Manager - IT Compliance
Bengaluru
PhonePe
PhonePe is a Digital Wallet & Online Payment App that allows you to make instant Money Transfers with UPI. Recharge Mobile, DTH, Pay Utility Bills, Buy/Invest in Gold, Mutual Funds, Insurance & much more.About PhonePe
PhonePe is India’s leading digital payments platform with over 280 million registered users. Using PhonePe, users can send and receive money, recharge mobile, DTH, data cards, pay at stores, make utility payments, buy gold, and make investments. PhonePe went live for customers in August 2016 and was the first non-banking UPI app and offered money transfer to individuals and merchants, recharges and bill payments to begin with. In 2017, PhonePe forayed into financial services with the launch of digital gold, providing users with a safe and convenient option to buy 24-karat gold securely on its platform. PhonePe has since launched Mutual Funds and Insurance products like tax-saving funds, liquid funds, international travel insurance, Corona Care, a dedicated insurance product for the COVID-19 pandemic among others.
PhonePe launched its Switch platform in 2018, and today its customers can place orders on over 300 apps including Ola, Myntra, IRCTC, Goibibo, RedBus, Oyo etc. directly from within the PhonePe mobile app. PhonePe is accepted at over 18 million merchant outlets across 500 cities nationally.
Culture
At PhonePe, we take extra care to make sure you give your best at work, Everyday! And creating the right environment for you is just one of the things we do. We empower people and trust them to do the right thing. Here, you own your work from start to finish, right from day one. Being enthusiastic about tech is a big part of being at PhonePe. If you like building technology that impacts millions, ideating with some of the best minds in the country and executing on your dreams with purpose and speed, join us!
Roles and Responsibilities:-
Maintenance:
• Ensure Review of policies and procedures on a periodic basis or whenever there is
change and place it for Management approvals to board on a timely fashion
• Preparation of architectural diagrams and technical documentations for audit and
regulatory purposes along with stakeholders and consultants
• Ensure the Business Impact Assessment of new businesses, applications etc.
• Ensure Risk assessments for all IT assets and processes periodically and ensure
RA/ RT is in place.
• Run project management for implementation of various security controls by liaising
with different teams.
• Renewal of certifications on time (ISO and PCI DSS)
• Review all merchant and IT vendor contracts for clauses w.r.t information security
and regulatory requirements
Monitoring and Guidance:
• Exception management, review (periodic) controls, analyse and make appropriate
recommendation
• Provide guidance to the stakeholders with respect to the contractual obligation on
IT policy management and process implementations.
• Provide guidance to stakeholders on Periodic updates to BCP strategy, liaising with
teams to perform drills etc. Guide team members on planning Phishing and other
information security drills
• Evaluation of vendors, review of internal tool reviews for SRE /Engg. teams
/PhonePe functions from Data security angle
Regulatory and Compliance audits:
• Interpret IT control requirements from regulatory guidelines and circulars and
prepare a detailed framework for implementation and Advisory on implementation of
information security controls
• Ensure that IT regulatory requirements are tracked and continuously monitored.
• Plan audit calendars and schedule the same
• Manage all internal and external audits related to IT and Non IT .
• Plan and Overseeing all IT audits (12 audits including CISA (PPI) ,RBI/ ReBIT
Audit, CIS (insurance), PCI DSS, partner bank audits, ISO 27k ,Stat audits ,NPCI
audits etc.
• Fore fronting all the audits and act as POC for all escalations for any audit related
activities
• Liaise with auditors to explain infosec posture, org structure, provide technical
architecture overview, process understanding on IT controls etc.
• Support management to provide audit finding responses, implementation of
controls as per audit recommendations etc and ensure all IT audit observations are
taken to closure
Vendor Risk Management:
• Manage Third party risk assessment for all IT vendors ,review the risk
categorisation on a regular basis and evaluate the vendor security control inventory
and ensure continuous evaluation of vendors
• Evaluate the review results of consultants and ascertain the adequacy of control
testing.
• Evaluation of IT vendors on the security posture before onboarding.
Role Requirements:-
• 7 to 9 years of work experience, BE / relevant experience in Group 4
consultancies, or likes
of Group 4 . CISA / DISA / CIA preferred for SM roles.
• Has high ethical standards and are able to work diligently to complete your duties.
• Has an analytical mind able to “see” the complexities of procedures and
regulations.
• Demonstrate the ability to plan and execute projects with minimal management
support.
PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles)
- Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance
- Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System
- Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program
- Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy
- Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment
- Other Benefits - Higher Education Assistance, Car Lease, Mobile & Broadband Reimbursements, Salary Advance Policy
Working at PhonePe is a rewarding experience! Great people, a work environment that thrives on creativity, the opportunity to take on roles beyond a defined job description are just some of the reasons you should work with us. Read more about PhonePe on our blog.
Tags: Audits Banking CIA CISA Compliance ISO 27000 Monitoring PCI DSS Risk assessment Risk management Strategy
Perks/benefits: Career development Flex hours Medical leave Parental leave Relocation support Startup environment Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs