Senior Information Security Engineer- GRC

About IDfy

IDfy is an Integrated Identity Platform offering products and solutions for KYC, KYB, Background Verifications, Risk Assessment, and Digital Onboarding. We establish trust while delivering a frictionless experience for you, your employees, customers and partners.

Only IDfy combines enterprise-grade technology with business understanding and has the widest breadth of offerings in the industry. With more than 12+ years of experience and 2 million verifications per day, we are pioneers in this industry.

Our clients include HDFC Bank, Induslnd Bank, Zomato, Amazon, PhonePe, Paytm, HUL and many others.

We have successfully raised $27M from Elev8 Venture Partners, KB Investments & Tenacity Ventures

We work fully onsite on all 5 days of the week from our office in Andheri East, Mumbai

About the Role

As an Information Security Engineer at IDfy, you'll be the go-to guardian of our security and compliance framework. You'll own everything from ISO 27001 and SOC 2 audits (Internal and External) to Customer third-party risk assessments, customer security requests, and internal ISMS management.

You'll work across product, engineering, and legal teams to ensure we're not just compliant—but secure by design. If you're someone who knows how to manage an audit without breaking a sweat and gets a kick out of spotting gaps in security systems, this one's for you.

We Are the Perfect Match If You…

• Speak fluent ISO 27001, SOC 2, and ISMS for 3-6 years
• Have experience owning and running end-to-end compliance audits
• Experienced in handling ISMS management end to end
• Responding to customer third party risk assessments questionnaires and facing customer Audits
• Can guide control owners like a boss (and not just with fancy dashboards)
• Enjoy writing and updating InfoSec policies (yes, we know that's rare)
• Know how to communicate security stuff to non-security folks
• Have worked in a SaaS environment or want to secureone now
• Love working across multiple teams and hate working in silos
• Have strong knowledge of cloud platforms (GCP preferred, others okay too)
• Hold one or more certifications (mandatory) : ISO 27001 Lead Auditor, CISA, CISSP

Here's What Your Day Will Look Like…

• Maintain and manage IDfy's ISMS as per ISO 27001 and SOC 2 standards
• Coordinate and lead internal and external audits
• Oversee annual policy renewals, updates, documentation and ISMS activities
• Face third-party/vendor risk assessments from our customer
• Respond to security questionnaires from customers and partners
• Track and close compliance deliverables with internal stakeholders
• Identify gaps in technical or procedural controls and work with teams to fix them
• Train internal teams on compliance expectations and workflows
• Monitor and improve security metrics across the org
• Stay up to date with industry trends and frameworks

What's it like working at IDfy?

We build products that detect and prevent fraud. With billions of transactions flowing through our pipes, InfoSec is not just important, it's critical. You'll have the space to take ownership, challenge the status quo, and build security systems that scale with our growth. And yes, we love memes, chai, and debating compliance checklists over lunch.

Thanks to our problem-centric approach, one in which we find the right technology to solve a problem rather than the other way around, you will always be working on the latest technologies.

We work hard and party hard. There are weekly sessions on emerging technologies. Work weeks are usually capped off with board games, poker, karaoke, and other fun activities.