Key Responsibilities:
- Lead SBOM Governance: Drive enterprise-wide analysis of automated SBOM outputs to identify and catalog Open-Source Software (OSS) components across critical banking applications.
- Risk Architecture: Evaluate complex license profiles, copyleft obligations, and dual licensing risks against regulatory requirements.
- Remediation Lead: Design remediation pathways for Business Solution Group to resolve high-risk license conflicts.
- Coordination Lead: Coordinate internally with Legal, Procurement and security units on remediation, escalations and apprise top management on periodic basis.
- Policy & Framework Design: Architect and update the bank’s internal OSS governance policies, ensuring alignment with RBI-CERT-IN Guideline.
- Regulatory Compliance & Audit: Serve as the primary subject matter expert for OSS compliance during internal, external, and regulatory audits.
Qualification/Requirements:
- Industry Experience: 5+ years of software license compliance or IT audit experience specifically within banking, fintech, or highly regulated financial environments.
- Expert License Knowledge: Deep understanding of OSS licenses (e.g., AGPL, GPL, Apache, MIT), patents, copyleft risks, and license compatibility constraints.
- Advanced Tooling Mastery: Extensive hands-on experience with Enterprise Software Composition Analysis (SCA) and SBOM management tools.
- Regulatory Acumen: Familiarity with Regulatory requirements
- Stakeholder Management: Proven ability to advise solutions team on technical compliance strategies along with top management updates.
- Certifications: Specific certifications such as OpenChain, CISA, or CISSP will be an added advantage.
Pay: ₹700,000.00 - ₹800,000.00 per year
Benefits:
- Paid sick time
- Provident Fund
Application Question(s):
- How many years of experience do you have with Open-Source Software (OSS) License Compliance?
- Which OSS licenses are you familiar with?
- Have you worked with Legal, Procurement, Security, or Business teams for compliance, remediation, or audit purposes?
- Have you worked with Software Composition Analysis (SCA) tools?
- What certifications do you hold?
- Are you comfortable to working from Mumbai (Andheri)?
- What is your current CTC ?
- What is your expected CTC ?
- What is your notice period ?
Work Location: In person
