Job Description

Roles and Responsibilities:-

External Audit Team is responsible for managing all external Compliance audits including CISA audits for various ongoing /new licenses, certifications including PCI DSS, ISO 27001 audits initiated by Partner banks, and regulatory inspection by regulators like RBI /ReBit/NPCI/IRDA etc.

• Manage all external audits : Plan,manage all IT audits including CISA (PPI) ,CISA (insurance), PCI ,DSS, partner bank audits, ISO 27k and non IT audits including RBI/ ReBIT Audit,NPCI review /IRDA audit etc.
• Fore fronting all the audits and act as POC for all escalations for any audit related activities
• Plan the audit calendar and schedule the audits for stakeholders
• Manage regulatory framework driven reviews conducted by external auditors /regulatory bodies
• Manage and train the team to handle architecture review, network/infra reviews, configuration audits, review of system controls (ITGC /ITAC controls), cloud infrastructure. Prepare and train team members to liaise with auditors to explain infosec posture, infosec org structure, physical /logical security, data center reviews, MSSP reviews, Soc reviews etc.
• Renewal of certifications on time. (ISO and PCI DSS)
• Review of policies and procedures on a periodic basis or whenever there is change and place it to Operational Compliance for approvals on a timely fashion
• Project management for implementation of security controls from audit corrective action plans by liaising with different teams.
• Responsible for performing risk assessments for all IT assets and processes periodically and ensuring RA/ RTP is in place. Manage and ensure the Business Impact Assessment of new businesses, applications etc.
• Interpret IT control requirements from regulatory guidelines and circulars and provide feedback from an audit perspective to the stakeholders
• Ensure that IT regulatory requirements are tracked and continuously monitored
• Provide status of audit findings, implementation of controls as per audit recommendations and ensure all audit observations are taken to closure
• Exception management, review (periodic) controls, analyze and make appropriate recommendation
• Provide Guidance to stakeholders on Periodic updation to BCP strategy, liaising with teams to perform drills etc.
• Vendor Risk Management/TPRM Process
• Manage Third party risk assessment for all IT vendors, review the risk categorization on a regular basis and evaluate the vendor security control inventory and ensure continuous evaluation of vendors
• Evaluate the review results of consultants and ascertain the adequacy of control testing.
• Evaluation of IT vendors on the security posture before onboarding and on an annual/periodic basis
• Collaborate with Infosec function and other relevant functions to ensure infosec controls within the organisation

Roles & Responsibilities

as above

Your Skills and experience

Your Experience and qualifications

Role Requirements:-

• CISA /DISA/CIA /IT Auditor
• Consulting experience, IT advisory service experience, IT consultants, experience in VAPT, cyber security etc
• 14 - 16 years of experience in relevant field in audit departments or Internal controls division, experience in conducting audits with Big4 or lead internal compliances or IT risk advisory functions for companies
• Standard specific compliance reviews and implementation experience in PCIDSS, ISO 27001,/ cobit/ISO 22301
• Reasonable conceptual understanding of information security framework like ISO 27001, IT act, RBI regulations, IRDA regulations, Sebi etc
• Project management skills
• Role requires deep technical knowhow and strong experience in guiding teams during external audits
• Compliance orientation coupled with business enablement mindset
• Collaborative approach to problem solving
• Strong understanding of IT/infosec controls and regulations of financial services products
• Ability to manage a team of 6-10 team members
• Delivers concise and effective communications with authority
• Highly adaptable in dynamic environments Integrity, capable of rigorous analytical approach and result oriented
• Flexible and stress resistant
• Ability to organize and prioritize
• Perseverance in the analysis of issues

Company Details

About Company

PhonePe

Company Information

PhonePe is India’s leading digital payments platform with over 280 million registered users. Using PhonePe, users can send and receive money, recharge mobile, DTH, data cards, pay at stores, make utility payments, buy gold, and make investments. PhonePe went live for customers in August 2016 and was the first non-banking UPI app and offered money transfer to individuals and merchants, recharges and bill payments to begin with. In 2017, PhonePe forayed into financial services with the launch of digital gold, providing users with a safe and convenient option to buy 24-karat gold securely on its platform. PhonePe has since launched Mutual Funds and Insurance products like tax-saving funds, liquid funds, international travel insurance, Corona Care, a dedicated insurance product for the COVID-19 pandemic among others.

PhonePe launched its Switch platform in 2018, and today its customers can place orders on over 300 apps including Ola, Myntra, IRCTC, Goibibo, RedBus, Oyo etc. directly from within the PhonePe mobile app. PhonePe is accepted at over 18 million merchant outlets across 500 cities nationally.

How to Apply

To check the email or link to apply for this job, just LOGIN using your Social Login below (No need to register separately)
NOTE: If you are using MOBILE and if you want to use GMAIL login through LINKEDIN Browser, then Google will not allow you to login and will give ERROR. You need to "Open Link in Browser" and then try to login.