Listing Description
Title:Role – GRC(Governance Risk and Compliance)- General Manager
About Us: Paytm is India’s leading digital payments and financial services company, which is focused on driving consumers and merchants to its platform by offering them a variety of payment use cases. Paytm provides consumers with services like utility payments and money transfers, while empowering them to pay via Paytm Payment Instruments (PPI) like Paytm Wallet, Paytm UPI, Paytm Payments Bank Netbanking, Paytm FASTag and Paytm Postpaid - Buy Now, Pay Later. To merchants, Paytm offers acquiring devices like Soundbox, EDC, QR and Payment Gateway where payment aggregation is done through PPI and also other banks’ financial instruments. To further enhance merchants’ business, Paytm offers merchants commerce services through advertising and Paytm Mini app store. Operating on this platform leverage, the company then offers credit services such as merchant loans, personal loans and BNPL, sourced by its financial partners.
About the team: The fintech revolution in the industry is driving change at an exciting pace - creating an interconnected world. The resulting pervasiveness of cyber brings both new business opportunities, and new cyber threats. Paytm Cyber Security team is on its fast paced journey to fortify the cyber security posture and strengthen the security controls by shifting security left. From securing our crown jewels to strict adherence of regulatory and compliance requirements, our commitment is to make Paytm one of the safest business applications with world class security in place.
About the role:As a GRC, you will be responsible for Security Governance, Data Privacy, Risk Management and Compliance.
We’re looking for someone with a strong cyber security & GRC background, with good interpersonal skills. The candidate must have experience with ISMS and/or ISO27001,SOC & PCI DSS compliance programs working with cross functions. An audit experience would be advantageous for the role as the role would interface internal and external audits along with design and review of policy and procedure documents. Security Consulting experience would be preferred for this role.
Expectations/ Requirements
15+ Years’ experience
The role encompasses the following 5 core responsibilities:
Risk Management
Quality & Compliance (including Operations, Programme/Product and Project support)
Independent Business monitoring (Risk Perspective)
Audit Support
Information Policy Formation
GRC Consulting
Risk Management
Contribute to identification and initiation of Risk mitigation projects to address significant risks impacting a Business unit, using Smart Controls assessments
Facilitate risk identification and risk discussions within the business unit, both operational risk, product/project and strategic risk
Assist Tech Business Unit management to make risk informed decisions through a comprehensive Risk Dashboard
Raise and approve (where necessary) Policy Exceptions and significant Risks
Input into, review and enforce compliance within Tech Policies and Standards as required within Business Unit
Ensure emerging risks are identified and escalated appropriately and in a timely manner
Perform GRC requirements within third party framework
Support Product owners in the management of their project risks, ensuring risk identification process is embedded and operational
Ensure awareness of Computer Security Incident Response (CSIR) process and report suspected security breach
Partner with other tech & business verticals and Security staff to deliver a continuous training and education programme to ensure ongoing awareness on new and updated Policies and Standards within their Business Unit.
Governance Risk & Compliance
Contribute to maintenance of the Business Unit delivery and operational frameworks (Activities, deliverables, roles and responsibilities) and ensure alignment to ITMS
Monitor deliverable quality, ensure quality standards are being met for products/ projects, programmes or operations within their remit, following a risk-based approach, according to ITMS, Smart Controls assessments, local SOPs and projects PQPs
Contribute to providing Project Quality assurance oversight depending on the specific project risk profile, including specific assurance reviews as requested by stakeholders
Ensure Business Unit activities align with Regulatory requirements and liaise with Business Groups to contribute to the overall assessment validation security status of he business facing application systems or services.
Contribute to ensuring Business Unit is keeping up with regulatory and legal requirements through a pro-active knowledge management programme
Quality assurance over the system change control within the Business Unit
Supporting Tech & Product teams to maximise their velocity by right sizing their governance approach
Management Monitoring/Independent Business monitoring (MM/IBM)
Execute relevant self-inspection programmes within remit through Management monitoring and Independent Business monitoring where required
Support implementation of relevant Management monitoring programmes in Business Unit for processes not owned by TSR GRC
Partner with other security staff and other teams to design a management monitoring and independent business controls monitoring schedule.
Delivery periodic compliance dashboard
Provide interpretation and results updates at Business meeting
Audit Support
Support management of overall Business Unit inspection readiness activities and CAPAs in liaison with the business
Report status on CAPA’s to Business Unit RMCB
Information Policy Formation
Work with the lead/Controls owners and DevOps team to review and approve the policy, standards, procedures, guidance and training for compliance with relevant legislation and regulatory Requirements.
Support reviews of the information systems for compliance with legislation and specifies any required changes within their Business Unit
Support the Tech & product team to implement policies, standards and procedures with aligned Tech Business
GRC Consulting
Support various GRC planned or remediation activities consulting with Tech BU staff to deliver
We are looking for professionals with these skills to achieve our goals. If you have them, we would like to speak to you.
Information Technology Graduate or similar
12+ years’ experience experience in a combination of Risk Management, Quality Assurance and Compliance function in a Pharmaceutical environment.
Demonstrable experience of successfully managing Assurance or operational activities within a Business Unit
Current knowledge of how ERP solutions support business processes to that business unit
Strong understanding of the regulatory trends in the Pharmaceutical industry is foundational to success in this role
Proven management experience of cross functional teams located globally
Certifications - CIRC or CISA (any of them)
Proven line management experience in prior roles, if role requires line management
Awareness of the regulatory trends within the Pharmaceutical industry
Understanding of ITMS, Smart Controls and how a business unit deploys this methodology
Experience of operating in an international environment with tact, diplomacy and cultural sensitivity
Experience in interpreting policies, procedures and processes for ensuring compliance with risk management programs
Knowledge of Tech Support processes, such as ITIL
Good knowledge of Software Quality Assurance
Knowledge of Information security standards (e.g. ISO27001) and Privacy Regulations
Understanding of Agile, Kanban and Scrum basics
Learning agility, including participating in #godigital learning and ensuring they keep up to date with GRC and Security trainings
Good understanding of emerging technology risks e.g. cloud (SAAS, PAAS and IAAS), Automation etc
Knowledge of a combination of the following:
Cyber – NIST, CSA
Privacy – EDPB guidelines (Data Protection by Design and by Default)
Superpowers/ Skills that will help you succeed in this role
● High level of drive, initiative and self-motivation
● Ability to take internal and external stakeholders along
● Understanding of Technology and User Experience
● Love for simplifying
● Growth Mindset
● Willingness to experiment and improve continuously
Why join us
· Because you get an opportunity to make a difference, and have a great time doing that.
· You are challenged and encouraged here to do stuff that is meaningful for you and for those we serve.
· You should work with us if you think seriously about what technology can do for people.
· We are successful, and our successes are rooted in our people collective energy and unwavering focus on the customer, and that's how it will always be.
Compensation: If you are the right fit, we believe in creating wealth for you
With enviable 500 mn+ registered users, 21 mn+ merchants and depth of data in our ecosystem, we are in a unique position to democratize credit for deserving consumers & merchants – and we are committed to it. India’s largest digital lending story is brewing here. It’s your opportunity to be a part of the story!
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided