Senior Information Security Risk Analyst

Senior Information Security Risk Analyst

Location: Hyderabad (Hybrid)

About the Role

We are looking for a proactive and detail-oriented Information Security Specialist to lead and manage our cybersecurity governance and risk function. The ISO is responsible for ensuring that our security posture aligns with business objectives, regulatory requirements, and recognized security frameworks (e.g., ISO/IEC 27001, NIST CSF, SOC 2, DORA, NIS2, GDPR). This role acts as a key liaison between technical teams, executive management, and external stakeholders (e.g., auditors, regulators, clients).

Experience within Fintech, regulated industries is a bonus.

What you'll do

Governance, Risk & Compliance (GRC)

• Own and maintain the Information Security Management System (ISMS) and all related policies, standards, procedures, and guidelines.
• Lead the design and execution of cybersecurity risk assessments across systems, vendors, projects, and business units.
• Maintain and enhance the Risk Register, performing control gap analysis and tracking mitigation actions.
• Coordinate external audits/certification efforts (e.g., SOC 2, ISO 27001, SWIFT CSP, PCI DSS, NCSC CAF, NYDFS NYCRR 500, SEC Cyber Rules, CPS 234).
• Define and manage security metrics, KPIs, and KRIs for dashboards and board-level reporting.

Policies, Controls & Regulatory Alignment

• Develop, review, and enforce information security policies, ensuring they align with business and regulatory needs (e.g., DORA, GDPR, NIS2).
• Map security controls to regulatory and industry standards (e.g., ISO/IEC 27001, NIST CSF 2.0).
• Support Privacy, Legal, and Compliance teams in data protection impact assessments (DPIAs), breach reporting, and third-party compliance.

Vulnerability Management Oversight

• Provide second-line oversight of the global vulnerability management program, ensuring regular scanning, risk-based prioritization, remediation tracking, and exception handling across all environments (cloud, endpoint, SaaS, network).
• Validate alignment with regulatory expectations (e.g., DORA RTS) regarding patch timelines, exposure windows, and remediation governance.
• Review metrics and risk reports, challenge first-line remediation owners, and escalate unresolved high-risk exposures to governance bodies or senior management.

Second Line Oversight & Advisory

• Oversee the implementation of controls by the first line (e.g., SOC, DevOps, Infrastructure) and challenge their effectiveness.
• Provide security input to change management, procurement, new projects, and system design reviews.
• Participate in or lead Security Steering Committees and workstreams.

Third-Party Risk Management

• Maintain the third-party risk program: conduct security due diligence, review vendor assessments.
• Establish formal channels for incident communication.

Security Awareness & Culture

• Lead the security awareness training program, phishing simulations, and targeted security education campaigns.
• Promote a culture of security across all departments, from developers to executives.

What you'll need

• 5+ years in cybersecurity, with at least 2 years in a governance/risk/compliance role.
• Experience operating under regulatory environments such as DORA, GDPR, NIS2, FCA.
• Strong understanding of information security frameworks: ISO/IEC 27001/2, NIST CSF, NIST 800-53, CIS Controls v8, SOC 2.
• Excellent risk analysis, documentation, and stakeholder communication skills.
• Ability to engage both technical and non-technical stakeholders and bridge the gap between business risk and technical controls.
• Familiarity with tools like GRC platforms, risk registers, CMDBs, SIEM dashboards, or compliance automation tools.
• Structured, analytical mindset with strong organizational skills.
• Capable of operating independently and taking ownership of key risk initiatives.
• Politically aware and able to challenge constructively within complex environments

Bonus points

• Preferred Certifications: GRC / Audit / Risk: ISO 27001 Lead Implementer / Auditor, CRISC, CISM, CISA, CISSP, CDPSE or similar

We welcome people from all backgrounds who seek the opportunity to help build a future where we connect the dots for international property payments. If you have the curiosity, passion, and collaborative spirit, work with us, and let’s move the world of PropTech forward, together.

Redpin, Currencies Direct and TorFX are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, colour, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by laws.