Chief Information Security Officer / Head of Information Security at Tazapay Pte Ltd

Bengaluru, karnataka, India -

Full Time

Start Date

Immediate

Expiry Date

02 Feb, 26

Salary

0.0

Posted On

04 Nov, 25

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information Security, Cloud Security, Application Security, DevSecOps, Compliance, Risk Management, Incident Response, Data Protection, Vulnerability Management, Security Governance, Identity Management, Endpoint Security, Security Awareness, Penetration Testing, Technical Controls, Security Engineering

Industry

Financial Services

Description

About Tazapay Tazapay is a global cross-border payment platform that enables businesses to seamlessly transact across fiat and stablecoins. With a robust Pay-in and Pay-out network spanning multiple geographies, Tazapay offers unparalleled flexibility in payment methods, including named virtual accounts, alternative payment methods (APMs), and stablecoins. Licensed in Singapore, Canada, USA, Australia Tazapay provides a fully compliant and transparent payment infrastructure that allows businesses to offer fiat and stablecoin-based transactions to their underlying clients. Its platform ensures effortless onboarding of merchants while also supporting white-label solutions, empowering businesses to scale their global payments without operational complexity. With Tazapay, enterprises can bridge the gap between traditional finance and digital assets, ensuring interoperability, compliance, and seamless cross-border transactions at scale. We are passionate about building reliable, secure, and cutting-edge payment solutions that empower businesses. We are seeking a visionary and experienced security leader to join our team and drive our information security future. Role Overview Technical and strategic leader for all things security, from cloud infrastructure to application, data, and endpoint security in a global payments fintech startup ,working closely with engineering, infrastructure, product and compliance teams. This role carries group-wide responsibility for ensuring that Tazapay’s information security controls, policies, and practices comply with regulatory expectations across all jurisdictions where Tazapay operates (including MAS TRM Guidelines in Singapore, FINTRAC in Canada, AUSTRAC/ASIC in Australia, CBUAE in Dubai, and emerging EU/UK standards such as DORA/NIS2). The CISO acts as a key control owner jointly accountable with the Chief Compliance Officer for the verification, testing, and effectiveness of technical and procedural safeguards. Location: Bangalore (HSR Layout, In Office) Reports to: CTO + Dotted line to Chief Compliance Officer (for regulatory control assurance) Key Responsibilities ● Develop and Implement the security strategy working closely with engineering, infrastructure, product , compliance and operations teams and leaders. ● Product security: Enforce Secure Software Development lifecycle , ensure product /feature architecture and designs are reviewed from the security perspective, drive DevSecOps and shift left security. Manage internal and external penetration testing, vulnerability management and responsible disclosure. Evaluate the security of partner and third party integrations. ● Infrastructure and Cloud security : Enforce secure cloud architecture ( AWS) . Implement CSPM / CWPP/SIEM . Ensure secure network segmentation, secret management, encryption standards, vulnerability and patch management. Ensure all cloud and infrastructure controls align with regulatory obligations (e.g., MAS TRM, ISO 27001, SOC 2, NIST CSF) and are tested regularly as part of compliance assurance cycles. ● IT Security : Identity and Access management , endpoint security , email security, DLP, security of tools and applications for employees. Oversee adherence to data protection, localization, and access management standards applicable under each licensing regime. ● Compliance: Partner with the Compliance team and stakeholders to establish and enforce the security governance framework. Lead information security aspects of internal and external audits. Maintain and enforce policies around security, data handling, data classification, data privacy. Be the liaison around information security with regulators, auditors and partners. Ensure that regulatory inspections (MAS, FINTRAC, AUSTRAC, CBUAE, EU/UK authorities) are fully supported with technical evidence of control design and operation. Maintain continuous readiness for audit and certification. ● Drive security incident management process. Establish play books, Integrate threat intelligence , Red/Blue teaming as needed. Ensure incident response processes satisfy regulatory reporting obligations in each jurisdiction, including timely escalation and documentation. ● Build and mentor a high performance security engineering team ● Build security awareness company wide. Enable the upskilling of engineering organisations on security, develop security champions. Foster a culture of compliance-by-design and ensure security ownership across product and operations teams. Qualifications ● 12–18+ years of experience in technical information security, including at least 4+ years in a Senior Security Engineering leadership role with a fintech ● Deep understanding of cloud-native architectures (AWS/GCP/Azure), and microservices-based fintech stacks. ● Hands-on experience with Application Security , DevSecOps, infrastructure security. ● Experience working with payments or financial infrastructure, ideally under regulated environments ● Prior experience engaging with card networks, banks, and payment processors on security & compliance audits. ● Strong familiarity with regulatory control frameworks governing technology risk and data protection across one or more jurisdictions (Example: MAS TRM, FINTRAC, AUSTRAC/ASIC, CBUAE, DORA/NIS2, ISO 27001, NIST). Ability to translate these regulatory expectations into concrete technical controls and evidence. Preferred Qualifications ● Familiarity with stablecoins, blockchain infrastructure, and cryptocurrency custody models (hot/cold wallet security, signing keys, HSM integrations). ● Security certifications such as CISSP, CISM, OSCP, or AWS Security Specialty. ● Exposure to global cross-border licensing frameworks ● Experience working with or reporting to regulators and external auditors on technology risk matters. Demonstrated capacity to align technical design with regulatory requirements across multiple entities. Why Join Tazapay? ● Opportunity to shape the future of global trade and payments. ● Work alongside world-class leadership and visionary founders. ● Backed by premier investors and poised for exponential growth. ● Autonomy and ownership with high visibility and impact. ● Competitive compensation including salary, bonus and equity package. ● Opportunity to work with a talented and passionate team. ● Significant impact on the company's success and the payments landscape.

Responsibilities

The CISO will develop and implement the security strategy while ensuring compliance with regulatory expectations across multiple jurisdictions. This role involves overseeing product security, infrastructure security, IT security, and incident management processes.