InfoSec Engineer

About Drip Capital

We are a US-based fintech company revolutionizing global trade for SMEs. At Drip Capital, we're redefining the future of trade finance and facilitation, empowering small and medium-sized enterprises (SMEs) to scale internationally with ease.

With the global SME trade market exceeding $5 trillion, our mission is to provide businesses in emerging markets with seamless access to capital—eliminating red tape and outdated processes. By leveraging cutting-edge technology, we make trade finance fast, efficient, and hassle-free. Beyond financing, we simplify trade and sourcing, helping SMEs navigate global markets effortlessly.

Headquartered in Palo Alto, California, with offices in India, Drip Capital is strategically positioned to meet the evolving needs of SMEs in emerging markets.

Backed by top investors—including Accel, Peak XV, Wing VC, Sequoia India, Y Combinator, GMO, SMBC Japan, Barclays, and IFC—Drip has facilitated over $7 billion in trade across 10,000+ buyers and sellers. As we continue to grow, we remain committed to transforming global trade for SMEs worldwide.

Role Overview :

We are looking for a highly motivated and detail-oriented Security Compliance Engineer with a strong focus on ISO/IEC 27001:2022 audit and implementation. The ideal candidate should also have hands-on experience in GRC, Cloud security, Vulnerability Assessment & Penetration Testing (VAPT), and general information security best practices. This role is essential in ensuring our compliance with security frameworks, maintaining our ISMS, and strengthening our overall security posture.

Key Responsibilities:

• Lead ISO/IEC 27001:2022 compliance initiatives, including implementation, internal audits, surveillance, and recertification audits.
• Prepare and maintain documentation for audits, including evidence collection and audit logs.
• Conduct or support internal VAPT exercises; work with external vendors for third-party assessments and ensure closure of findings.
• Evaluate and ensure security compliance in cloud environments (AWS), including configuration reviews and adherence to cloud security best practices.
• Perform security risk assessments, gap analyses, and impact assessments across systems, processes, and vendors.
• Collaborate cross-functionally with Engineering, IT, Legal, and HR to ensure compliance across business units.
• Develop and maintain security policies, procedures, standards, and guidelines aligned with ISO 27001 and other applicable frameworks.
• Monitor compliance with regulatory requirements (e.g., GDPR, SOC 2, NIST, HIPAA) and internal policies.
• Assist in developing security awareness training and conducting compliance onboarding for new employees.
• Stay updated on emerging threats, vulnerabilities, and evolving regulatory requirements.

Requirements:

• Minimum 3+ years of experience in a security compliance, security engineering, or audit-focused role.
• Strong experience with ISO/IEC 27001:2022 implementation, audits, and certification processes.
• Practical knowledge of VAPT tools and methodologies, including reporting and remediation tracking.
• Solid understanding of cloud security principles (preferably with hands-on experience in AWS).
• Familiarity with security controls, risk management, and audit frameworks (e.g., SOC 2, NIST, GDPR).
• Excellent documentation and communication skills, especially for audit readiness and stakeholder reporting.
• Ability to manage multiple security and compliance initiatives simultaneously.

Preferred:

• Certifications such as ISO 27001 Lead Auditor/Implementer, CEH, or CCSK.

• Exposure to secure software development lifecycle (SDLC) and DevSecOps practices.

• Familiarity with identity and access management (IAM), data loss prevention (DLP), and endpoint security tools.

• Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field.

• 3+ years of experience in a security compliance, security engineering, or audit-focused role.