Senior Information Security Engineer (ISO27001)

About IDfy

IDfy is Asia’s leading TrustStack, trusted by the best, with global expertise and enterprise-grade tech, we’re solving trust challenges, making compliance easy, fraud detection smarter, and onboarding seamless.

Our clients include HDFC Bank, Zomato, Amazon, PhonePe, Paytm, HUL and many others. With more than 13+ years of experience and 2 million verifications per day, we are pioneers in this industry.

IDfy’s three platforms- OnboardIQ, OneRisk, and Privy - come together to form one seamless solution enabling trust.

We have successfully raised $27M from Elev8 Venture Partners, KB Investments & Tenacity Ventures!

We work fully onsite on all 5 days of the week from our office in Andheri East, Mumbai

About the Role

As an Information Security Engineer at IDfy, you’ll be the go-to guardian of our security and compliance framework. You’ll own everything from ISO 27001 and SOC 2 audits (Internal and External) to Customer third-party risk assessments, customer security requests, and internal ISMS management.

You’ll work across product, engineering, and legal teams to ensure we’re not just compliant—but secure by design. If you’re someone who knows how to manage an audit without breaking a sweat and gets a kick out of spotting gaps in security systems, this one’s for you.

We Are the Perfect Match If You…

Speak fluent ISO 27001, SOC 2, and ISMS for

4-6 years

Have experience owning and running end-to-end compliance audits

Experienced in handling ISMS management end to end

Responding to customer third party risk assessments questionnaires and facing customer Audits

Can guide control owners like a boss (and not just with fancy dashboards)

Enjoy writing and updating InfoSec policies (yes, we know that’s rare!)

Know how to communicate security stuff to non-security folks

Have worked in a SaaS environment or want to secureone now

Love working across multiple teams and hate working in silos

Have strong knowledge of cloud platforms (GCP preferred, others okay too)

Hold one or more certifications (mandatory) : ISO 27001 Lead Auditor, CISA, CISSP

Here’s What Your Day Will Look Like…

Maintain and manage IDfy’s ISMS as per ISO 27001 and SOC 2 standards

Coordinate and lead internal and external audits

Oversee annual policy renewals, updates, documentation and ISMS activities

Face third-party / vendor risk assessments from our customer

Respond to security questionnaires from customers and partners

Track and close compliance deliverables with internal stakeholders

Identify gaps in technical or procedural controls and work with teams to fix them

Train internal teams on compliance expectations and workflows

Monitor and improve security metrics across the org

Stay up to date with industry trends and frameworks

What’s it like working at IDfy?

We build products that detect and prevent fraud. With billions of transactions flowing through our pipes, InfoSec is not just important, it’s critical. You’ll have the space to take ownership, challenge the status quo, and build security systems that scale with our growth. And yes, we love memes, chai, and debating compliance checklists over lunch.

Thanks to our problem-centric approach, one in which we find the right technology to solve a problem rather than the other way around, you will always be working on the latest technologies.

We work hard and party hard. There are weekly sessions on emerging technologies. Work weeks are usually capped off with board games, poker, karaoke, and other fun activities.