Lead - Tech and Security Risk

Gurgaon, India /
Payments India - Risk /
Full-time
About PayU 
PayU, a leading payment and Fintech company in 50+ high-growth markets throughout Asia, Central and Eastern Europe, Latin America, the Middle East and Africa, part of Prosus group, one of the largest technology investors in the world is redefining the way people buy and sell online for our 300.000+ merchants and millions of consumers. 

As a leading online payment service provider, we deploy more than 400 payment methods and PCI-certified platforms to process approximately 6 million payments every single day. 

Role: Lead -Tech and Security Risk                                                                       
Location: Gurgaon
 
About the Role:
The Individual will hold the responsibility of leading the Tech and Security risk practice and reporting to Head of Risk and Audit. The role will be a broader part of Enterprise risk program for PayU payment Pvt. Ltd. In India. In addition to Payment business this role also support the Risk program for other businesses including Wibmo and Neo banking.   
About the team:
The Risk and Audit team of PayU Payments in India is responcible for overall Enterprise risk governance for PayU entities including Payement, Wibmo and Neo banking. The team also partners with Prosus Audit team to ensure effective Audit goverance for the respective entities in India.    
Excited yet? Continue reading to find out more about the role:
 What you’ll be doing:
Risk & Internal Audit team is looking for a candidate to work with India team in governance & audit of technology risk environment. The technology risk will broadly cover 6  domains: IT Risk Management,  Security (Infosec & IT security),  Privacy,  BCM – ITDR, Tech Compliance against various industry regulations & Program Governance.
Key Responsibilities
Independently lead the Tech risk management program and identify control expectations with primary focus on technology and information security processes/applications.
Manage the risk appetite statements for technology and digital risks in relation to cyber and provide reporting to the Risk committee of performance against these statements sampling
Oversee and guide cyber risk mitigation projects and controls improvement initiatives
Assess the effectiveness of processes and internal controls implemented by the first line and infrastructure functions through a programme of a sampling to evaluate their quality and associated documentation, and feedback for action
Provide advice and guidance on compliance with regulatory requirements that relate to cyber risk and contribute to regulatory enquiries on the same.
Oversee the identification, assessment, processing, analysis, and reporting of tactical and strategic threat intelligence to assist in decision making and actively thwart emergent and current threats targeting our organisation.
Managing stakeholders effectively and working collaboratively with other assurance functions (Internal Audit, Compliance Monitoring and other risk assurance teams), as well as the first line embedded risk and control teams, to support the maintenance of a robust integrated control framework
Work closely with existing IT, security and business functions as well as collaborate with third parties and business partners, both to receive input and to provide practical and actionable intelligence.
Create excellent working relationships with stakeholders at functional levels.
Contribute to the continuous improvement of the Technology Risk function.
Provide subject matter consulting regarding technology risk management to lines of business/control groups
Individual will assist in Evaluating the adequacy and effectiveness of technology controls across the organisation focusing on below domains
oIdentity & Access Management AM – Critical Systems
oSecure Software Development Lifecycle
oPrivacy By Design for Critical Systems
oBusiness Resiliency (BCP/IT DR)
oCyber Defense -Perimeter Security
oPA/PG Regulation
oPCI DSS
Create and maintain a library of technical controls that can be applied across the enterprise to mitigate risk
Obtain and review evidence of compliance for adherence to regulatory & security standards
Provide guidance and making recommendations to business units regarding technical risk mitigation solutions

What are we looking for?
Master's degree or equivalent experience
Certified Individual with 12-15 years of relevant industry experience
CISA, CISSP, CISM, CRISC, CGEIT certification or related professional qualification
Experience of coaching and developing junior team member
Good Experience in Application & Network Security controls including  SSDLC & Privacy By Design
Good understanding of ITIL, ITGC, PCIDSS, ISO27001,PA/PG control requirements
Strong leadership skills with exceptional communication and presence
An aptitude for working in a regulated environment and building risk and Audit by design
An ability to find solutions to complex and hard problems and turn incomplete, conflicting, or ambiguous inputs into solid action plans
The horsepower to work in an ambiguous, fast-paced environment and balance multiple priorities and workstreams

Added advantage:
Experience in Big 4 consulting firms 
Experience in Financial Fraud & Forensics Investigations
What we offer (Standard)
●A positive, get-things-done workplace
●A dynamic, constantly evolving space (change is par for the course – important you are comfortable with this)
●An inclusive environment that ensures we listen to a diverse range of voices when making decisions.
●Ability to learn cutting edge concepts and innovation in an agile start-up environment with a global scale
●Access to 5000+ training courses accessible anytime/anywhere to support your growth and development (Corporate with top learning partners like Harvard, Coursera, Udacity)
About us:  
At PayU, we are a global fintech investor and our vision is to build a world without financial borders where everyone can prosper. We give people in high-growth markets the financial services and products they need to thrive. Our expertise in 18 high-growth markets enables us to extend the reach of financial services. This drives everything we do, from investing in technology entrepreneurs, to offering credit to underserved individuals, to helping merchants buy, sell and operate online. Being part of Prosus, one of the largest technology investors in the world, gives us the presence and expertise to make a real impact. Find out more www.payu.com 

Our Commitment To Building A Diverse And Inclusive Workforce 
As a global and multi-cultural organization with varied ethnicities thriving across locations, we realize that our responsibility towards fulfilling the D&I commitment is huge. Therefore, we continuously strive to create a diverse, inclusive and safe environment, for all of our people, communities and customers. Our leaders are committed to create an inclusive work culture which enables transparency, flexibility and unbiased attention to each and every PayUneer so they can succeed, irrespective of gender, color or personal faith. An environment where every person feels they belong, that they are listened to, and where they are empowered to speak up. At PayU we have zero tolerance towards any form of prejudice whether a specific race, ethnicity, or of persons with disabilities or the LGBTQ communities.