Information Security Risk Lead

ABOUT TIDE

At Tide, we are building a finance platform designed to save small businesses time and money. We provide our members with business accounts and related banking services, but also a comprehensive set of connected administrative solutions from invoicing to accounting.

Launched in 2017, Tide is now used by over 1 million small businesses across the world and is available to UK, Indian and German SMEs. Headquartered in central London, with offices in Sofia, Hyderabad, Delhi, Berlin and Belgrade, Tide employs over 1,800 employees.  

Tide is rapidly growing, expanding into new markets and always looking for passionate and driven people. Join us in our mission to empower small businesses and help them save time and money.  

About You

You’ll be an information security expert, with a great eye for information security risk reduction and continual improvement opportunities. If fast-paced environments, cross-team exposure, inquisitive freedom and the ability to have a real impact on a rapidly growing scale-up appeals to you, then you already have the mind of a Tidean. You’ll join an ambitious team of highly motivated security specialists who interface with all areas of the business in order to drive down information security risk at Tide, whether it is technical, procedural or cultural. 

Some of the things you’ll be doing: 

• Interacting with 3rd party stakeholders such as partners and regulators, on behalf of Information Security.
• Defining Tide’s India-specific information security programme in alignment with its global ISMS.
• Acting as a thought leader in the context of local information security requirements.
• Managing information security risk in accordance with Tide’s Global Risk Management Framework & Indian Regulatory requirements.
• Managing and improving Tide’s Information Security Management System (ISMS) .
• Working with 1LOD stakeholders across the business in order to deliver information security risk reduction projects.
• Ensuring alignment with industry recognised information security control frameworks.
• Conducting information security risk assessments and control testing.
• Defining and measuring key risk indicators, and using data from modern information security tooling to develop insightful risk reporting.
• Facilitating external audit requirements, and working with stakeholders across 1LOD and 3LOD to close information security audit findings.
• Reinforcing a strong security culture and awareness message throughout the business.
• Define, track, and report key risk indicators (KRIs) and metrics related to information security within the PPI environment.
• Prepare and present regular reports on security posture, risk status, and compliance efforts to senior management, audit committees, and regulatory bodies as required.
• Ensuring Tide’s compliance with all applicable regulatory requirements, and keeping abreast of new regulatory and compliance developments.

You’ll be a great fit if:

• You have a minimum of 10 years experience working in information security GRC (governance, risk & compliance) related roles
• You have experience interacting with financial regulators and government agencies in India (e.g. RBI, CERT-IN)
• You have experience working at or on behalf of a financially regulated organisation
• You have experience working at or on behalf of a technology-first organisation
• You’ve implemented, maintained and supported an ISO 27001 program
• You’ve implemented, maintained and supported a PCI DSS compliance program
• You have experience with security control frameworks such as the ISO 2700 series, NIST CSF, CIS Critical Security Controls, etc.
• You have experience with audits applicable to information security such as ISO 27001, Systems Audit Report (SAR), SOC2, etc.
• You’ve performed information security risk assessments and/or control testing
• You have good technical knowledge in the field of information security 
• You have led information security risk reduction projects
• In-depth knowledge of payment security standards (PCI-DSS), data protection regulations, incident response, and risk management frameworks.
• Relevant certifications such as CISSP, CISM, CISA, or PCI Professional (PCIP) are strongly preferred.

What you’ll get in return: 

Competitive salary

• Self & Family Health Insurance
• Term & Life Insurance
• OPD benefits
• Mental wellbeing platform Plumm
• Learning & Development budget
• WFH setup allowance
• 15 days of Privilege leaves
• 12 days of Casual leaves
• 12 days of Sick leaves
• 3 paid day-offs for volunteering or L&D activities

TIDE IS A PLACE FOR EVERYONE

At Tide, we believe that we can only succeed if we let our differences enrich our culture. Our Tideans come from a variety of backgrounds and experience levels. We consider everyone irrespective of their ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity or differently-abled status. We celebrate diversity in our workforce as a cornerstone of our success. Our commitment to a broad spectrum of ideas and backgrounds is what enables us to build products that resonate with our members’ diverse needs and lives. 

We are One Team and foster a transparent and inclusive environment, where everyone’s voice is heard.

At Tide, we thrive on diversity, embracing various backgrounds and experiences. We welcome all individuals regardless of ethnicity, religion, sexual orientation, gender identity, or disability. Our inclusive culture is key to our success, helping us build products that meet our members' diverse needs. We are One Team, committed to transparency and ensuring everyone’s voice is heard.