Associate Manager- IT Compliance

The job overview for this position is not clearly labeled, but it appears to be the paragraph that begins with "To monitor and maintain the compliance of PhonePe's operations and business with respect to the guidelines provided by the regulatory bodies, internal policies and relevant security standards." The role involves maintaining PhonePe's information security framework and policies, staying up-to-date on regulatory requirements, identifying compliance KPIs, facilitating reviews and audits, and conducting trainings and awareness sessions. The ideal candidate will have 4-6 years of experience in information systems security and IT risk management, as well as strong communication and problem-solving skills.

• Diligently maintain PhonePe’s Information Security Framework and underlying policies, procedures, standards and guidelines.
• Stay updated on the current and upcoming regulatory requirements w.r.t to PhonePe’s business and ensure that appropriate controls and measures are in place to ensure compliance.
• Identify information security and regulatory compliance KPIs, periodically monitor, follow up and ensure fulfilment as per the requirement.
• Facilitate periodic reviews and audits as required engaging both internal business partners across the organization and external resources.
• Facilitate and support ISO certifications, CISA audits, PCI DSS, ITGC audits and ensure compliance.
• Meet security objectives as defined by chief information security officer in PhonePe’s security policies.
• Conduct trainings and awareness sessions. Create and circulate mailers, posters, blogs etc for information security periodically.
• Independently gather information from developers, engineers and other technical team members, obtain a deep understanding of products and technical processes.
• Create/ update comprehensive technical documentation (procedure manuals, policies, process documents and technical specifications) in simple, polished and engaging content.
• Prepare RFPs (Request for Proposal) and software requirement specifications for engineering and information security team.

• Diligently maintain PhonePe’s Information Security Framework and underlying policies, procedures, standards and guidelines.
• Stay updated on the current and upcoming regulatory requirements w.r.t to PhonePe’s business and ensure that appropriate controls and measures are in place to ensure compliance.
• Identify information security and regulatory compliance KPIs, periodically monitor, follow up and ensure fulfilment as per the requirement.
• Facilitate periodic reviews and audits as required engaging both internal business partners across the organization and external resources.
• Facilitate and support ISO certifications, CISA audits, PCI DSS, ITGC audits and ensure compliance.
• Meet security objectives as defined by chief information security officer in PhonePe’s security policies.
• Conduct trainings and awareness sessions. Create and circulate mailers, posters, blogs etc for information security periodically.
• Independently gather information from developers, engineers and other technical team members, obtain a deep understanding of products and technical processes.
• Create/ update comprehensive technical documentation (procedure manuals, policies, process documents and technical specifications) in simple, polished and engaging content.
• Prepare RFPs (Request for Proposal) and software requirement specifications for engineering and information security team.
• Experience of 4-6 years in information systems security, ITGC and IT risk management.
• Working knowledge of security domains such as logical and physical access, SDLC, change management, network security and vulnerability management.
• Effective communication and problem-solving skills.
• Strong interpersonal skills, proactive and team-oriented player.
• Security certifications such as ISO 27001:2013 Lead Implementer or ISO 27001:2013 Lead Auditor, CISA, CISSP (preferred).