Information Security Risk Lead

ABOUT TIDE

At Tide, we are building a business management  platform designed to save small businesses time and money. We provide our members with business accounts and related banking services, but also a comprehensive set of connected administrative solutions from invoicing to accounting.

Launched in 2017, Tide is now used by over 1 million small businesses across the world and is available to UK, Indian and German SMEs. Headquartered in central London, with offices in Sofia, Hyderabad, Delhi, Berlin and Belgrade, Tide employs over 2,000 employees.

Tide is rapidly growing, expanding into new products and markets and always looking for passionate and driven people. Join us in our mission to empower small businesses and help them save time and money.

About You

You’ll be an information security expert, with a great eye for information security risk reduction and continual improvement opportunities. If fast-paced environments, cross-team exposure, inquisitive freedom and the ability to have a real impact on a rapidly growing scale-up appeals to you, then you already have the mind of a Tidean. You’ll join an ambitious team of highly motivated security specialists who interface with all areas of the business in order to drive down information security risk at Tide, whether it is technical, procedural or cultural. 

Some of the things you’ll be doing: 

• You’ll operate as part of the Second Line of Defence (2LOD), providing independent oversight and challenge on information security controls —focusing on governance, regulatory alignment, risk management  and reporting, rather than hands-on control implementation.
• Interacting with 3rd party stakeholders such as partners and regulators, on behalf of Tide Risk & Compliance .
• Defining information security standards specific to Tide’s India operations, in close alignment with the  global ISMS.
• Acting as a thought leader in the context of local information security requirements.
• Managing information security risk in accordance with Tide’s Global Risk Management Framework & Indian Regulatory requirements.
• Managing and improving Tide’s global  ISMS.
• Implementing real-time compliance monitoring and risk management processes using modern GRC tooling, utilising automation wherever possible.
• Working with 1LOD stakeholders across the business in order to deliver information security risk treatment plans .
• Ensuring alignment with industry recognised information security control frameworks, such as ISO 27001, NIST CSF.
• Conducting information security risk assessments and control oversight .
• Defining and measuring global key risk indicators, and interpreting  data from modern information security tooling to develop insightful risk reporting.
• Defining and measuring relevant local key risk indicators specific to Tide’s India operations.
• Facilitating external audit requirements, and working with stakeholders across 1LOD and 3LOD to close information security audit findings.
• Reinforcing a strong security culture and awareness message throughout the business.
• Prepare and present regular reports on security posture, risk status, and compliance efforts to senior management, audit committees, and regulatory bodies as required.
• Ensuring Tide’s compliance with all applicable regulatory requirements, and keeping abreast of new regulatory and compliance developments.

You’ll be a great fit if:

• You have a minimum of 10 years experience working in information security GRC (governance, risk & compliance) related roles
• You have experience interacting with financial regulators and government agencies in India (e.g. RBI, CERT-IN)
• You are familiar with modern engineering and security paradigms  such as DevSecOps within CI/CD pipelines, Infrastructure as Code (IaC), Zero Trust architecture, containerisation, microservices, and cloud-native development.
• You understand how effective change management can be implemented within agile, fast-paced environments, and can balance risk oversight without relying on legacy control models such as monthly CABs.
• You have experience using GRC tooling to monitor compliance and carry out risk management activities.
• You have experience working at or on behalf of a financially regulated organisation
• You have experience working at or on behalf of a technology-driven  organisation
• You’ve implemented, maintained and supported an ISO 27001 program
• You have experience with security control frameworks such as the ISO 2700 series, NIST CSF, CIS Critical Security Controls, PCI DSS etc.
• You have experience with audits applicable to information security such as ISO 27001, RBI Systems Audit Report (SAR), SOC2, Data Localisation, etc.
• You’ve performed information security risk assessments and control oversight
• You have good technical knowledge in the field of information security 
• You have led information security risk treatment  projects
• In-depth knowledge of payment security standards, data protection regulations, RBI Master Directions, and risk management frameworks.
• Relevant certifications such as CISSP, CISM, CISAare strongly preferred.

What you’ll get in return: 

• Competitive salary
• Self & Family Health Insurance
• Term & Life Insurance
• OPD benefits
• Mental wellbeing platform Plumm
• Learning & Development budget
• WFH setup allowance
• 15 days of Privilege leaves
• 12 days of Casual leaves
• 12 days of Sick leaves
• 3 paid day-offs for volunteering or L&D activities

TIDE IS A PLACE FOR EVERYONE

At Tide, we believe that we can only succeed if we let our differences enrich our culture. Our Tideans come from a variety of backgrounds and experience levels. We consider everyone irrespective of their ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity or differently-abled status. We celebrate diversity in our workforce as a cornerstone of our success. Our commitment to a broad spectrum of ideas and backgrounds is what enables us to build products that resonate with our members’ diverse needs and lives. 

We are One Team and foster a transparent and inclusive environment, where everyone’s voice is heard.

At Tide, we thrive on diversity, embracing various backgrounds and experiences. We welcome all individuals regardless of ethnicity, religion, sexual orientation, gender identity, or disability. Our inclusive culture is key to our success, helping us build products that meet our members' diverse needs. We are One Team, committed to transparency and ensuring everyone’s voice is heard.

You personal data will be processed by Tide for recruitment purposes and in accordance with Tide's Recruitment Privacy Notice.