Information Security Officer

About the companyCredit cards haven't changed much for over half a century so our team of seasoned bankers, technologists, and designers set out to redefine the credit card for you - the consumer. The result is OneCard - a credit card reimagined for the mobile generation. OneCard is India's best metal credit card built with full-stack tech. It is backed by the principles of simplicity, transparency, and giving back control to the user.Key Responsibilities:Security Strategy and Governance:- Develop, implement, and maintain a comprehensive information security roadmap and strategy aligned with business objectives. - Establish, mature, and enforce security policies, standards, and procedures to ensure a robust governance framework. - Collaborate with executive leadership on budget planning, forecasting, and management for security-related expenditures.Audit and Compliance Management:- Lead and manage all aspects of internal and external audits, including those from regulatory bodies and clients (vendor due diligence). - Serve as the primary point of contact for auditors, ensuring all evidence requests are fulfilled accurately and on time. - Drive the remediation and closure of audit findings by coordinating with relevant technical and business teams. - Ensure ongoing compliance with key standards and regulations, including ISO 27001, ISO 22301, Credit Information Companies (CIC), and data localization laws. - Conduct routine compliance activities, such as management review meetings, to maintain certifications and ensure continuous improvement.Risk and Vendor Management:- Establish and operate a robust vendor due diligence (VDD) program, working with internal teams and external audit vendors to assess third-party risk. - Oversee the end-to-end financial process for security vendors, including obtaining proposals, securing internal approvals, and tracking payments. - Identify, assess, and communicate security risks to the company's leadership and other key stakeholders.Security Operations and Collaboration:- Act as the primary security advisor for the company, working closely with various technical teams and Technology Service Providers (TSPs). - Provide expert guidance and oversight for the implementation and management of security controls across key domains, including:Cloud Security:- Advise on best practices for securing AWS environments. - Application Security: Champion the integration of security into the SDLC (SAST/DAST, penetration testing).Network & Endpoint Security:- Guide the deployment and configuration of firewalls, WAF, IDS/IPS, and EDR solutions. - Identity & Access Management (IAM): Ensure robust implementation of SSO, MFA, and privileged access controls.Qualifications and Experience:- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. - 5-6 years of progressive experience in information security, with a focus on governance, risk, and compliance. - Demonstrated experience in developing or significantly maturing an information security program. - In-depth, hands-on experience leading and facing audits for frameworks like ISO 27001, SOC 2, or PCI DSS. - Professional certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Auditor/Implementer are highly desirable.Skills and Competencies:- Leadership and Ownership: A strategic leader with the ability to operate with a high degree of autonomy. Possesses a strong sense of ownership and takes full responsibility for the security posture of the company. - Independent Decision-Making: Proven ability to make critical, well-reasoned decisions independently and confidently drive security initiatives forward. - Stakeholder Management: Exceptional communication and interpersonal skills, with the ability to effectively articulate complex security concepts and risks to diverse stakeholders, including company directors, executive leadership, and heads of technology departments. - Broad Technical Proficiency: Strong, advisory-level knowledge across multiple security domains (Cloud, Network, Application, Endpoint, IAM). - Compliance Expertise: Deep understanding of ISO 27001, ISO 22301, CIC, and data localization principles. - Creative Problem-Solving: A proactive and innovative approach to identifying and solving complex security challenges in a dynamic environment.