Job Overview
About the Role:The team:
The Information Security team is responsible for security controls relating to protecting information in all formats. We maintain a number of policies and an Information Security Management System which dictates how infosec is integrated into processes as well as tools and technical controls to directly protect against cyber security threats.
Responsibilities and impact:
We are seeking a dedicated and collaborative Information Security Engineer to join our growing Governance, Risk, and Compliance (GRC) team. In this role, you will play a pivotal part in maintaining, maturing, and auditing our information security management framework.
The ideal candidate has 3–5 years of direct experience within an InfoSec GRC function and thrives in a team-oriented environment. You will be responsible for ensuring our policies remain up-to-date, driving our ISO 27001 certification lifecycle, and executing core compliance operations like user access reviews, exception management, and security awareness programs.
Key Responsibilities
Governance & ISO 27001 Management
- ISMS Governance: Manage and maintain our ISO 27001 Information Security Management System (ISMS) to ensure continuous compliance.
- Audit Facilitation: Lead internal security audits and act as a point of contact for external certification audits.
- Policy Management: Regularly review, update, and draft information security policies, standards, and procedures to align with evolving regulatory landscapes and business needs.
GRC Operations & Risk Management
- Access Governance: Coordinate and oversee periodic user access reviews across critical systems.
- Exception Management: Evaluate, log, and monitor security policy exceptions, ensuring compensating controls are effectively implemented and tracked.
- Risk Culture: Administer the company-wide security awareness training program and orchestrate routine phishing simulations to strengthen our human firewall.
Collaboration & Communication
- Partner closely with cross-functional teams (IT, Legal, HR, and Engineering) to embed security compliance into daily operations.
- Translate complex compliance requirements into actionable, easy-to-understand guidance for non-technical stakeholders.
What we’re looking for:
Required Experience & Skills
- Experience: 3–5 years of proven experience specifically within an Information Security GRC role.
- ISO 27001 Expertise: Hands-on experience managing an ISO 27001 ISMS, including active participation in both internal and external certification audits.
- Core GRC Competencies: Direct experience executing user access reviews, phishing simulations, security training, and policy exception workflows.
- Communication: Exceptional verbal and written communication skills, with the ability to document clear policies and present findings to various business units.
- Soft Skills: A strong team player with a highly collaborative mindset, excellent problem-solving abilities, and a proactive approach to security culture.
Preferred Qualifications (Nice-to-Have)
- Relevant industry certifications (e.g., ISO 27001 Internal/Lead Auditor, CISA, CRISC, Security+, or CISM).
- Experience with the ISO 42001 AIMS standard.
- Experience utilizing GRC automation platforms/tools.
The location: Gurgaon, India
Our Benefits: Global vision, local impact
At OSTTRA, our benefits philosophy offers a market-competitive package that reflects our position as an industry leader. We want to ensure you feel valued, secure, and empowered wherever you are in the world.
Our approach is built on three core pillars:
- Global foundations: We provide a baseline of excellence across all our offices, focusing on comprehensive Health & Wellness, Financial Security, and Work-Life Balance. No matter your location, you are part of a culture that prioritizes your holistic well-being.
- Locally tailored: We benchmark in each market to ensure our packages are genuinely competitive where you live and work.
- Flexibility and growth: We empower you to work in a way that suits your life. This includes a hybrid working model, generous leave policies, and a commitment to your continuous professional development.
The Trust employee ownership plan
Every employee at OSTTRA is an owner, and a member of The Trust, our employee ownership programme. Our distinct culture encourages colleagues to think and act like owners and raise the bar constantly.
This plan reflects our belief that when we work together to build a stronger, more valuable organisation, then all colleagues should benefit from the value we create.
About OSTTRA
We build and operate the infrastructure that the world’s post-trade financial system runs on. Launched in 2021, we have unified more than 20 years of heritage and expertise from four industry leaders into a single, integrated business.
Today,we operate a trusted network that connects thousands of market participants to streamline end-to-end workflows, from trade capture through portfolio optimisation.We translate industry change into workable process, engineering an open, intelligent ecosystem that removes friction and reduces risk for the global markets.
Our distinct ownership culture is underpinned by four behaviours: boldness, curiosity, accountability, and collaboration. In 2025 we were acquired by KKR, one of the world’s most successful private equity firms, and are on a journey of growth and impact.
Joining our team now is a unique opportunity - you will help to shape the next generation of post-trade, transform shared infrastructure into shared benefit, and accelerate your own career. Learn more at www.osttra.com.
Equal opportunity employer statement at OSTTRA:
We are committed to fostering a connected and engaged workplace where all colleagues have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasise fairness, transparency, and merit, ensuring that we attract and retain the best talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive and operate the infrastructure that the world’s post-trade financial system runs on