KhataBook - Program Lead - Information Security (8-10 yrs)

Your role :

We, at Khatabook are looking for a Program Lead - Information Security. As a Program Lead - InfoSec, you will be implementing and maintaining various security standards, regulations, and best practices (e.g.,ISO 27001, SOC 2) while ensuring compliance with India's data localization requirements through comprehensive risk management and audit programs. We're seeking a seasoned security professional with 8+ years of experience who can translate complex security requirements into actionable policies, demonstrate strong stakeholder management skills, and bring hands-on experience in building security programs that enable business growth while maintaining robust security controls.

What would you do at Khatabook ?

Governance, Risk, and Compliance (GRC):

- Develop, implement, and maintain the organization's GRC program to ensure alignment with business objectives and regulatory requirements.

- Identify, assess, and mitigate information security risks across the organization.

- Establish and enforce policies, procedures, and controls to ensure compliance with applicable laws, regulations, and standards.

- Coordinate with internal teams for security controls implementation

- Monitor and report on security metrics to senior management

Audit Management:

- Act as the primary point of contact for internal and external audits, including ISO 27001, SOC 2, and other relevant frameworks.

- Prepare for and facilitate audits by coordinating with cross-functional teams, gathering evidence, and addressing auditor inquiries.

- Ensure timely remediation of audit findings and implement corrective actions to maintain compliance.

ISO 27001 and SOC 2 Implementation:

- Lead the implementation, maintenance, and continuous improvement of ISO 27001 and SOC 2 compliance programs.

- Conduct gap assessments and develop action plans to address deficiencies.

- Manage the documentation of policies, procedures, and controls required for certificationand recertification.

Security Awareness and Training:

- Develop and deliver security awareness programs to educate employees on information security policies, procedures, and best practices.

- Provide training to internal teams on GRC-related topics and audit readiness.

Vendor and Third-Party Risk Management:

- Assess and monitor the security posture of third-party vendors and partners to ensure compliance with organizational standards.

- Review and negotiate security terms in contracts and agreements.

What are we looking for ?

- Excellent knowledge of information security standards, regulations, and best practices (e.g., ISO 27001, SOC 2, NIST, GDPR).

- Strong analytical and problem-solving skills with the ability to assess complex security issues.

- Exceptional communication and interpersonal skills, with the ability to interact effectively with technical and non-technical stakeholders.

- Detail-oriented with strong organizational and project management skills.

- Experience in managing security incidents and crisis situations.

- Strong knowledge of Indian data protection laws and data localization requirements

- Experience in the financial services or fintech industry is great to have.

- Minimum 8 years of information security experience.