Information Security Risk Manager

ABOUT THE ROLE:  

As an Information Security Risk Manager you will be a pragmatic information security GRC expert with a proven track record of implementing controls and risk management in a fast-paced, technology-driven environment in India. You possess a strong understanding of modern engineering practices, and know how to apply international best practices (like ISO 27001) effectively to a local tech stack and operational setup. You are passionate about using GRC tooling and automation to manage technology risk.

Core responsibilities will include:

• ISMS Alignment: Ensuring technology controls, processes, and people in India are fully aligned with the global ISMS and local requirements.
• Modern GRC: Implementing real-time compliance monitoring and risk management processes using modern GRC tooling, specifically to monitor the information security posture and controls of the India-based tech stack and service providers.
• Local Risk & Control Oversight: Conducting detailed information security risk assessments and control oversight focused on Tide India's people, process, and technology. Working with local and global First Line of Defence (1LOD) stakeholders to deliver effective risk treatment plans for the India market.
• Technology Alignment: Ensuring information security standards for India operations are robust and align with a modern tech stack (e.g., Infrastructure as Code, CI/CD) used by engineering teams supporting India.
• Audit Facilitation: Facilitating external audits relevant to the ISMS and technology controls in India (e.g., ISO 27001, SAR), and driving the closure of audit findings with local teams.
• Metrics & Reporting: Defining and measuring local key risk indicators (KRIs). Interpreting data from security tooling to develop insightful, risk-focused reporting specifically for Tide India senior leadership.
• Culture & Awareness: Reinforcing a strong security culture and awareness message throughout the India business unit.

• 7+years experience in information security GRC, with significant experience working within the technology or financial sector.
• Deep familiarity with modern engineering and security paradigms (DevSecOps, IaC, Zero Trust, Cloud-Native) and applying GRC principles to them.
• Proven experience in implementing and using GRC tooling to monitor compliance and manage risk.
• Experience in implementing and maintaining an ISMS using ISO 27001 within an Indian operational context.
• Strong technical knowledge in information security to effectively assess technical risks and controls.
• Relevant certifications such as CISSP, CISM, or CISA are strongly preferred.

Our location-specific employee benefits are designed to cater to the unique needs of Tideans: 

• Competitive Compensation -  competitive salary and share options
• Time Off – Generous annual leave on top of bank holidays.
• Parental Leave – Paid maternity, paternity, and adoption leave to support your family journey.
• Sabbatical – Extended unpaid and paid leave options after completing milestone years with Tide.
• Health Insurance – Private family insurance with additional OPD coverage and top-up options.
• Life & Accident Cover – Comprehensive accidental and life insurance protection.
• Mental Wellbeing – Access to therapy sessions, courses, meditations, and workshops.
• Volunteering & Development Days – Paid days annually for volunteering or personal growth.
• Learning & Development – Annual budget for books, courses, coaching, and more.
• WOO (Work Outside the Office) – Work from abroad for up to 90 days annually.
• Home Office Setup – Contribution towards setting up your home office
• Laptop Ownership – Keep your old laptop and get a new one when it’s time for a replacement.
• Snacks & Meals – Office perks with snacks, coffee, tea, and lunch (location dependent).