Senior Information Security Officer

Decentro is a Y-Combinator backed banking & payments infrastructure company. Decentro provides building blocks that help companies stitch their fintech workflows in a few weeks. While starting our first fintech venture back in 2014, we spent years convincing banks to partner with us. Before we could launch our fintech product (more here), we had to convince different departments within banks – including technology, business, leadership, legal, and support – to get the green signal. Fast forward to today, we realise that banks & regulatory institutions find it difficult to help the longer tail of companies build innovative & compliant fintech solutions. What if there was a platform (think AWS for cloud or Twilio for messaging) that abstracts the complexities of banking, identity, payments, lending, and provides simple APIs so that companies do not have to spend years dealing with banks? We're solving this pain point at Decentro since 2020. We've scaled to process $4 billion+ in payment volumes & have 900+ customers across India & Singapore in multiple verticals such as marketplaces, banks, regulated institutions, fintechs, lenders, gaming, and more. What is expected from you – Lead the overall information security strategy, governance, and risk management for Decfin (our Payment Aggregator entity), reporting directly to our Chief Technology Officer. Develop, implement, and maintain information security policies, procedures, and controls aligned with regulatory requirements, particularly RBI guidelines for Payment Aggregators. Ensure compliance with applicable standards such as ISO 27001, PCI DSS, and data privacy regulations. Conduct regular security risk assessments, threat modeling, and vulnerability analysis. Collaborate cross-functionally with engineering, legal, compliance, and product teams to embed security into all layers of the platform. Own and drive internal audits, handle external audits (including RBI or partner due diligence), and ensure timely closure of findings. Evaluate and help deploy security tools such as SIEM, DLP, endpoint protection, etc., to improve the security posture. Stay updated on emerging threats, attack vectors, and industry best practices and apply them to proactively secure our systems and data. Help the team to manage security incidents, perform root cause analysis, and implement preventive controls. Train and mentor more members on security awareness and best practices. What we are looking for – Minimum 7 years of experience in information security, preferably within the payments or financial services domain. Prior experience in Payment Aggregator or PSP environments is highly desirable. Familiarity with security frameworks and certifications like ISO 27001, PCI DSS, SOC 2, and RBI PA guidelines is a must. Strong understanding of security technologies such as firewalls, intrusion detection systems, SIEM, encryption, etc. Proven ability to interface with regulatory bodies, auditors, and partners on information security matters. Strong analytical and communication skills with the ability to simplify and explain security concepts to non-technical stakeholders. Strong sense of ownership and responsibility. Based in or willing to relocate to Bangalore. What we offer – The ability for you to make an impact and lay a foundation for the upcoming fin-tech innovations. A multicultural and diverse team of colleagues from different states that speak in total 6 Indian and global languages. Progressive and flexible work hours that match your personality and lifestyle. The best-in-class perks and benefits for leaders in fintech. Check out our careers page for the same: https://decentro.tech/careers

Decentro is a Y-Combinator backed banking & payments infrastructure company. Decentro provides building blocks that help companies stitch their fintech workflows in a few weeks.