Policy Governance & Compliance - Head
Posted on Friday, May 12, 2023
About Paytm Payments Bank
Paytm Payments Bank is an Indian payments bank, founded in 2015 and headquartered in Noida. In the same year, it received the license to run a payments bank from the Reserve Bank of India and was launched in November 2017. In 2021, the bank received a scheduled bank status from the RBI.
Paytm Payments Bank has over 300 million wallets and 30 million bank accounts and we are the leading the digital revolution and financial inclusion in India.
Be it a zero balance savings account, spend analytics, digital passbook, virtual debit card, fixed deposit or money transfer, every feature has been thoughtfully created by Paytm Payments Bank to empower unbanked and underbanked Indians.
We have hired the best in class talent across teams in Tech & Product, Business teams, Control functions like Risk, Compliance, Internal Audit and Infosec and Enabling functions like Finance, HR, Customer Service, Legal and Operations.
About the role:
The Head – Infosec Policy, Governance & Regulatory Compliance provides senior leadership and direction to all security GRC-related initiatives. In addition to providing strategic input to the security strategy and roadmap in the bank, the position is hands-on and requires tactical management of the security GRC processes, frameworks, and tools working with a team of security professionals. The position also requires an in-depth knowledge of the regulations (e.g.RBI, NPCI, UIDAI etc) and best security practices (e.g., NIST, ISO, PCI) applicable to the financial industry.
The ideal candidate is a leader of people and provides mentoring and coaching to their team of security professionals to ensure they perform optimally and are able to achieve their professional goals. Furthermore, the Head – Infosec Policy, Governance & Regulatory Compliance is a strong collaborator with the CISO, all the security team members, and across the organization.
1, Act as the main point of contact for the design and deployment of the security policy, governance & compliance framework
2. Partner with all team members in the CISO's organization to build an integrated end-to-end security policy, governance framework to provide a "one-stop shop" shop for all security activities and controls
3. Manage all security policies, standards, procedures, and guideline, and any related GRC issues with stakeholders including the management of exceptions to policies and standards
4. Ensure infosec controls are in place and working as they should
5. Ensure policies, standards, procedures, and guidelines are updated to reflect changes in the business and IT environment
7. Ensure clients, regulatory, and internal requirements are being met consistently and cost-effectively
8. Automate and streamline all processes related to managing the bank's security policy, governance & compliance framework
9. Provide multi-level reporting to all stakeholders in the bank, Executives, business leads, Technology teams, audit and regulatory representatives
10. Manage all security assessments required internally or externally including the consulting firms and/or contractors engaged to support such assessments
11. Build partnerships across the organization in all disciplines: audit, legal, information technology, financial management (finance), business operations, risk management, etc. to ensure the security governance program is aligned with business objectives and requirements
12. Develop an audit engagement model and a regulatory engagement model
13. Manage the security awareness program throughout the bank
14. Educate end-users and IT staff in security threats, risks, policies, and security best practices
15. Define end-users responsibilities in safe and secure computing
Key Skills needed (Behavioral and functional)
1. Contribute to the design and implementation of information/Cyber Security Policy, governance & Compliance framework that will provide regular metrics and statistics about Information security to the CISO and other key stakeholders throughout the bank.
2. Manage & periodic review of Information Security best practices, Minimum Baseline security requirements, Information security policy violations and exceptions, risk registers, RCSA etc.
3. Prepare annual detailed plans for security reviews/audits and any other security compliance tasks required internally or externally.
4. Well versed with RBI Cyber security framework, Digital payment security standards.
5. Infosec Regulatory & compliance requirements from multiple regulators e.g. RBI, NPCI, UIDAI etc.
6. Information Security Awareness related tools and technologies.
Qualification & Experience
1. 10-15 years' demonstrable experience in managing security policy, governance & regulatory compliance, security project management, security policy management, and other security practices
2. Hands-on experience with designing, implementing and managing security GRC programs
3. Good understanding of Industry best practices such as NIST, COBIT, ITIL and ISO 27001 & PCI standards
4. Result oriented and ability to deliver under tight timelines
5. Excellent communication and collaboration skills
6. Strong analytical skills, problem solving skills, and project/program management skills
7. Desire to learn about new and emerging technologies and continuous upskilling
8. Must be comfortable with navigating ambiguity to extract meaningful risk insights.