Information Security & Compliance Officer

Experience 3–7 years Employment Type Full-time Reports to Chief Technology Officer Job Summary We are seeking a skilled and detail-oriented Information Security & Compliance Officer to lead our organization’s security and compliance efforts. The ideal candidate will have hands-on experience with regulatory and industry-standard audits, especially PCI DSS, ISO 27001, and Indian data protection/localization norms (e.g., RBI, CERT-In guidelines). You will be responsible for ensuring the implementation, monitoring, and continuous improvement of our information security management system (ISMS), working crossfunctionally with tech, legal, product, and operations teams to maintain audit readiness. Key Responsibilities Information Security Program Management: - Lead the development, implementation, and maintenance of Information Security policies, standards, and procedures. - Build and maintain an effective Information Security Management System (ISMS) as per ISO 27001 standards. - Conduct regular risk assessments and develop mitigation strategies. Compliance and Audit Readiness: - Drive end-to-end compliance for PCI DSS, ISO 27001, RBI Guidelines for Payment Systems, CERT-In directives, and other applicable standards. - Prepare, coordinate, and manage both internal and external audits, including scoping, evidence collection, auditor coordination, and remediation. - Ensure continuous compliance with data localization and privacy laws (e.g., RBI, DPDP Act). - Monitor and interpret changes in security compliance requirements and implement necessary updates. Vendor and Third-Party Risk: - Conduct third-party security risk assessments, due diligence, and ongoing monitoring. - Ensure vendors adhere to applicable information security and compliance requirements. Security Operations Support: - Collaborate with DevOps and IT teams to ensure secure infrastructure configurations and vulnerability management. - Participate in incident response planning and execution, including forensics, RCA, and regulatory reporting where needed. Required Qualifications & Skills - Bachelor's or Master's degree in Computer Science, Information Security, Information Systems, or related field. - Minimum 3–7 years of proven experience in information security governance, audit management, and compliance. - Must have led or been a core part of audits for at least two of the following: - PCI DSS - ISO 27001 - RBI/CERT-In compliance - Data localization assessments Mandatory Certifications (Any two or more preferred) - CISA (Certified Information Systems Auditor) - CISSP (Certified Information Systems Security Professional) - ISO 27001 Lead Implementer or Lead Auditor - PCI DSS QSA or PCI-P Certified - CISM (Certified Information Security Manager)

Job Type: Full-time

Pay: ₹1,000,000.00 - ₹1,500,000.00 per year