Talent.com
This job offer is not available in your country.
Information Security Officer

Information Security Officer

FPL Technologiespune, maharashtra, in
4 days ago
Job description

About the company

Credit cards haven't changed much for over half a century so our team of seasoned bankers, technologists, and designers set out to redefine the credit card for you - the consumer. The result is OneCard - a credit card reimagined for the mobile generation. OneCard is India's best metal credit card built with full-stack tech. It is backed by the principles of simplicity, transparency, and giving back control to the user.

Key Responsibilities :

Security Strategy and Governance :

  • Develop, implement, and maintain a comprehensive information security roadmap and strategy aligned with business objectives.
  • Establish, mature, and enforce security policies, standards, and procedures to ensure a robust governance framework.
  • Collaborate with executive leadership on budget planning, forecasting, and management for security-related expenditures.

Audit and Compliance Management :

  • Lead and manage all aspects of internal and external audits, including those from regulatory bodies and clients (vendor due diligence).
  • Serve as the primary point of contact for auditors, ensuring all evidence requests are fulfilled accurately and on time.
  • Drive the remediation and closure of audit findings by coordinating with relevant technical and business teams.
  • Ensure ongoing compliance with key standards and regulations, including ISO 27001, ISO 22301, Credit Information Companies (CIC), and data localization laws.
  • Conduct routine compliance activities, such as management review meetings, to maintain certifications and ensure continuous improvement.

    • Risk and Vendor Management :

  • Establish and operate a robust vendor due diligence (VDD) program, working with internal teams and external audit vendors to assess third-party risk.
  • Oversee the end-to-end financial process for security vendors, including obtaining proposals, securing internal approvals, and tracking payments.
  • Identify, assess, and communicate security risks to the company's leadership and other key stakeholders.

    • Security Operations and Collaboration :

  • Act as the primary security advisor for the company, working closely with various technical teams and Technology Service Providers (TSPs).
  • Provide expert guidance and oversight for the implementation and management of security controls across key domains, including :

    • Cloud Security :

  • Advise on best practices for securing AWS environments.
  • Application Security : Champion the integration of security into the SDLC (SAST / DAST, penetration testing).

    • Network & Endpoint Security :

  • Guide the deployment and configuration of firewalls, WAF, IDS / IPS, and EDR solutions.
  • Identity & Access Management (IAM) : Ensure robust implementation of SSO, MFA, and privileged access controls.

    • Qualifications and Experience :

  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
  • 5-6 years of progressive experience in information security, with a focus on governance, risk, and compliance.
  • Demonstrated experience in developing or significantly maturing an information security program.
  • In-depth, hands-on experience leading and facing audits for frameworks like ISO 27001, SOC 2, or PCI DSS.
  • Professional certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Auditor / Implementer are highly desirable.

    • Skills and Competencies :

  • Leadership and Ownership : A strategic leader with the ability to operate with a high degree of autonomy. Possesses a strong sense of ownership and takes full responsibility for the security posture of the company.
  • Independent Decision-Making : Proven ability to make critical, well-reasoned decisions independently and confidently drive security initiatives forward.
  • Stakeholder Management : Exceptional communication and interpersonal skills, with the ability to effectively articulate complex security concepts and risks to diverse stakeholders, including company directors, executive leadership, and heads of technology departments.
  • Broad Technical Proficiency : Strong, advisory-level knowledge across multiple security domains (Cloud, Network, Application, Endpoint, IAM).
  • Compliance Expertise : Deep understanding of ISO 27001, ISO 22301, CIC, and data localization principles.
  • Creative Problem-Solving : A proactive and innovative approach to identifying and solving complex security challenges in a dynamic environment.
    • Create a job alert for this search

    Information Security • pune, maharashtra, in