Information Security Manager

About DPDzero

At DPDzero, we are building India's best Collection Infrastructure.

Imagine $230Bn gets disbursed as loans every year, yet there are very few mechanisms in place to ensure efficient recovery. That is the gap we are bridging.

We are a full-stack collection infrastructure, utilizing AI and Data to track and act efficiently at the borrower level. As of now, DPDzero is trusted by industry leaders like IndusInd Bank, RBL Bank, L&T Finance, Tata Capital, TVS Credit, Moneyview, Paysense, Snapmint, and others to manage collections from over 1 crore borrowers in India.

DPDzero is backed by top-tier investors including GMO VenturePartners, Blume Ventures, India Quotient, and SMBC Asia Rising Fund.

Role Overview

We are seeking a self-motivated, proactive Information Security Manager to own and run the company's information security programme end-to-end with minimal intervention. This is a hands-on leadership role for a security professional who can design, implement, operate and continuously improve security controls across cloud, applications, networks, endpoints and third-party vendors while confidently representing the organisation to clients, auditors and regulators.

Key Responsibilities:

1.Leadership & Program Management:

• Own and improve a comprehensive, business-aligned information security programme.
• Define and manage the security roadmap, policies, standards, and architecture principles.
• Oversee budget and resourcing as the organisation grows.

2.Risk Management & Compliance:

• Maintain the risk register and conduct third-party/vendor security assessments.
• Manage contractual SLAs and implement IAM controls (RBAC, least privilege, MFA, PAM, SSO).
• Ensure compliance with applicable industry standards and data privacy laws (ISO, NIST, PCI, SOC2, RBI, GDPR, CCPA).
• Lead external audits, manage client due diligence, and oversee remediation of findings.

3.Security Operations & Incident Response:

• Integrate security within the SDLC.
• Implement and monitor cloud security controls and tools.
• Operate and maintain the Incident Response Plan (IRP) and lead incident management and post-mortems.
• Oversee vulnerability management, penetration testing, and patching cycles.
• Manage security tools (SIEM, EDR, DLP, WAF) and track key metrics for ongoing improvement.

4.Data Security & Privacy:

• Maintain and test business continuity and disaster recovery plans.
• Enforce data classification, protection, and retention policies.
• Ensure confidentiality, integrity, and availability of sensitive financial data.
• Drive compliance with data privacy regulations.

5.Security Awareness & Training:

• Develop and deliver ongoing security awareness and training programmes.
• Ensure all staff members understand their responsibilities for information security.

6.Stakeholder Engagement & Communication:

• Communicate complex security topics clearly to both technical and non-technical audiences, including leadership, clients, auditors, and regulators.
• Collaborate with engineering, product, operations, and legal teams to embed security by design throughout the business.

Requirements:

Experience:

• 5-6+ years of hands-on InfoSec experience, ideally in fintech/financial services and in lead/managerial roles.
• Experience managing InfoSec for multiple companies, showcasing adaptability.
• Proven record of managing and scaling end-to-end security programs independently.

Education:

• Bachelor's or Master's degree in Computer Science, IT, Engineering, Cyber Security, MCA, or a related field.

Technical Expertise:

• Deep knowledge of InfoSec principles, frameworks, and best practices (e.g., ISO 27001, NIST CSF).
• Familiarity with DevSecOps and CI/CD pipeline security integration.
• Strong experience with finance regulatory standards (PCI DSS, SOC 2, GDPR, etc.).
• Skilled in cloud security (AWS, Azure, GCP).
• Hands-on with security tools (SIEM, EDR, DLP, IAM, WAF) and network/app/database security.
• Experienced in incident response, forensics, and recovery.

Communication & Soft Skills:

• Excellent verbal and written communication; able to explain technical topics to all audiences.
• Strong presentation skills; comfortable in client/auditor-facing scenarios.
• Self-motivated, proactive, accountable, and able to multitask.
• Strong analytical, problem-solving, and organisational skills.

Preferred Qualifications (Differentiators):

• Security certifications: CISSP, CISM, CISA, CCSP, OSCP, etc.
• Experience designing secure systems/architectures.
• Experience with threat intelligence.
• Experience building/mentoring security teams and using GRC tools.

What We Offer:

• Opportunity to build, own, and lead the information security function for a fast-growing fintech.
• Collaborative environment with exposure to cutting-edge technologies and regulatory frameworks.
• Competitive compensation and benefits.
• Continuous learning opportunities and support for professional certifications.