Manager- GRC

Gurugram, India
Payment – Payments India- Internal Audit /
Full-time /

Audit & Compliance Job Responsibilities

    • Merchants and Banks - >

    • Review InfoSec clauses in the agreement. Checking whether PayU can meet those.
    • Filling up Information Security Checklist or questionnaire during onboarding or on an annual 
    • basis.
    • Supporting Information Security Audit carried out by these Merchants and Banks.
    • Attending support calls along with other teams. Provide InfoSec perspective.
    • Responding to day-to-day queries.
    • Sharing security reports with these entities upon request.

    • External Audits ->
    • Support various external audits including PCI DSS, ISO 27K, PA DSS, RBI (PSS, DL and SAR), ITGC 
    • etc...
    • • Setup meetings, gather evidence from team, review observations, communicate with various 
    • depts., follow-up with teams, maintain project plan etc...
    • • Ensure all observations are closed and PayU is compliant to applicable requirements.
    • • Preparing RFP and shortlisting audit companies. Selection and Onboarding of the same. 

    • Internal Audits ->
    • Internal Audits are carried out by our parent company – Prosus.
    • Multiple audits are carried out throughout the year.
    • Support these types of audits.
    • Internal Team support call - >
    • Getting on call with Engineering, Sales, DevOps etc… to review new product or infra from 
    • InfoSec perspective.
    • Carrying out and tracking regular compliance activities - >
    • PCI DSS Compliance activities -> VAPT, Firewall Rule Review etc…
    • ISO Activities -> User Access Review, BCP/DR Drill Test
    • Annual Vendor Assessment through One Trust.
    • Annual InfoSec Risk Assessment

RBI Requirements -

    • Work on RBI PAPG requirements
    • Support Legal Team in meeting RBI InfoSec Requirements
    • Sending Cyber Security Notifications to Cyber Security, Network Ops and DevOps to meet the requirements.
    • Carry out SAR audit for various business and share report legal team which in turn will share with RBI.

Preparing Reports ->

    • Preparing Monthly Report ppt containing metrics for A&C Team.
    • Preparing quarterly ITSC (Information Technology Steering Committee Meetings) ppt. Scope 
    • A&C Team only.
    • Prepare list of Major risk that management must be aware of.
    • Sharing Ad-hoc data required with Pravin – Head of Audit & Compliance.