InfoSec Engineer (Compliance Engineer)

About Drip Capital

We are a US-based fintech company revolutionizing global trade for SMEs. At Drip Capital were redefining the future of trade finance and facilitation empowering small and medium-sized enterprises (SMEs) to scale internationally with ease.

With the global SME trade market exceeding $5 trillion our mission is to provide businesses in emerging markets with seamless access to capitaleliminating red tape and outdated processes. By leveraging cutting-edge technology we make trade finance fast efficient and hassle-free. Beyond financing we simplify trade and sourcing helping SMEs navigate global markets effortlessly.

Headquartered in Palo Alto California with offices in India Drip Capital is strategically positioned to meet the evolving needs of SMEs in emerging markets.

Backed by top investorsincluding Accel Peak XV Wing VC Sequoia India Y Combinator GMO SMBC Japan Barclays and IFCDrip has facilitated over $7 billion in trade across 10000 buyers and sellers. As we continue to grow we remain committed to transforming global trade for SMEs worldwide.

Role Overview :

We are looking for a highly motivated and detail-oriented Security Compliance Engineer with a strong focus on ISO/IEC 27001:2022 audit and implementation. The ideal candidate should also have hands-on experience in GRC Cloud security Vulnerability Assessment & Penetration Testing (VAPT) and general information security best practices. This role is essential in ensuring our compliance with security frameworks maintaining our ISMS and strengthening our overall security posture.

Key Responsibilities:

• Lead ISO/IEC 27001:2022 compliance initiatives including implementation internal audits surveillance and recertification audits.
• Prepare and maintain documentation for audits including evidence collection and audit logs.
• Conduct or support internal VAPT exercises; work with external vendors for third-party assessments and ensure closure of findings.
• Evaluate and ensure security compliance in cloud environments (AWS) including configuration reviews and adherence to cloud security best practices.
• Perform security risk assessments gap analyses and impact assessments across systems processes and vendors.
• Collaborate cross-functionally with Engineering IT Legal and HR to ensure compliance across business units.
• Develop and maintain security policies procedures standards and guidelines aligned with ISO 27001 and other applicable frameworks.
• Monitor compliance with regulatory requirements (e.g. GDPR SOC 2 NIST HIPAA) and internal policies.
• Assist in developing security awareness training and conducting compliance onboarding for new employees.
• Stay updated on emerging threats vulnerabilities and evolving regulatory requirements.

Requirements:

• Minimum 3 years of experience in a security compliance security engineering or audit-focused role.
• Strong experience with ISO/IEC 27001:2022 implementation audits and certification processes.
• Practical knowledge of VAPT tools and methodologies including reporting and remediation tracking.
• Solid understanding of cloud security principles (preferably with hands-on experience in AWS).
• Familiarity with security controls risk management and audit frameworks (e.g. SOC 2 NIST GDPR).
• Excellent documentation and communication skills especially for audit readiness and stakeholder reporting.
• Ability to manage multiple security and compliance initiatives simultaneously.

Preferred:

• Certifications such as ISO 27001 Lead Auditor/Implementer CEH or CCSK.

• Exposure to secure software development lifecycle (SDLC) and DevSecOps practices.

• Familiarity with identity and access management (IAM) data loss prevention (DLP) and endpoint security tools.

Education & Experience:

• Bachelors degree in Computer Science Information Security Cybersecurity or a related field.

• 3 years of experience in a security compliance security engineering or audit-focused role.