Principal Security Architect • Risk & Infosec

Experience: 8-12 years

What You’ll Do:

• Develop and execute a holistic application and cloud security strategy aligned with industry best practices and regulatory requirements.
• Lead a team of security professionals responsible for assessing, testing, and securing our applications and cloud environments.
• Collaborate closely with software development and cloud engineering teams to embed security into the development and deployment lifecycle (DevSecOps), including secure coding practices, vulnerability assessments, and cloud security controls.
• Lead security reviews and audits of our systems, networks, and applications.
• Provide strategic guidance and recommendations to executive leadership on security investments, priorities, and initiatives.
• Serve as a subject matter expert and advisor to executive leadership on application and cloud security matters communicating security risks and strategies effectively.
• Conduct regular risk assessments and security audits of our application and cloud infrastructure, identifying vulnerabilities and recommending remediation measures.
• Oversee the implementation and management of security controls and technologies to protect against internal and external threats targeting our applications and cloud services.
• Provide guidance and support to project teams in implementing secure cloud architectures and ensuring compliance with security policies and standards.
• Stay abreast of emerging threats and security trends in application and cloud security, proactively adapting security measures to mitigate risks.
• Implement and manage security controls, technologies, and best practices to protect against internal and external threats targeting applications and cloud services.
• Ensure compliance with security policies, standards, and regulatory requirements related to application and cloud security.

What you need to have?

• Bachelor's / master’s degree in computer science, Information Security, or a related field; advanced degree preferred.
• Proven experience (7+ years out of 12+ years) in a senior leadership role within application and cloud security, with a strong background in implementing effective security strategies across diverse environments.
• Deep understanding of cloud technologies (e.g., AWS, Azure, GCP) and cloud security best practices.
• Strong knowledge of software development methodologies and secure coding principles, with experience in DevSecOps practices and tools as follows [ Gitleaks, SonarQube, Dependnecy Track, Terrascan, OWASP ZAP, Mobsf, Defect Dojo and RHACS ]
• Experience of Threat Modelling against any 1 or multiple of the following standards: Stride, Dread, Pasta and Attack Trees for Cloud, API, Mobile Application are preferred.
• Expertise and deep understanding on CNAPP [ CPSM, CWPP, CIEM].
• Expertise in Vulnerability life cycle related with PCI DSS, PCI 3DS and SOC2 etc
• Deep understanding and hands on Fortify, Tenable and Burp Suite preferred.
• Expertise in industry standards and frameworks related to application and cloud security (e.g., OWASP, CIS Benchmarks, CSA Cloud Controls Matrix).
• Experience leading and managing a team of security professionals, fostering a culture of collaboration and continuous improvement.
• Excellent communication and interpersonal skills, with the ability to engage and influence stakeholders at all levels of the organization.
• Relevant certifications (e.g., CISSP, CCSP, CISM) preferred.
• Proven track record of driving security initiatives and achieving measurable outcomes in a complex and dynamic environment.

Who We Are: Home(m2pfintech.com)

Founded in the year 2014 and headquartered in Chennai, M2P Fintech is Asia’s largest API infrastructure company offering a wide gamut of services that enable businesses of any scale to embed financial services.

M2P Fintech is an omni-channel platform that operates in over 20 markets across the Asia Pacific, MENA, and Oceania regions. M2P works with over 100+ banks, 100+ NBFCs, and has clocked over 600+ Fintech engagements across various industries serving over 35 million end users.

M2P pioneers in next-gen fintech through innovative offerings across the payments, lending, and banking ecosystem. Our comprehensive tech-stack powers the core banking system, core lending suite, BNPL, customized credit cards, prepaid cards, and much more.

M2P is backed by reputed investors – fintech industry veterans (such as Amrish Rau – PayU, Kunal Shah – CRED, Jitendra Gupta – Jupiter, etc) as well as reputed international venture capital funds (such as Insight Partners, MUFG, Tiger Global, Beenext, Flourish Ventures and Omidyar Network).

Why Join Us:

We are a Fun bunch to be with..!

1. People First Culture
2. People Friendly Guidelines
3. Equal Opportunity Organization
4. Better Half Program
5. Buddy Referral Program
6. Health & Wellness Programs
7. Comprehensive Medical Insurance for dependents including parents
8. Tax Saving Structure
9. ESOPs
10. Sports Clubs & Fun Committees
11. Office Libraries
12. Snack Pantries