Job Description: Lead - Info Security
Role: Lead – Information Security
Department: Information Security
Location: Bangalore
Reporting To: VP Technology
Qualification: MBA/BE/B. Tech
Experience: Minimum 7 years in Information Security
Roles and Responsibilities:
- Information Security Strategy: Develop and implement a comprehensive information security strategy aligned with the organization's goals and objectives. Ensure the strategy addresses current and emerging compliance requirements, security threats, vulnerabilities, and risks.
- Security Governance: Establish and maintain an effective security governance framework, including policies, procedures, standards, and guidelines. Ensure compliance with applicable laws, regulations, and industry standards, such as ISO27001:2022, PCIDSS, RBI SAR DL etc.,
- Risk Management: Identify, assess, and manage information security risks throughout the organization. Develop risk mitigation plans and ensure their implementation.
- Security Operations: Oversee the day-to-day security operations, including security incident response, vulnerability management, threat intelligence, security monitoring, and access control. Ensure the organization has appropriate security tools, technologies, and processes in place.
- Security Awareness and Training: Develop and deliver information security awareness and training programs to educate employees and contractors about their roles and responsibilities in protecting information assets.
- Security Architecture: Collaborate with cross-functional teams like DevOps, Dev, Product, and other relevant teams to develop and maintain a secure technology infrastructure. Provide guidance on security requirements for new systems, applications, and technologies.
- Security Compliance: Monitor and enforce compliance with relevant security policies, standards, and regulations. Conduct periodic security audits and assessments to identify and address compliance gaps.
- Incident Response: Lead the response to security incidents, including investigating and containing incidents, coordinating with internal teams and external stakeholders, and implementing remediation measures to prevent future incidents.
- Vendor and Third-Party Risk Management: Establish and maintain a vendor and third-party risk management program to assess and monitor the security posture of external partners and suppliers. Also liaison with partners to ensure TPRA(Third Party Risk assessment) is managed effectively.
- Security Metrics and Reporting: Define and track key security metrics to measure the effectiveness of security controls and initiatives. Prepare and present regular reports on the organization's security posture to executive management.
Shopse List of Audits:
- ISO27001:2022
- PCIDSS
- SAR DL
- Partner bank audits [HDFC, ICICI etc.,]
- NBFC/Partner banks Onboarding TPRA audits
About ShopSe
ShopSe is focused on revolutionizing instant, paperless and cardless EMI solutions for consumers. We’re already in the league of top brands in our category and are raising the bar of the BNPL model. Affordability, Trust & Innovation is the backbone of our product. We’re backed by top VC firms, Chiratae Ventures (Formerly IDG Ventures India) & BeeNext in seed round and have raised Rs 40 crore ($5.5 million) in April`21. Featured in the hottest 30 start-ups in Inc42’s ‘30 Startups to Watch’.
To know more, visit our website www.getshopse.com
Careers@getshopse.com
