InfoSec Lead- Data Team

Payment – Payments India - Engineering /
Full-time /
About PayU 
PayU, a leading payment and Fintech company in 50+ high-growth markets throughout Asia, Central and Eastern Europe, Latin America, the Middle East and Africa, part of Prosus group, one of the largest technology investors in the world is redefining the way people buy and sell online for our 300.000+ merchants and millions of consumers. 

As a leading online payment service provider, we deploy more than 400 payment methods and PCI-certified platforms to process approximately 6 million payments every single day. 

Thinking of becoming a PayUneer and you are curious to know more about us? Read more about the life in PayU here 

Roles & Responsibilities

    • Core
    • Implementing industry recommended Data Security practices in domains such as IT Risk and Security Governance, Security Awareness, Privacy and Data Protection, Cloud Security, Business Continuity, application security, Product security etc.
    • Define and maintain broad range Data Security Product and Capability Governance framework, by maintaining a broad understanding of infra products and their use
    • Scope, implement, and maintain compliance frameworks that caters to successfully passing relevant audits
    • Design of best fit, products-specific security controls to ensure contextualized data security controls. This incorporated different facets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations.
    • Coordinating & executing proactive information security consulting to business & cross functional technology teams covering Infrastructure Security, Resiliency, Data Security, Data Privacy, Network Architecture & Design, & User Access Management.

Vulnerability assessment, diagnosis, and resolution

    • Conduct security assessment of infrastructure end to end i.e from design to implementation and suggest improvement for enhanced security posture in line with business requirements.
    • Identify security gaps and suggest mitigating controls to minimize the associated risk to an acceptable level.
    • Implement, manage, and maintain information security and compliance in-line with formulated project plans / strategic and tactical alignment of resources.
    • Driving cloud security risk assessment and identify the gaps and define remediation approach by using right set of security controls to conclude the assessment.
    • Conduct complete lifecycle security architecture and technical assessments for a wide range of products, including enterprise software solutions, cloud applications and mobile apps
    • Identify and recommend changes to the security controls, assessing potential risks to data and systems, and provide recommendations on mitigation of these risks to acceptable levels and show ownership in following through implementation.


    • Scope and implement compliance frameworks like ISO 27001, SOC 2, PCI DSS, NIST Cyber Security Framework (CSF) from scratch.
    • Lead security audits in-line with industry accepted standards like PCI DSS, SOC2 Type2, ISO 27001, regulatory audits, Business continuity (ISO 22301).
    • Drives Strategic Product security efforts with architecture teams to ensure that all newly developed and legacy applications and infrastructure implementations are in line with security policy and are compliance to the required frameworks (ISO, PCI, OWASP, NIST 800-53, etc.).

Subject Matter Consulting and Strategy

    • Provide subject matter expert guidance on cybersecurity and product development topics.
    • Advise senior management and third-party service providers of emerging compliance issues and consults and guides the organization in the establishment of controls to mitigate risks.
    • Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
    • Prepare an RFP/RFI response in line with the client and business expectations for InfoSec related topics.
About us
At PayU, we are a global fintech investor and our vision is to build a world without financial borders where everyone can prosper. We give people in high-growth markets the financial services and products they need to thrive. Our expertise in 18 high-growth markets enables us to extend the reach of financial services. This drives everything we do, from investing in technology entrepreneurs, to offering credit to underserved individuals, to helping merchants buy, sell and operate online. Being part of Prosus, one of the largest technology investors in the world, gives us the presence and expertise to make a real impact. Find out more 

Our Commitment To Building A Diverse And Inclusive Workforce 
As a global and multi-cultural organization with varied ethnicities thriving across locations, we realize that our responsibility towards fulfilling the D&I commitment is huge. Therefore, we continuously strive to create a diverse, inclusive and safe environment, for all of our people, communities and customers. Our leaders are committed to create an inclusive work culture which enables transparency, flexibility and unbiased attention to each and every PayUneer so they can succeed, irrespective of gender, color or personal faith. An environment where every person feels they belong, that they are listened to, and where they are empowered to speak up. At PayU we have zero tolerance towards any form of prejudice whether a specific race, ethnicity, or of persons with disabilities or the LGBTQ communities.