Information Security Manager

About Easebuzz

Easebuzz is India's one of the first and foremost end-to-end SAAS enabled payments platform. We are a SaaS-unifying payment aggregation platform interconnecting banks, networks, acquirers and processors for merchant payments. We create value by enabling seamless workflows which help merchant to have a better collection efficiency. Our vision is to verticalize payments with industry specific solutions that can increase the online GDP of India. We've been building on business value for our merchants since 2014 and are trusted by over 1.5 lac merchants. We are unique in terms of our offering to our merchants and our excitement lies in building together where we all can thrive for future. We have been consistently profitable for 10 years and continuing to scale rapidly. Backed by a strong product roadmap and execution, we closed a funding round of $30 million in 2025, led by leading VC firms and strategic investors. This comes in addition to our earlier $4 million fundraise in March 2021. Easebuzz has been granted Full Authorization from the Reserve Bank of India (RBI) for payment aggregator license in 2025. Our corporate culture is built on openness, ownership, and collaboration. We are an equal opportunity employer and celebrate diversity across all levels. At Easebuzz, you'll find yourself working with passionate colleagues who are committed to growing together. Headquartered in Pune, we also have a presence in Delhi (2 offices), Mumbai, Kolkata, Bengaluru, and Gurugram.

Position Overview

The Manager of Information Security is responsible for overseeing the development, implementation, and management of an organization's information security program. This role involves ensuring the confidentiality, integrity, and availability of corporate data and IT systems, protecting them from cyber threats and vulnerabilities. The Manager will work closely with various teams to establish and enforce security policies, conduct risk assessments, and lead incident response efforts.

Key Responsibilities

• Lead the creation of security awareness programs for employees to foster a security-conscious culture.
• Maintain and report on the status of the organization's security posture to leadership.
• Conduct regular risk assessments to identify vulnerabilities and threats to critical systems and data.
• Work with the business to evaluate security risks associated with new projects, third-party vendors, and technologies.
• Prioritize and recommend security measures to mitigate identified risks.
• Lead efforts to perform security audits and assessments, ensuring adherence to compliance and regulatory requirements.
• Lead the response to security incidents, including identification, containment, eradication, recovery, and post-incident analysis.
• Develop and maintain incident response plans, conduct tabletop exercises, and ensure effective communication during a crisis.
• Collaborate with legal, communications, and management teams during and after incidents, particularly for breach notifications and regulatory reporting.
• Oversee the day-to-day operations of security technologies and tools (e.g., SIEM, firewalls, endpoint security, intrusion detection systems).
• Ensure continuous monitoring of security events and threats, performing analysis and response as needed.
• Maintain and optimize vulnerability management programs, including patching and remediation efforts.
• Foster a collaborative and effective security team, ensuring appropriate skill sets and training programs.
• Work closely with IT and other departments to ensure that security is integrated into all stages of system development and operations.
• Ensure compliance with relevant legal, regulatory, and industry standards for data protection and cybersecurity.
• Maintain documentation for audits, certifications, and external assessments.
• Coordinate with external auditors and regulators, as needed.
• Stay current on evolving security threats, vulnerabilities, and technologies.
• Continuously evaluate and improve security processes, tools, and policies.
• Participate in industry forums, conferences, and professional groups to enhance knowledge and best practices.
  
  

Required Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent work experience).
• At least 3-5 years of experience in information security.
• Deep knowledge of information security principles, frameworks (NIST, ISO 27001,PCI-DSS,SOC2 Type II, RBI Regulation related to Payment Industries), and compliance requirements.
• Hands-on experience with security tools and technologies (e.g., SIEM, firewalls, intrusion detection/prevention systems, endpoint protection, DLP, E-mail Security).
• Strong understanding of risk management and incident response practices.
• Proven ability to manage and lead security teams in a dynamic, fast-paced environment.
• Strong communication skills, both written and verbal, with the ability to convey complex security concepts to non-technical stakeholders.
  
  

Preferred Qualifications

• Security certifications such as ISO27001 Lead Auditor or CISA (Certified Information Systems Auditor).
• Experience with cloud security and securing cloud infrastructures (AWS).
• Knowledge of secure software development practices and DevSecOps.
• Experience in vulnerability management and penetration testing.