Information Security

About Aspora

People on the move deserve a bank that moves with them. Since 2022, Aspora has been building a borderless financial operating system that makes money as mobile and transparent as its users.

Backed by influential venture capitalists like Sequoia Capital, Greylock Partners, Hummingbird Ventures, Y Combinator & Global Founders Capital. We're a team of 75+ across India, the UK, the UAE, EU and the US, working with extreme ownership, radical candour, and an obsession with customer impact.

We celebrate builders who question assumptions, ship fast, and turn regulatory complexity into elegant solutions. If you’re driven to redefine what global banking can be, we’d love to build the future with you.

About the Role

We're seeking a hands-on Senior Information Security Architect to design and implement security controls for our regulated digital banking platform. This is a builder role requiring deep technical expertise in cloud security, data protection, and regulatory compliance. You'll architect defensible, auditable, and scalable security systems that balance protection with product velocity.

Core Responsibilities

Technical Architecture (60%)

• Design and implement zero-trust security architectures with clear boundaries, assuming breach scenarios and eliminating implicit trust

• Build data protection systems including field-level encryption for PCI/PII data, cryptographic key management, and envelope encryption patterns

• Architect hybrid cloud security for AWS-to-datacenter connectivity and vendor integrations with one-way trust models

• Implement identity-first access controls with service-to-service authentication, zero standing production access, and time-bound sessions

• Design SIEM and detection systems with logging strategies for legal evidence and correlation across identity, network, and application layers

• Security Harden and maintain next-gen firewalls (Palo Alto, Fortinet) and their integration into our workloads, setup security observability

Operational Security (25%)

• Own end-to-end vulnerability management including asset discovery, risk assessment, remediation, and crisis response (Log4j-style zero-day scenarios)

• Lead incident response and disaster recovery including DR drills, incident command, regulatory notifications, and post-incident validation

• Establish strategic monitoring with prioritized log collection, alert management, and security telemetry

• Partner with Application and Infrastructure teams to understand their SecOps requirements and support the implementation of security solutions

• Identify security gaps and drive initiatives aligned with business goals to strengthen overall security posture

Leadership & Strategy (15%)

• Balance security and product velocity through compensating controls, pragmatic risk acceptance, and documented tradeoff decisions

• Demonstrate scaling awareness by identifying architectural breaking points before they fail and designing for 10× organizational growth

Required Experience

• 7+ years in production AWS security for regulated or financial services environments

• Proven PCI-DSS or financial regulatory compliance implementation experience

• Hands-on incident response and DR drill leadership with real production scenarios

• Startup or high-growth environment experience where you've built security programs from the ground up

• Deep expertise in encryption architecture, key management systems, and cryptographic controls

Required Certifications

• ISO 27001 Lead Implementer or Lead Auditor

• PCI-DSS (QSA, ISA, or P2PE certification)

• Additional certifications valued: CISSP, CCSP, AWS Security Specialty, CISM

#LI-AR