Information Security Risk Lead

Job Description

Tide is seeking an Information Security Risk Lead to join their team in Delhi NCR, India. The company is a business management platform designed for small businesses, offering business accounts and administrative solutions.

The Information Security Risk Lead will be part of the Second Line of Defence, providing oversight and challenge to information security controls. They will interact with stakeholders, define security standards for Tide’s India operations, manage information security risk, and improve Tide’s global ISMS.

Role involves:

• Operating as part of the Second Line of Defence (2LOD).
• Interacting with 3rd party stakeholders such as partners and regulators.
• Defining information security standards specific to Tide’s India operations.
• Managing information security risk in accordance with Tide’s Global Risk Management Framework & Indian Regulatory requirements.
• Managing and improving Tide’s global ISMS.
• Implementing real-time compliance monitoring and risk management processes.
• Working with 1LOD stakeholders across the business in order to deliver information security risk treatment plans .
• Ensuring alignment with industry recognised information security control frameworks.
• Conducting information security risk assessments and control oversight .
• Defining and measuring global key risk indicators.
• Defining and measuring relevant local key risk indicators specific to Tide’s India operations.
• Facilitating external audit requirements.
• Reinforcing a strong security culture and awareness message throughout the business.
• Prepare and present regular reports on security posture, risk status, and compliance efforts.
• Ensuring Tide’s compliance with all applicable regulatory requirements.

Requirements:

• Minimum of 10 years experience in information security GRC.
• Experience interacting with financial regulators and government agencies in India.
• Familiarity with modern engineering and security paradigms.
• Experience using GRC tooling.
• Experience working at or on behalf of a financially regulated organization.
• Experience working at or on behalf of a technology-driven organisation.
• Experience with audits applicable to information security.
• Good technical knowledge in the field of information security.
• Experience with security control frameworks such as the ISO 2700 series, NIST CSF, CIS Critical Security Controls, PCI DSS etc.
• Relevant certifications such as CISSP, CISM, CISAare strongly preferred.
• In-depth knowledge of payment security standards, data protection regulations, RBI Master Directions, and risk management frameworks.

What Tide offers:

• Competitive salary
• Self & Family Health Insurance
• Term & Life Insurance
• OPD benefits
• Mental wellbeing platform Plumm
• Learning & Development budget
• WFH setup allowance
• 15 days of Privilege leaves
• 12 days of Casual leaves
• 12 days of Sick leaves
• 3 paid day-offs for volunteering or L&D activities