Information Security Lead

About the Company: RoboMQ is a fast-growing SaaS company delivering disruptive Identity Governance and Administration (IGA) solutions to mid-market enterprise customers. Our flagship product, Hire2Retire, automates the employee identity lifecycle by integrating HR systems with Identity Management and other applications helping organizations achieve seamless onboarding, off-boarding, compliance, and security with zero-trust and least-privilege security posture. Requirements: 5+ years of experience in Cyber Security, Information Security, Application Security, or related domains.

Proven track record of leading security initiatives across engineering, operations, and infrastructure teams. Technical degree (B. Tech / B.E.) from a premier engineering institute with exceptional technical acumen.

Deep architectural and practical understanding of network security, cloud ecosystems, and modern attack surface management. Exceptional stakeholder management, communication, and leadership skills with the ability to influence cross-functional business teams. Strong ownership mindset to champion a culture of zero-trust security across the entire organization .

Responsibilities: Application Security (AppSec ): Drive and secure the SDLC practices across product lines. Oversee threat modeling, secure code reviews, and integrate robust Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) into deployment pipeline. Vulnerability & Risk Governanc e: Own the end-to-end vulnerability management lifecycle.

Architect risk assessment methodologies, run remediation tracking, and ensure systematic patching of application and infrastructure weak point. Security Assessment s: Conduct hands-on technical scanning and security assessments utilising industry-standard tools, network scanners, and assessment utilities such as Nmap, OWASP ZAP, or commercial equivalent. Network & Cloud Architectur e: Secure cloud-native infrastructure hosted on AWS.

Oversee network security architectures including firewalls, micro-segmentation, IDS/IPS, and Web Application Firewalls (WAFs) to actively manage the company's external attack surface. Compliance & Framework s: Implement, scale, and maintain critical organizational security controls aligned tightly with industry frameworks such as SOC 2, HIPAA, and continuous regulatory standard. Enterprise Governanc e: Formulate, publish, and enforce comprehensive enterprise-wide security policies, standards, and operational procedures across all corporate branches.

Third-Party Risk Management (TPRM ): Manage the organization's vendor security posture. Architect the assessment framework to audit third-party risk profiles, SaaS integrations, and supply chain vendor. Incident Response & Collaboratio n: Lead corporate security incident responses.

Act as the primary bridge guiding engineering, DevOps, and leadership through mitigation protocols and root-cause compliance . Key Skills (Must have): AppSec Co re: Advanced mastery of SAST/DAST gating, Secure SDLC blueprinting, OWASP Top 10, and threat modeling frameworks. Vulnerability Tooli ng: Expert-level command over network and application testing suites (e.g., Nmap, Burp Suite, SonarQube, Qualys, or Tenable).

Cloud Security: Practical experience securing multi-tenant cloud-native environments, specifically AWS (IAM governance, CloudTrail, GuardDuty, VPC security configurations). Compliance Framewor ks: Proven execution track record delivering and maintaining audit readiness for SOC 2 Type II or HIPAA. Network Architectu re: Solid grounding in secure routing, WAF policies, network segmentation, and encryption protocols (SSL/TLS, KMS).

Governance & TP RM: Hands-on experience developing corporate risk registries, policy design, and managing Third-Party Risk Management platforms. Additional Skills (Good to have): Relevant security industry certifications such as CISSP, CISM, CEH, or AWS Certified Security - Specialty. Familiarity with DevSecOps automation, including shifting security tracking directly into GitHub Actions or Jenkins CI/CD workflows.

Understanding of privacy laws and regulations (GDPR, CCPA) relative to enterprise identity and data sovereignty. Experience conducting internal corporate phishing simulations and designing security awareness training modules for internal teams.