Cyber Security - GRC - General Manager

Title:Role – GRC(Governance Risk and Compliance)- General Manager About Us: Paytm is India’s leading digital payments and financial services company, which is focused on driving consumers and merchants to its platform by offering them a variety of payment use cases. Paytm provides consumers with services like utility payments and money transfers, while empowering them to pay via Paytm Payment Instruments (PPI) like Paytm Wallet, Paytm UPI, Paytm Payments Bank Netbanking, Paytm FASTag and Paytm Postpaid - Buy Now, Pay Later. To merchants, Paytm offers acquiring devices like Soundbox, EDC, QR and Payment Gateway where payment aggregation is done through PPI and also other banks’ financial instruments. To further enhance merchants’ business, Paytm offers merchants commerce services through advertising and Paytm Mini app store. Operating on this platform leverage, the company then offers credit services such as merchant loans, personal loans and BNPL, sourced by its financial partners. About the team: The fintech revolution in the industry is driving change at an exciting pace - creating an interconnected world. The resulting pervasiveness of cyber brings both new business opportunities, and new cyber threats. Paytm Cyber Security team is on its fast paced journey to fortify the cyber security posture and strengthen the security controls by shifting security left. From securing our crown jewels to strict adherence of regulatory and compliance requirements, our commitment is to make Paytm one of the safest business applications with world class security in place. About the role:As a GRC, you will be  responsible for Security Governance,  Data Privacy, Risk Management and Compliance. We’re looking for someone with a strong cyber security & GRC background, with good interpersonal skills. The candidate must have experience with ISMS and/or ISO27001,SOC & PCI DSS  compliance programs working with cross functions. An audit experience would be advantageous for the role as the role would interface internal and external audits along with design and review of policy and procedure documents. Security Consulting experience would be preferred for this role.Expectations/ Requirements 15+ Years’ experience The role encompasses the following 5 core responsibilities:Risk ManagementQuality & Compliance (including Operations, Programme/Product and Project support)Independent Business monitoring (Risk Perspective)Audit SupportInformation Policy FormationGRC ConsultingRisk ManagementContribute to identification and initiation of Risk mitigation projects to address significant risks impacting a Business unit, using Smart Controls assessmentsFacilitate risk identification and risk discussions within the business unit, both operational risk, product/project and strategic riskAssist Tech Business Unit management to make risk informed decisions through a comprehensive Risk DashboardRaise and approve (where necessary) Policy Exceptions and significant RisksInput into, review and enforce compliance within Tech Policies and Standards as required within Business UnitEnsure emerging risks are identified and escalated appropriately and in a timely mannerPerform GRC requirements within third party frameworkSupport Product owners in the management of their project risks, ensuring risk identification process is embedded and operationalEnsure awareness of Computer Security Incident Response (CSIR) process and report suspected security breachPartner with other tech & business verticals and Security staff to deliver a continuous training and education programme to ensure ongoing awareness on new and updated Policies and Standards within their Business Unit.Governance Risk & ComplianceContribute to maintenance of the Business Unit delivery and operational frameworks (Activities, deliverables, roles and responsibilities) and ensure alignment to ITMSMonitor deliverable quality, ensure quality standards are being met for products/ projects, programmes or operations within their remit, following a risk-based approach, according to ITMS, Smart Controls assessments, local SOPs and projects PQPsContribute to providing Project Quality assurance oversight depending on the specific project risk profile, including specific assurance reviews as requested by stakeholdersEnsure Business Unit activities align with Regulatory requirements and liaise with Business Groups to contribute to the overall assessment validation security status of he business facing application systems or services.Contribute to ensuring Business Unit is keeping up with regulatory and legal requirements through a pro-active knowledge management programmeQuality assurance over the system change control within the Business UnitSupporting Tech & Product teams to maximise their velocity by right sizing their governance approachManagement Monitoring/Independent Business monitoring (MM/IBM)Execute relevant self-inspection programmes within remit through Management monitoring and Independent Business monitoring where requiredSupport implementation of relevant Management monitoring programmes in Business Unit for processes not owned by TSR GRCPartner with other security staff and other teams to design a management monitoring and independent business controls monitoring schedule. Delivery periodic compliance dashboardProvide interpretation and results updates at Business meetingAudit SupportSupport management of overall Business Unit inspection readiness activities and CAPAs in liaison with the businessReport status on CAPA’s to Business Unit RMCBInformation Policy FormationWork with the  lead/Controls owners and DevOps team to review and approve the policy, standards, procedures, guidance and training for compliance with relevant legislation and regulatory Requirements.Support reviews of the information systems for compliance with legislation and specifies any required changes within their Business UnitSupport the Tech & product team to implement policies, standards and procedures with aligned Tech BusinessGRC ConsultingSupport various GRC planned or remediation activities consulting with Tech BU staff to deliverWe are looking for professionals with these skills to achieve our goals. If you have them, we would like to speak to you. Information Technology Graduate or similar12+ years’ experience experience in a combination of Risk Management, Quality Assurance and Compliance function in a Pharmaceutical environment.Demonstrable experience of successfully managing Assurance or operational activities within a Business UnitCurrent knowledge of how ERP solutions support business processes to that business unitStrong understanding of the regulatory trends in the Pharmaceutical industry is foundational to success in this roleProven management experience of cross functional teams located globallyCertifications - CIRC or CISA (any of them)Proven line management experience in prior roles, if role requires line managementAwareness of the regulatory trends within the Pharmaceutical industryUnderstanding of ITMS, Smart Controls and how a business unit deploys this methodologyExperience of operating in an international environment with tact, diplomacy and cultural sensitivityExperience in interpreting policies, procedures and processes for ensuring compliance with risk management programsKnowledge of Tech Support processes, such as ITILGood knowledge of Software Quality AssuranceKnowledge of Information security standards (e.g. ISO27001) and Privacy RegulationsUnderstanding of Agile, Kanban and Scrum basicsLearning agility, including participating in #godigital learning and ensuring they keep up to date with GRC and Security trainingsGood understanding of emerging technology risks e.g. cloud (SAAS, PAAS and IAAS), Automation etcKnowledge of a combination of the following:Cyber – NIST, CSAPrivacy – EDPB guidelines (Data Protection by Design and by Default) Superpowers/ Skills that will help you succeed in this role ●       High level of drive, initiative and self-motivation●       Ability to take internal and external stakeholders along ●       Understanding of Technology and User Experience ●       Love for simplifying ●       Growth Mindset●       Willingness to experiment and improve continuously Why join us ·       Because you get an opportunity to make a difference, and have a great time doing that.·       You are challenged and encouraged here to do stuff that is meaningful for you and for those we serve.·       You should work with us if you think seriously about what technology can do for people.·       We are successful, and our successes are rooted in our people collective energy and unwavering focus on the customer, and that's how it will always be. Compensation: If you are the right fit, we believe in creating wealth for youWith enviable 500 mn+ registered users, 21 mn+ merchants and depth of data in our ecosystem, we are in a unique position to democratize credit for deserving consumers & merchants – and we are committed to it. India’s largest digital lending story is brewing here. It’s your opportunity to be a part of the story!