Manager - Information Security

About Easebuzz Private Limited:

Easebuzz is a payment solutions (fintech organisation) company which enables online merchants to accept, process and disburse payments through developer friendly APIs. We are focusing on building plug n play products including the payment infrastructure to solve complete business problems. Definitely a wonderful place where all the actions related to payments, subscription, eKYC is happening at the same time.

Easebuzz is one of India's few payment aggregators which is building SAAS emebedded with payments infrastrucure. We are well capitalised and have recently closed a fundraise of $4M in March, 2021 from prominent VC firms and angel investors. The company is based out of Pune and has a total strength of 280 + employees. Easebuzz's corporate culture is tied into the vision of building a workplace which breeds open communication and minimal bureaucracy. An equal opportunity employer, we welcome and encourage diversity in the workplace. One thing you can be sure of is that you will be surrounded by colleagues who are committed to helping each other grow.

Position Overview

The Manager of Information Security is responsible for overseeing the development, implementation, and management of an organization's information security program. This role involves ensuring the confidentiality, integrity, and availability of corporate data and IT systems, protecting them from cyber threats and vulnerabilities. The Manager will work closely with various teams to establish and enforce security policies, conduct risk assessments, and lead incident response efforts.

Key Responsibilities

• Lead the creation of security awareness programs for employees to foster a security-conscious culture.

• Maintain and report on the status of the organization's security posture to leadership.

• Conduct regular risk assessments to identify vulnerabilities and threats to critical systems and data.

• Work with the business to evaluate security risks associated with new projects, third-party vendors, and technologies.

• Prioritize and recommend security measures to mitigate identified risks.

• Lead efforts to perform security audits and assessments, ensuring adherence to compliance and regulatory requirements.

• Lead the response to security incidents, including identification, containment, eradication, recovery, and post-incident analysis.

• Develop and maintain incident response plans, conduct tabletop exercises, and ensure effective communication during a crisis.

• Collaborate with legal, communications, and management teams during and after incidents, particularly for breach notifications and regulatory reporting.

• Oversee the day-to-day operations of security technologies and tools (e.g., SIEM, firewalls, endpoint security, intrusion detection systems).

• Ensure continuous monitoring of security events and threats, performing analysis and response as needed.

• Maintain and optimize vulnerability management programs, including patching and remediation efforts.

• Foster a collaborative and effective security team, ensuring appropriate skill sets and training programs.

• Work closely with IT and other departments to ensure that security is integrated into all stages of system development and operations.

• Ensure compliance with relevant legal, regulatory, and industry standards for data protection and cybersecurity.

• Maintain documentation for audits, certifications, and external assessments.

• Coordinate with external auditors and regulators, as needed.

• Stay current on evolving security threats, vulnerabilities, and technologies.

• Continuously evaluate and improve security processes, tools, and policies.

• Participate in industry forums, conferences, and professional groups to enhance knowledge and best practices.

Required Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent work experience).

• At least 3-5 years of experience in information security.

• Deep knowledge of information security principles, frameworks (NIST, ISO 27001,PCI-DSS,SOC2 Type II, RBI Regulation related to Payment Industries), and compliance requirements.

• Hands-on experience with security tools and technologies (e.g., SIEM, firewalls, intrusion detection/prevention systems, endpoint protection, DLP, E-mail Security).

• Strong understanding of risk management and incident response practices.

• Proven ability to manage and lead security teams in a dynamic, fast-paced environment.

• Strong communication skills, both written and verbal, with the ability to convey complex security concepts to non-technical stakeholders.

Preferred Qualifications

• Security certifications such as ISO27001 Lead Auditor or CISA (Certified Information Systems Auditor).

• Experience with cloud security and securing cloud infrastructures (AWS).

• Knowledge of secure software development practices and DevSecOps.

• Experience in vulnerability management and penetration testing.