Associate Manager - Information Security and Compliance

Company Description

Finnable is a rapidly growing financial technology start-up that provides hassle-free personal loans to salaried professionals, aiming to make loans accessible in less than one minute. Founded by experienced ex-bankers and entrepreneurs Nitin Gupta, Amit Arora, and Viraj Tyagi, Finnable leverages deep expertise in financial technology to enhance financial well-being. The company is driven by a mission to reduce financial inequality through innovative solutions, helping millions of salaried individuals lead more stress-free and productive lives. Finnable stands out in the Fintech sector by transforming the lending experience through technological advancements and employer support.

We are looking for an Associate Manager InfoSec & Compliance to support security audit readiness, driving Infosec operations and security governance.

This is a managerial, coordination-heavy role, ideal for someone who understands information security and compliance deeply but prefers driving execution, audits, and stakeholder alignment, and also assists the team in liaisoning and setting up core processes across infosec verticals.

You will work closely with the Head of Information Security and his team to manage cybersecurity and regulatory audit readiness in line with RBI IT Framework, outsourcing guidelines, prepare evidence packs, coordinate VAPT and remediation, run access reviews, maintain software asset inventories, and liaise with engineering and cloud teams on security controls.

Key responsibilities

• Manage and support cybersecurity and regulatory audits, internal IS audits, TPRMs, vendor due diligence / VRR bank side onsite audits ensuring timely and successful completion of all the audits
• Maintain audit readiness aligned to RBI IT Governance & Cyber Security Framework, ITGRC, IT outsourcing and other RBI Master Directions
• Coordinate user access reviews, privileged access controls, and attestations
• Perform baseline security assessments, identify gaps and risk and facilitate remediation
• Track and close vulnerability management findings as per regulatory timelines
• Support incident response reporting and BCP/DR drills, table top exercises.
• Maintain software and third-party asset inventories for regulatory visibility
• Assist in vendor due diligence and outsourcing risk assessments and TPRMs
• Coordinate with engineering and cloud teams to ensure secure configurations and logging
• Identify any deviations from the security policies, procedures, SOPs and report critical non-conformances to the management, and work towards remediation

Skills & Experience

• 24 years experience in Information security, GRC roles within NBFC / Fintech / BFSI
• Experience of handling cybersecurity / regulatory audits, IT risk management or information security domains, VAPT security reviews is a must
• Fundamental understanding of audit disciplines like audit concepts (e.g. pre-/post implementation audits), security controls, auditing project management and well versed with security frameworks like ISO, SOC 2, NIST, GDPR
• Working knowledge of :

> IAM & access controls

> Vulnerability management & VAPT

> Cloud security fundamentals (AWS preferred)

> Strong documentation and audit augmentation skills

• Experience with GRC / Security and compliance automation tools preferred
• Security certifications like CISA / CISM / ISO 27001 LA preferred
• Strong organizational, time management, decision making, and problem-solving skills