Associate Manager Technology Risk & Compliance

Role - Associate Manager - IT Audit Compliance

Roles and Responsibilities: -

Maintenance:

- Ensure Review of policies and procedures on a periodic basis or whenever there is change and place it for Management approvals to board on a timely fashion

- Preparation of architectural diagrams and technical documentations for audit and regulatory purposes along with stakeholders and consultants

- Ensure the Business Impact Assessment of new businesses, applications etc.

- Ensure Risk assessments for all IT assets and processes periodically and ensure RA/ RT is in place.

- Run project management for implementation of various security controls by liaising with different teams.

- Renewal of certifications on time (ISO 27001 and PCI DSS)

- Review all merchant and IT vendor contracts for clauses w.r.t information security and regulatory requirements

Monitoring and Guidance:

- Exception management, review (periodic) controls, analyse and make appropriate recommendation

- Provide guidance to the stakeholders with respect to the contractual obligation on IT policy management and process implementations.

- Provide guidance to stakeholders on Periodic updates to BCP strategy, liaising with teams to perform drills etc. Guide team members on planning Phishing and other information security drills

- Evaluation of vendors, review of internal tool reviews for SRE /Engg. teams /PhonePe functions from Data security angle

Regulatory and Compliance audits:

- Interpret IT control requirements from regulatory guidelines and circulars and prepare a detailed framework for implementation and Advisory on implementation of information security controls

- Ensure that IT regulatory requirements are tracked and continuously monitored.

- Plan audit calendars and schedule the same.

- Manage all internal and external audits related to IT and Non IT .

- Plan and Overseeing all IT audits (including CISA (PPI) ,RBI/ ReBIT Audit, ISNP ; CIS (insurance), PCI DSS, System Audits, partner bank audits, ISO 27k ,Stat audits ,NPCI audits etc.

- Fore fronting all the audits and act as POC for all escalations for any audit related activities

- Liaise with auditors to explain infosec posture, org structure, provide technical architecture overview, process understanding on IT controls etc.

- Support management to provide audit finding responses, implementation of controls as per audit recommendations etc and ensure all IT audit observations are taken to closure

Must Haves -

- 4 to 6 years of work experience, BE / relevant experience in Group 4 consultancies, or likes of Group 4 . CISA / DISA / CIA preferred.

- Has high ethical standards and are able to work diligently to complete your duties.

- Has an analytical mind able to see the complexities of procedures and regulations.

- Demonstrate the ability to plan and execute projects with minimal management support.

- Should be an Immediate Joiner

PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles)

Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental

Insurance, Life Insurance

Wellness Program - Employee Assistance Program, Onsite Medical Center,

Emergency Support System

Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance

Program, Day-care Support Program

Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy

Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS,

Leave Encashment

Other Benefits - Higher Education Assistance, Car Lease, Mobile Broadband

Reimbursements, Salary Advance Policy

Working at PhonePe is a rewarding experience! Great people, a work environment that

thrives on creativity, and the opportunity to take on roles beyond a defined job description

are just some of the reasons you should work with us. Read more about PhonePe on our

blog.