Security Lead

Details

Location – Pune (Hybrid)

Working closely with CTO, CEO and Engineering Team

Experience Level: 5-7 yrs.

Department: Security & Compliance

In one sentence

We are seeking a hands-on Security & Compliance Lead to own and execute our end-to-end security audits and compliance initiatives across applications, infrastructure, and organizational processes. This role ensures our systems, applications, and business operations are secure, compliant, and aligned with both internal policies and regulatory requirements (e.g., RBI, ISO 27001, SOC 2 Type II)..

What will your job look like

Conduct technical assessments (e.g., VRA, security checklists) required by new BFSI clients.

Analyse and complete detailed cloud infrastructure security and compliance questionnaires.

Assist in mapping customer security and regulatory requirements (e.g., ISO 27001, RBI, SOC 2 type II) to internal controls.

Maintain documentation and templates for commonly requested BFSI assessment artifacts.

Security Assessments:

Manage and complete security questionnaires from clients, vendors, and partners.

Evaluate vendor security and compliance by reviewing their responses and supporting documentation.

Risk Identification:

Identify security risks within the company’s IT infrastructure, applications and services.

Assess potential risks posed by vendors or partners during onboarding.

Compliance Monitoring:

Ensure compliance with security standards such as ISO 27001, GDPR, SOC 2, or any other relevant frameworks.

Work with internal teams to maintain compliance with legal and regulatory requirements.

Collaboration:

Collaborate with the IT security, legal, and procurement teams to address concerns identified in the security assessments.

Coordinate with vendors to ensure their security practices meet company requirements.

Policy Development:

Develop and maintain internal security policies and procedures related to vendor assessments and third-party risk management.

Reporting:

Prepare detailed reports summarizing findings from security assessments and risk analysis.

Provide recommendations to improve security measures and compliance.

Training:

Educate internal staff and external partners about security best practices and compliance requirements

Support pre-sales and onboarding teams with timely delivery of assessment documentation.

Stay updated with AWS best practices, shared responsibility model, and emerging cloud security trends.

What we are looking for (Skills)

• Bachelor’s degree in computer science, Information Security, Data Science, or a related field

• 5+ years of experience working with Audit/compliance, application security assessments, AWS cloud security preferably BFSI domain

• 2+ yrs. of experience on AWS cloud security and risk assessments.

Strong exposure to AWS cloud infrastructure (Guard Duty, security hub, inspector, Firewall, IAM, EC2, VPC, S3, Security Groups, etc.).

Familiarity with secure coding practices, vulnerability management, and threat modelling.

Experience with VRA templates, cloud security checklists, and assessment responses for enterprise or regulated clients.

Familiarity with information security standards such as ISO 27001, SOC 2, RBI cybersecurity framework.

Strong understanding of data protection, encryptions methodologies

Strong written and verbal communication skills to liaise with technical and non-technical stakeholders.

Ability to interpret and explain security configurations and policies in layman's terms.

Experience with security controls, vulnerability scanning tools (e.g., Nessus, wire shark), or SIEM.

Exposure with security tools such as network firewall, IPS/IDS is plus

Personality and attitude traits

Security-first mindset – Committed to protecting data and ensuring system integrity.

Builder’s DNA – Goes beyond assessment to think proactively about potential risks.

Mentor & Leader – Invests in growing people as well as systems.

Sharp problem-solver – Brings clarity and structure to complex issues.

Bias for action – Values timely execution, grounded in solid design.

Owner mentality – Takes pride in delivering reliable, secure systems.

Quick learner – Keeps pace with evolving threats and security trends.

Highly disciplined – Detail-oriented with strong follow-through.

Other details

Compensation as per industry standards

Annual appraisal cycle