Information Security Risk Lead

Job Description

Job description

About The Role

- You'll be an information security expert, with a great eye for information security risk reduction and continual improvement opportunities. If fast-paced environments, cross-team exposure, inquisitive freedom and the ability to have a real impact on a rapidly growing scale-up appeals to you, then you already have the mind of a Tidean. You'll join an ambitious team of highly motivated security specialists who interface with all areas of the business in order to drive down information security risk at Tide, whether it is technical, procedural or cultural.
- Interacting with 3rd party stakeholders such as partners and regulators, on behalf of Information Security.
- Defining Tide's India-specific information security programme in alignment with its global ISMS.
- Acting as a thought leader in the context of local information security requirements.
- Managing information security risk in accordance with Tide's Global Risk Management Framework & Indian Regulatory requirements.
- Managing and improving Tide's Information Security Management System (ISMS) .
- Working with 1LOD stakeholders across the business in order to deliver information security risk reduction projects.
- Ensuring alignment with industry recognised information security control frameworks.
- Conducting information security risk assessments and control testing.
- Defining and measuring key risk indicators, and using data from modern information security tooling to develop insightful risk reporting.
- Facilitating external audit requirements, and working with stakeholders across 1LOD and 3LOD to close information security audit findings.
- Reinforcing a strong security culture and awareness message throughout the business.
- Define, track, and report key risk indicators (KRIs) and metrics related to information security within the PPI environment.
- Prepare and present regular reports on security posture, risk status, and compliance efforts to senior management, audit committees, and regulatory bodies as required.
- Ensuring Tide's compliance with all applicable regulatory requirements, and keeping abreast of new regulatory and compliance developments.

What We Are Looking For

- You have a minimum of 10 years experience working in information security GRC (governance, risk & compliance) related roles
- You have experience interacting with financial regulators and government agencies in India (e.g. RBI, CERT-IN)
- You have experience working at or on behalf of a financially regulated organisation
- You have experience working at or on behalf of a technology-first organisation
- You've implemented, maintained and supported an ISO 27001 program
- You've implemented, maintained and supported a PCI DSS compliance program
- You have experience with security control frameworks such as the ISO 2700 series, NIST CSF, CIS Critical Security Controls, etc.
- You have experience with audits applicable to information security such as ISO 27001, Systems Audit Report (SAR), SOC2, etc.
- You've performed information security risk assessments and/or control testing
- You have good technical knowledge in the field of information security
- You have led information security risk reduction projects
- In-depth knowledge of payment security standards (PCI-DSS), data protection regulations, incident response, and risk management frameworks.
- Relevant certifications such as CISSP, CISM, CISA, or PCI Professional (PCIP) are strongly preferred.

What You'll Get In Return

- Competitive salary
- Self & Family Health Insurance
- Term & Life Insurance
- OPD benefits
- Mental wellbeing platform Plumm
- Learning & Development budget
- WFH setup allowance
- 15 days of Privilege leaves
- 12 days of Casual leaves
- 12 days of Sick leaves
- 3 paid day-offs for volunteering or L&D activities

---