Pine Labs - Associate - Audit & Information Security (2-4 yrs)

Importance of the role:

We are seeking a dedicated and skilled Associate - Audit and Infosec. At Setu, we believe that every company can become a fintech company.

Financial services is a highly regulated sector, which means our mission of being a bridge between regulated financial institutions (who we refer to as asset partners) and fast-growing technology companies (who we refer to as developers) comes with a significant set of responsibilities, including in the areas of audit and compliance. We aim to make the infrastructure of our asset partners easily available to third-party developers, so they can easily build innovative new financial products and services.

As a result, our asset partners (including some of India's largest private and public sector banks) have very high expectations when it comes to a partner like us, who have direct access to their technical infrastructure. This includes vendor audits and certifications at the start of a relationship, as well as continuing audits that happen on a set schedule. Any breach or compromise of our systems would cause serious business, reputational, and legal repercussions. All of this means that we take audits extremely seriously. At present, we have an ISO 27001 certification, and are compliant with the data localisation requirements, and intend to build on this base to complete more relevant certifications.

Your role will require you to work closely with the Audit & Compliance Manager, and, along with them, be the guardian of Setu's reputation as a dependable and responsible player in the eyes of our asset partners and regulators. You will help manage this while making sure the compliance requirements are not being a deterrent for the other teams in the organisation.

What will you do at Setu?

This role reports to the Audit & Compliance Lead, and your key objective will be to ensure that Setu's technical systems are secure from malicious actors and that we achieve and maintain the gold standard in audit and preparedness. You'll spend your time working on the below-

In this role, you'll spend your time:

- Implement, maintain, and improve a best-in-class information security, risk & compliance management framework.

- This will cover Setu at both the company and individual product level - spanning across internal infrastructure and customer-facing elements.

- Help in managing and improving Setu's security, compliance, assessment, and penetration testing programs.

- Establish, in consultation with management, the level of risk Setu is willing to take in the normal course of business and ensure these are not breached.

- Work with your colleagues in Engineering, Customer Success, and elsewhere to improve security compliance and reduce risks.

- Review and update security policies and standards regularly to keep pace with new threats and changing industry practices based on security and compliance requirements.

- Monitor internal and external security advisories that impact security, risk, and compliance requirements.

- Plan, prepare for, and conduct process led internal, external, and vendor audits.

- Work with our partners (including asset partners) to efficiently complete vendor audits and other external audits required for a partnership to go live.

- Ensure that Setu achieves and maintains relevant certifications such as ISO 27001:2013, SOC2 Type 2, Data localisation and other relevant certifications, and proactively recommend and plan for new certifications/ audits that will be helpful for Setu from a business and technical perspective.

- Coordinate regular internal system and network audits, reviews, and tests to verify compliance with security policies and standards.

Who is the right fit for this role?

To excel in this role you will need:

- You've done this before: Minimum 2-4 years of prior experience in managing all aspects of audit and compliance outlined above, at a fintech or a regulated financial institution. You should have specific experience with frameworks such as ISO 27001:2013 and PCI DSS, and have completed bank/financial institution vendor and technical audits in the past.

- You are both patient and detail-oriented: Errors lead to rework, which can lead to a loss of time, effort, and capital. You will be the last line of defence. Once the audit and compliance team approves something, that means it's bulletproof. At the same time, we work with large financial institutions that may have legacy infrastructure and a lot of bureaucracy. You will have to be patient in dealing with stakeholders, and smart in how you manage timelines and expectations.

- Process is your religion: You live and breathe processes. You're the type of person who enjoys thinking of and implementing processes that can streamline complex and intricate handovers.

You understand how to bring accountability into your processes: Checklists, TATs, and sanity checks. You are obsessed with creating accountability in your processes. Any exception, no matter how small, must be dealt with systematically.

- You know the tools of the trade: You are well versed in the prevalent tools that are used in this domain.

- You value intelligent automation: Since throwing bodies at the problem is not an option.

Why Setu?

We will spare no efforts to ensure that Setu empowers you to do the most important and impactful work of your career:

- Opportunity to work closely with the founding team who built and scaled public infrastructure such as UPI, GST, Aadhaar, etc

We care deeply about your growth. So we work hard to provide you with:

- A fully stocked library and unlimited book budget.

- Tickets to conferences and industry events.

- Learning sessions where we invite both team members and external experts to teach you something new.

- Learning and development allowance that gives access to subscriptions, courses, certifications, music classes, and much more. Grow, learn, and improve with Setu!

- Kick-ass benefits including comprehensive health insurance for you and your family, personal accident and term life insurance, access to mental health counsellors, extraordinary coffee, and a beautiful office with lots of solid wood and natural light.

- We work hard to make sure our team is diverse and varied. We interview and hire purely on merit, skill, and competence-everything else is irrelevant.

Our core DNA

Our culture code-How We Move, defines the behaviours we expect from our people. When you display any of the six culture code elements, you demonstrate 'Every Day is Game Day'. The six elements of our culture code:

- Take the shot: You decide fast and deliver right.

- Sign your work like an artist:You master what you do and take pride in it.

- Be the sherpa: You lead your crew on every expedition.

- Be the CEO of what you do: You own it and make things happen.

- Care with tough love: You empower others with trust, respect, and openness.

- Own tomorrow: You innovate for the customer and beyond.

Join us if you want to be part of a company that's building infrastructure that will directly impact financial inclusion and improve millions of lives. No cashbacks, no growth-hacks, no gimmicks. Just an audacious mission, and an obsession with craftsmanship in code.