Is the Information Security role at Aspora remote?

Yes, the Information Security role at Aspora is a remote position.

How do I apply for the Information Security position at Aspora?

You can apply for the Information Security position at Aspora directly through HireHere. Click the "Apply" button on the job listing to be taken to the application page.

Information Security

AsporaRemote2d ago

AWS

About Aspora

People on the move deserve a bank that moves with them. Since 2022, Aspora has been building a borderless financial operating system that makes money as mobile and transparent as its users.

Backed by influential venture capitalists like Sequoia Capital, Greylock Partners, Hummingbird Ventures, Y Combinator & Global Founders Capital. We're a team of 75+ across India, the UK, the UAE, EU and the US, working with extreme ownership, radical candour, and an obsession with customer impact.

We celebrate builders who question assumptions, ship fast, and turn regulatory complexity into elegant solutions. If you’re driven to redefine what global banking can be, we’d love to build the future with you.

About the Role

We're seeking a hands-on Senior Information Security Architect to design and implement security controls for our regulated digital banking platform. This is a builder role requiring deep technical expertise in cloud security, data protection, and regulatory compliance. You'll architect defensible, auditable, and scalable security systems that balance protection with product velocity.

Core Responsibilities

Technical Architecture (60%)

Design and implement zero-trust security architectures with clear boundaries, assuming breach scenarios and eliminating implicit trust
Build data protection systems including field-level encryption for PCI/PII data, cryptographic key management, and envelope encryption patterns
Architect hybrid cloud security for AWS-to-datacenter connectivity and vendor integrations with one-way trust models
Implement identity-first access controls with service-to-service authentication, zero standing production access, and time-bound sessions
Design SIEM and detection systems with logging strategies for legal evidence and correlation across identity, network, and application layers
Security Harden and maintain next-gen firewalls (Palo Alto, Fortinet) and their integration into our workloads, setup security observability

Operational Security (25%)

Own end-to-end vulnerability management including asset discovery, risk assessment, remediation, and crisis response (Log4j-style zero-day scenarios)
Lead incident response and disaster recovery including DR drills, incident command, regulatory notifications, and post-incident validation
Establish strategic monitoring with prioritized log collection, alert management, and security telemetry
Partner with Application and Infrastructure teams to understand their SecOps requirements and support the implementation of security solutions
Identify security gaps and drive initiatives aligned with business goals to strengthen overall security posture

Leadership & Strategy (15%)

Balance security and product velocity through compensating controls, pragmatic risk acceptance, and documented tradeoff decisions
Demonstrate scaling awareness by identifying architectural breaking points before they fail and designing for 10× organizational growth

Required Experience

7+ years in production AWS security for regulated or financial services environments
Proven PCI-DSS or financial regulatory compliance implementation experience
Hands-on incident response and DR drill leadership with real production scenarios
Startup or high-growth environment experience where you've built security programs from the ground up
Deep expertise in encryption architecture, key management systems, and cryptographic controls

Required Certifications

ISO 27001 Lead Implementer or Lead Auditor
PCI-DSS (QSA, ISA, or P2PE certification)
Additional certifications valued: CISSP, CCSP, AWS Security Specialty, CISM

#LI-AR