Lead - Tech and Security Risk
Gurgaon, India /
Payments India - Risk /
PayU, a leading payment and Fintech company in 50+ high-growth markets throughout Asia, Central and Eastern Europe, Latin America, the Middle East and Africa, part of Prosus group, one of the largest technology investors in the world is redefining the way people buy and sell online for our 300.000+ merchants and millions of consumers.
As a leading online payment service provider, we deploy more than 400 payment methods and PCI-certified platforms to process approximately 6 million payments every single day.
Role: Lead -Tech and Security Risk
About the Role:
The Individual will hold the responsibility of leading the Tech and Security risk practice and reporting to Head of Risk and Audit. The role will be a broader part of Enterprise risk program for PayU payment Pvt. Ltd. In India. In addition to Payment business this role also support the Risk program for other businesses including Wibmo and Neo banking.
About the team:
The Risk and Audit team of PayU Payments in India is responcible for overall Enterprise risk governance for PayU entities including Payement, Wibmo and Neo banking. The team also partners with Prosus Audit team to ensure effective Audit goverance for the respective entities in India.
Excited yet? Continue reading to find out more about the role:
What you’ll be doing:
Risk & Internal Audit team is looking for a candidate to work with India team in governance & audit of technology risk environment. The technology risk will broadly cover 6 domains: IT Risk Management, Security (Infosec & IT security), Privacy, BCM – ITDR, Tech Compliance against various industry regulations & Program Governance.
Independently lead the Tech risk management program and identify control expectations with primary focus on technology and information security processes/applications.
Manage the risk appetite statements for technology and digital risks in relation to cyber and provide reporting to the Risk committee of performance against these statements sampling
Oversee and guide cyber risk mitigation projects and controls improvement initiatives
Assess the effectiveness of processes and internal controls implemented by the first line and infrastructure functions through a programme of a sampling to evaluate their quality and associated documentation, and feedback for action
Provide advice and guidance on compliance with regulatory requirements that relate to cyber risk and contribute to regulatory enquiries on the same.
Oversee the identification, assessment, processing, analysis, and reporting of tactical and strategic threat intelligence to assist in decision making and actively thwart emergent and current threats targeting our organisation.
Managing stakeholders effectively and working collaboratively with other assurance functions (Internal Audit, Compliance Monitoring and other risk assurance teams), as well as the first line embedded risk and control teams, to support the maintenance of a robust integrated control framework
Work closely with existing IT, security and business functions as well as collaborate with third parties and business partners, both to receive input and to provide practical and actionable intelligence.
Create excellent working relationships with stakeholders at functional levels.
Contribute to the continuous improvement of the Technology Risk function.
Provide subject matter consulting regarding technology risk management to lines of business/control groups
Individual will assist in Evaluating the adequacy and effectiveness of technology controls across the organisation focusing on below domains
oIdentity & Access Management AM – Critical Systems
oSecure Software Development Lifecycle
oPrivacy By Design for Critical Systems
oBusiness Resiliency (BCP/IT DR)
oCyber Defense -Perimeter Security
Create and maintain a library of technical controls that can be applied across the enterprise to mitigate risk
Obtain and review evidence of compliance for adherence to regulatory & security standards
Provide guidance and making recommendations to business units regarding technical risk mitigation solutions
What are we looking for?
Master's degree or equivalent experience
Certified Individual with 12-15 years of relevant industry experience
CISA, CISSP, CISM, CRISC, CGEIT certification or related professional qualification
Experience of coaching and developing junior team member
Good Experience in Application & Network Security controls including SSDLC & Privacy By Design
Good understanding of ITIL, ITGC, PCIDSS, ISO27001,PA/PG control requirements
Strong leadership skills with exceptional communication and presence
An aptitude for working in a regulated environment and building risk and Audit by design
An ability to find solutions to complex and hard problems and turn incomplete, conflicting, or ambiguous inputs into solid action plans
The horsepower to work in an ambiguous, fast-paced environment and balance multiple priorities and workstreams
Experience in Big 4 consulting firms
Experience in Financial Fraud & Forensics Investigations
What we offer (Standard)
●A positive, get-things-done workplace
●A dynamic, constantly evolving space (change is par for the course – important you are comfortable with this)
●An inclusive environment that ensures we listen to a diverse range of voices when making decisions.
●Ability to learn cutting edge concepts and innovation in an agile start-up environment with a global scale
●Access to 5000+ training courses accessible anytime/anywhere to support your growth and development (Corporate with top learning partners like Harvard, Coursera, Udacity)
At PayU, we are a global fintech investor and our vision is to build a world without financial borders where everyone can prosper. We give people in high-growth markets the financial services and products they need to thrive. Our expertise in 18 high-growth markets enables us to extend the reach of financial services. This drives everything we do, from investing in technology entrepreneurs, to offering credit to underserved individuals, to helping merchants buy, sell and operate online. Being part of Prosus, one of the largest technology investors in the world, gives us the presence and expertise to make a real impact. Find out more www.payu.com
Our Commitment To Building A Diverse And Inclusive Workforce
As a global and multi-cultural organization with varied ethnicities thriving across locations, we realize that our responsibility towards fulfilling the D&I commitment is huge. Therefore, we continuously strive to create a diverse, inclusive and safe environment, for all of our people, communities and customers. Our leaders are committed to create an inclusive work culture which enables transparency, flexibility and unbiased attention to each and every PayUneer so they can succeed, irrespective of gender, color or personal faith. An environment where every person feels they belong, that they are listened to, and where they are empowered to speak up. At PayU we have zero tolerance towards any form of prejudice whether a specific race, ethnicity, or of persons with disabilities or the LGBTQ communities.