JD - Manager – Information Security
About The Role
We are looking for an Information Security Leader to operate at the intersection of technology, compliance, and customer trust. This is a high-visibility, customer-facing role where you will represent our security posture to enterprise clients across regulated industries such as banking, insurance, and financial services.
Key Responsibilities
Customer Engagement & Trust
- Act as the primary security point of contact for enterprise clients during procurement, contract discussions, and periodic reviews
- Lead customer-facing security conversations including RFPs, vendor risk assessments, and questionnaires
- Build strong relationships with client stakeholders (CISOs, Risk, Compliance teams)
- Represent the organization during customer audits, due diligence, and regulatory inquiries
Compliance & Risk Management
- Own key compliance frameworks (DPDP Act, ISO 27001, SOC 2, RBI/IRDAI guidelines)
- Conduct risk assessments, gap analyses, and drive remediation planning
- Manage contractual security requirements, including DPAs and security clauses
- Monitor regulatory changes and ensure internal controls remain aligned
Cloud & Technical Security
- Oversee cloud security across AWS, GCP, or Azure (access control, encryption, network security, logging)
- Integrate security into SDLC, CI/CD pipelines, and product releases
- Lead vulnerability management, penetration testing, and incident response planning
- Manage security tools such as SIEM, endpoint protection, IAM, and DLP
Strategic Leadership & Execution
- Partner with external security firms to define and execute the security roadmap
- Translate strategy into actionable plans for engineering and product teams
- Build and mentor the internal security function
- Collaborate cross-functionally with Sales, Engineering, Legal, and Product teams
- Evaluate vendors and security tools, including cost-benefit analysis
- Report security KPIs, risk posture, and compliance status to leadership
Requirements
Experience
- 8–12 years in information security, with 3+ years in a leadership role
- Experience in B2B SaaS or technology companies serving regulated industries preferred
- Proven experience in customer-facing security roles
- Hands-on expertise in cloud security (AWS, GCP, or Azure)
Knowledge & Skills
- Strong understanding of compliance frameworks (DPDP, ISO 27001, SOC 2 Type II, RBI, IRDAI)
- Solid risk management and assessment capabilities
- Ability to independently manage security audits, questionnaires, and vendor assessments
- Experience reviewing security clauses in contracts and DPAs
- Knowledge of modern security architecture (Zero Trust, least privilege, encryption, data residency)
Attributes
- Excellent communication skills across technical and non-technical audiences
- Commercial awareness of security as a business enabler
- Ability to work in fast-paced, ambiguous environments
- Strong collaboration across cross-functional teams
Preferred Certifications
CISSP, CISM, CCSP, ISO 27001 Lead Implementer/Auditor, or equivalent
Why This Role Matters
Security is critical to building trust with enterprise clients in regulated industries. This role directly impacts customer confidence, revenue growth, and overall risk management, with high visibility and influence across senior leadership and company-wide decisions.
