The Basics:

Team: Engineering & Security

Experience: 8+ Years

Location: Mumbai- Andheri East

Introduction
$11 trillion of money flows every year between companies in India. It typically takes avg. 70 days for a business to get paid, and it’s increasing 5% every year, leading to a severe credit crunch in the economy

We are building India’s first AI-driven Finance & Accounting Company that transforms how businesses pay and get paid. CashFlo already processes INR 20,000+ Crores of invoices every month, across 300,000 MSMEs and 1200+ corporates.

Our leadership consists of ex-BCG and ISB / IIM / ICAI alumni with a team of industry veterans serving on the advisory board. We are backed by Elevation Capital (one of the most successful VCs in India, backer of Makemytrip, Swiggy, PayTM etc.) and General Catalyst ($30 Billion+ global fund, and early investors in Stripe, Airbnb etc.). We share our lineage with HCS, a 25 year old investment bank and a registered NBFC. We are a team of passionate problem solvers and we’re building a technology company with a strong product innovation mindset.

We are looking for someone who loves a challenge, is ambitious, super tenacious and persistent. S/he is a self-starter, thrives in a dynamic environment, has a knack for understanding customer needs, and is result-oriented. If you check these boxes - we want to talk to you!

What will a week look like in this role:

managing risk, owning and driving all applicable security certifications, and maintaining compliance with industry regulations. This role is pivotal in safeguarding CashFlo’s growing platform and the financial data of thousands of businesses.

Key Responsibilities

Define and execute the enterprise information security strategy, aligning it with business goals and regulatory requirements.

Architect the security posture end-to-end: policies, access controls, network security, application security, cloud infrastructure hardening, and data protection.

Own and drive all applicable security certifications (ISO 27001, SOC 2, etc.), including internal audits, risk treatment plans, and management reviews.

Lead risk assessments, vulnerability management, penetration testing programmes, and threat intelligence initiatives.

Build and manage the incident response framework — from detection and containment to forensics and post-incident reporting.

Oversee security architecture for cloud-native environments (AWS / GCP), ensuring secure CI/CD pipelines, container security, and infrastructure-as-code practices.

Collaborate with Engineering, Product, Legal, and Compliance teams to embed security into the SDLC and product development lifecycle.

Establish security awareness training and foster a security-first culture across the organisation.

Report security posture, risk metrics, and strategic initiatives to the CEO and board of directors.

Evaluate and manage relationships with third-party security vendors, auditors, and consultants.

Required Experience

8+ years of progressive experience in information security, cybersecurity, or IT risk management, with a significant portion in leadership roles.

Proven track record of building and managing security programmes in regulated environments (fintech, banking, NBFC, or financial services).

Qualifications

Degree in Computer Science, Information Security, Computer Engineering, or a related field.

Deep knowledge of cloud security (AWS / GCP / Azure), network security, application security (OWASP), and identity & access management.

Experience with security tooling: SIEM, IDS/IPS, DLP, endpoint protection, vulnerability scanners, and penetration testing frameworks.

Strong understanding of secure software development lifecycle (SSDLC) and DevSecOps practices.

Experience working in regulated environments with exposure to RBI guidelines, CERT-In directives, or equivalent regulatory frameworks.

Excellent communication skills — ability to translate technical risk into business language for executive and board-level stakeholders.

Preferred / Good to Have

Hands-on experience implementing and maintaining security frameworks such as ISO 27001:2024 (latest edition), SOC 2 Type II, or similar — from gap analysis through certification audit.

Industry certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor / Lead Implementer, or equivalent.

Familiarity with GDPR, DPDPA (India), and cross-border data protection regulations.

Background in threat modelling, red team / blue team exercises, and security operations centre (SOC) management.

Experience securing AI/ML pipelines and LLM-based applications.

Joining CashFlo - Why it’s a great choice:

Uniquely Positioned for Success: CashFlo sits at the unique intersection of Payments, Lending, and SaaS - three of the fastest-growing and most lucrative spaces globally and in India. As a part of our team, you will be a key player in an industry-defining company.

An Opportunity to Create Wealth: At CashFlo, we understand that our success is deeply linked with the success of our employees. That’s why we offer the potential to create exponential wealth through equity in our rapidly growing early-stage company. You will not only contribute to our growth story, but also share in the rewards.

A Collaborative and Driven Team: We pride ourselves on fostering a culture that encourages kindness, collaboration, and a shared commitment to quality. Our team members are always there to help each other, and we believe in lifting each other up. Your growth is our growth, and we succeed as a team.

Direct Impact on Company Success: At CashFlo, every role is crucial. Your work will have a real, tangible impact on our success. You’ll see the results of your hard work in real-time.

Fast-Track Your Career: We invest in our employees’ professional growth through comprehensive training programs, mentoring opportunities, and clear growth paths. Whether you aspire to grow as an individual contributor or on a management track, we provide the resources and support you need to accelerate your career.

Best-in-class Compensation and Benefits: We offer competitive compensation, with best-in-class incentive structures. We value the work you do, and our compensation package reflects our commitment to attracting and retaining the best talent.

Unwavering Commitment to Excellence: We are seeking individuals ready to dive into challenging work, individuals who are excited about going above and beyond to drive their own growth and the company’s. If you are motivated by ambitious goals and are ready to make a significant impact, CashFlo is the place for you.