Associate Director: Security Assurance

About the Role:

CoinDCX is seeking an Associate Director of Security Assurance to lead the Security Assurance vertical. This role is responsible for ensuring that CoinDCX applications, infrastructure, and security controls are designed and operating securely, adhering to industry standards and internal policies.

What You'll Do:

• Security Assessments: Conduct in-depth penetration testing, secure code reviews, and threat modeling for product and technology components.
• Code and Infrastructure Security: Lead teams in vulnerability assessments, triage of automated scanning outputs, and ensure effective prioritization and governance for remediation.
• Bug Bounty Management: Oversee the group's bug bounty program, ensuring robust processes for validation, support of reported vulnerabilities, and accurate threat assessment.
• External Audits and Regulatory Engagements: Lead coordination of security-related audit walkthroughs and evidence fulfillment for regulatory activities, collaborating with cross-functional teams to achieve audit outcomes.
• Control Testing: Spearhead the design and implementation of an independent testing framework for security controls, guiding the team in identifying and analyzing process and control gaps, developing remediation recommendations, and tracking them to completion.
• Security Assurance and Sign-offs: Build and maintain effective security assurance sign-offs to confirm that security design and architecture recommendations for existing and new implementations are properly executed.
• Secure Design Training: Design and deliver security awareness initiatives for engineering managers and developers on secure architecture, coding, and testing.
• Continuous Improvement: Regularly review and align the secure development lifecycle with industry standards, evolving threats, OWASP guides, and privacy regulations. Stay updated on new vulnerabilities and attack vectors in the crypto space.
• Cross-functional Collaboration: Partner with product and engineering leads to ensure timely and efficient prioritization and fixing of vulnerabilities.
• Threat Research: Stay current with the crypto space, ensuring the team actively researches new vulnerabilities and attack vectors.
• Automation Development: Create security tools and frameworks to automate manual testing processes.

You’ll Excel in This Role If You Have:

• Bachelor’s degree in computer science, engineering, or a related field.
• 12-14 years of experience in Information Security and related technologies.
• Prior experience in financial services or fintech.
• Demonstrated success in managing and collaborating with internal cross-functional teams and product engineering groups.
• Experience driving Secure SDLC activities, DevSecOps (CI/CD), and agile software development practices.
• Experience in designing and analyzing security solutions with a deep understanding of Identity and Access Management, Cloud & Infrastructure Security, Application Security, Data & Network Security, and Security Governance.
• Sound understanding of security by design principles and architecture-level security concepts.
• Strong leadership skills and the ability to coach and mentor members of Product Security teams.
• Experience with penetration testing methodologies and tools, including security analysis, audits, and reviews.
• Sound knowledge of OWASP Top 10 and SANS 25.
• Knowledge and experience with security standards such as CCSS, NIST, ISO 27001/2, CSA, SOC 1&2, and CIS.
• One or more certifications: CISSP, TOGAF/SABSA, or Cloud security certifications.
• Ability to communicate security concepts to both technical and non-technical audiences.
• Excellent written and verbal communication, interpersonal, and presentation skills.

You’ll Know You’re Winning When:

• Analytical Rigor: Exceptional problem-solving skills and attention to detail.
• Technical Excellence: Ability to bridge quantitative research and engineering implementation.
• Strategic Thinking: Ability to balance short-term tactical improvements with long-term strategic goals.
• Collaboration: Excellent communication skills for cross-functional work.
• Adaptability: Thrives in fast-paced, dynamic crypto markets.
• Ownership: Takes full accountability for market quality and strategy performance.

Hiring Process:

• Application Review – Assessment of skills, alignment, and intent.
• Recruiter Connect – Initial conversation to understand candidates better.
• Functional Round(s) – Deep dive into approach, craft, and problem-solving.
• Assignment / Simulation Round – Take-home task or live problem-solving exercise.
• Culture & Values Discussion – Conversation about ways of working and team fit.
• Founder Conversation (Optional) – For specific roles, meeting founders for strategic alignment.

Where We Work:

CoinDCX operates as a work-from-office organization to foster collaboration, speed, and trust. This role is based in our Bangalore office.

Perks That Empower You:

• Design Your Own Benefits: Flexible perks tailored to your lifestyle.
• Unlimited Wellness Leaves: Encourages rest and rejuvenation.
• Mental Wellness Support: Access to therapy and wellness resources.
• Learning Sessions: Bi-weekly opportunities for learning and growth.

Key Skills/Competency:

• Security Assurance
• Penetration Testing
• Secure Code Review
• Threat Modeling
• Vulnerability Assessment
• Bug Bounty Management
• Security Audits
• Secure SDLC
• DevSecOps
• Information Security Leadership