About the Role :
We are looking for an Security Engineer II who will play a pivotal role in strengthening our security posture, maintaining security best practices across the organisation, and leading end-to-end information security compliance initiatives. This role demands a strong blend of technical security expertise and deep understanding of compliance frameworks, along with the ability to drive, coordinate, and close compliance audits with internal and external stakeholders.
You will work closely with engineering, SRE, product, compliance, and leadership teams to ensure the organisation consistently meets industry-leading security standards.
Key Responsibilities :
Security Governance & Best Practices :
- Define, implement, and maintain security best practices across infrastructure, applications, networks, and development workflows.
- Conduct security reviews for new and existing services, including architecture assessments and secure design recommendations.
- Own and improve security hardening across cloud environments, including IAM, encryption, secrets management, network segmentation, data protection, and monitoring.
- Collaborate with engineering teams to ensure secure SDLC, including threat modelling, code scanning, dependency checks, and configuration reviews.
- Maintain and continuously improve organisation-wide security policies, SOPs, and guidelines.
Compliance & Audit Leadership :
Lead and manage all infosec compliance audits, including internal audits and external audits such as ISO 27001, PCI-DSS, RBI / industry-specific guidelines, and other regulatory assessments.Coordinate with auditors, internal teams, and leadership to ensure timely evidence collection, gap remediation, and audit closure.Maintain compliance documentation, controls library, and audit artefacts with high accuracy.Monitor compliance posture, track control effectiveness, and drive continuous improvement initiatives across the organisation.Ensure enterprise adherence to policies, regulatory expectations, risk controls, and customer commitments.Risk Management & Security Operations :
Identify and assess information security risks, propose mitigation strategies, and track closure timelines.Run periodic risk assessments, vendor assessments, vulnerability scans, and configuration compliance checks.Participate in incident response, including investigation, RCA, and preventive controls implementation.Drive continuous security posture improvement through automation, tooling, training, and proactive monitoring.Qualifications & Skills :
Must-Have :
2-5 years of experience in Information Security, with strong exposure to security governance, compliance, and audit management.Hands-on experience with security frameworks such as ISO 27001, SOC 2, NIST CSF, PCI-DSS, or cloud-security benchmarks (CIS, AWS Well-Architected Security Pillar).Strong understanding of cloud security (AWS / GCP), identity & access management, data protection, secure network architecture, and secrets management.Ability to manage external auditors and internal stakeholders with clarity and ownership.Excellent documentation, communication, and cross-functional collaboration skills.Good-to-Have :
Experience working with fintech organisations or regulated sectors.Knowledge of DevSecOps tooling-SAST, SCA, DAST, IaC scanning, runtime protection, security monitoring.Relevant certifications (e.g., ISO 27001 LA / LI, SOC 2, CEH, Security+, CISSP Associate).What Youll Bring :
High ownership mindset with ability to lead compliance programs end-to-end.Passion for building a secure, compliant, and audit-ready organisation.Ability to balance practicality with security rigour and influence teams toward secure behaviours.Why Join Us?
Opportunity to shape and scale the organisations security and compliance posture.Work closely with engineering and leadership teams to define foundational security practices.Fast-paced, high-impact role in a rapidly growing environment.(ref : hirist.tech)
