Information Security Manager

Job Description: We are seeking a highly skilled and experienced Information Security Manager to join our team at DPDzero. As the Information Security Manager, you will be responsible for developing and implementing robust information security strategies, policies, and practices, with a primary focus on aligning with the ISO 27001 framework. You will collaborate closely with cross-functional teams to identify and mitigate security risks, lead security assessments and audits, and ensure compliance with ISO 27001, along with other industry standards and regulatory requirements. Your expertise in ISO 27001, information security, risk management, and security best practices will be critical in maintaining the confidentiality, integrity, and availability of our systems and data.

Responsibilities:

1. Information Security Strategy: Develop and implement the company’s information security strategy and roadmap, with a strong emphasis on aligning with ISO 27001, while also aligning it with business goals and objectives.

2. Security Governance: Establish and maintain an effective information security governance framework based on ISO 27001, including policies, procedures, and standards.

3. Risk Management: Identify, assess, and prioritize information security risks following ISO 27001 guidelines, and develop risk mitigation plans and controls.

4. Security Awareness: Foster a culture of security awareness among employees, partners, and stakeholders through training and communication initiatives, in line with ISO 27001 requirements.

5. Incident Response: Develop and execute ISO 27001 compliant incident response plans to address and mitigate security incidents and breaches.

6. Security Compliance: Ensure compliance with ISO 27001 and other relevant security standards, frameworks, and regulatory requirements.

7. Security Assessments: Conduct regular security assessments, vulnerability assessments, and penetration tests, adhering to ISO 27001 principles, to identify and address security vulnerabilities.

8. Security Audits: Coordinate and participate in security audits and assessments, particularly focusing on ISO 27001 compliance, to evaluate the effectiveness of security controls.

9. Security Monitoring: Implement and manage security monitoring tools and systems in line with ISO 27001 requirements to detect and respond to security threats in real-time.

10. Security Training: Provide training and guidance to the IT and security teams to enhance their knowledge and skills in information security, with ISO 27001 as a key reference.

11. Third-Party Risk Management: Evaluate and manage security risks associated with third-party vendors and service providers, with ISO 27001 compliance as a priority.

12. Incident Reporting: Prepare and present security incident reports to senior management and stakeholders, following ISO 27001 reporting guidelines.

13. Security Performance Metrics: Define and track key security performance metrics and KPIs, including those outlined in ISO 27001, to measure the effectiveness of security controls.

Requirements:

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 3+ years of experience in information security management or related roles.
• Strong understanding of information security principles, best practices, and ISO 27001 standards.
• Proven experience in developing and implementing information security strategies and programs with ISO 27001 compliance.
• Familiarity with other security frameworks and standards such as NIST, CIS, or PCI DSS.
• In-depth knowledge of security technologies and tools, including firewalls, IDS/IPS, SIEM, antivirus, etc.
• Experience with risk management, security assessments, and incident response.
• Strong analytical and problem-solving skills to address complex security issues.
• Excellent leadership and communication skills to collaborate with cross-functional teams and senior management.
• Detail-oriented with a strong focus on accuracy and compliance.
• Relevant security certifications such as CISSP, CISM, or CRISC will be a plus.

About DPDzero

Credit penetration in India faces significant challenges, necessitating focused attention. Without proper infrastructure, extending credit to unserved and underserved populations remains elusive.

DPDzero is on a mission to enhance credit penetration by enabling lenders to concentrate on acquiring new customers, while we handle delinquency management. We are an 18-month-old startup, collaborating with over 20 lending partners . We have secured $3.25 million in seed funding from Blume Ventures, India Quotient, Better Capital, etc.

Company Description:

DPDzero is a pioneering fintech company dedicated to extending formal credit access to the next billion individuals in India. Our cutting-edge platform leverages machine learning and a digital-first approach to transform the lending industry. By prioritizing compliance, data-driven decision-making, and a culture of experimentation, we aim to maximize value for lenders while delivering an unparalleled customer experience. Join us as we revolutionize the financial landscape and empower individuals with greater financial opportunities.

Customers:

At DPDzero, we work with a diverse range of ambitious lenders, both established players and emerging disruptors, who are reshaping the credit ecosystem in India. Some of our esteemed customers include Cashe, Ring, TATA Capital, IndusInd Bank, KreditBee, and more, with new additions each month.

Our Approach:

We partner with our lenders by taking charge of their collections portfolio, allowing them to focus on customer acquisition while we ensure efficient recovery from their customers. Our technology-driven platform leverages machine learning algorithms to optimize collections strategies and drive maximum recovery rates.