
Kissht, a Great Place to Work- certified organization, is a consumer-first credit app that is transforming the landscape of consumer credit.
As one of the fastest-growing and most respected FinTech companies, Kissht is a pioneer in data and machine-based lending.
With over 15 million customers, including 40% from tier 2 cities and beyond, we offer both short and long-term loans for personal consumption, business needs, and recurring expenses.
Founded by Ranvir and Krishnan, alumni of IIT and IIM, and backed by renowned investors like Endiya Partners, the Brunei Investment Authority, and the Singapore Government, Kissht is synonymous with excellence in the industry.
Join us and be a part of a dynamic, innovative company that is changing the future of financial technology.