hero

Join the Unanimous Family

Your new chapter begins today.

GRC Professional (PCI DSS Compliance and Risk Management)

Paytm

Paytm

Legal
Noida, Uttar Pradesh, India
Posted on Dec 20, 2024
About US:
Paytm is India's leading mobile payments and financial services distribution company. Pioneer of the mobile QR payments revolution in India, Paytm builds technologies that help small businesses with payments and commerce. Paytm’s mission is to serve half a billion Indians and bring them to the mainstream economy with the help of technology
Experience: 5-10 years
Industry: Fintech/Payments
Job Summary:
We seek a seasoned GRC Professional with deep expertise in PCI DSS compliance and risk management. The successful candidate will oversee the design, implementation, and management of PCI DSS-compliant frameworks, ensuring secure and compliant payment operations. This role requires a thorough understanding of payment security, regulatory requirements, and risk mitigation strategies within the fintech industry.
Key Responsibilities:
PCI DSS Compliance:
Lead the organization’s efforts to achieve and maintain PCI DSS certification. PIC-PIN, PCI S3 and PCI P2PE
Develop, implement, and enforce policies and procedures to comply with PCI DSS requirements, including the 12 core domains (e.g., firewall configurations, encryption, secure system development).
Act as the primary liaison with Qualified Security Assessors (QSAs) and other auditors during compliance audits.
Conduct periodic PCI DSS gap analyses, audits, and readiness assessments to identify non-compliance areas and recommend corrective actions.
Ensure secure payment transaction processes across all environments (e.g., cardholder data environments, payment gateways, and point-of-sale systems).
Risk Management:
Identify, assess, and mitigate risks associated with payment security, focusing on cardholder data protection.
Implement risk treatment plans in alignment with PCI DSS risk management guidelines.
Monitor and report on key risk indicators (KRIs) for payment environments.
Ensure robust incident response planning, testing, and execution as per PCI DSS requirements.
Data Security:
Collaborate with IT and DevOps teams to ensure compliance with PCI DSS requirements for encryption, tokenization, and secure transmission of cardholder data.
Oversee the implementation and management of access control measures to restrict access to cardholder data based on business need-to-know.
Monitor logging and monitoring systems to detect and respond to potential security breaches as required by PCI DSS Requirement 10.
Training and Awareness:
Develop and deliver PCI DSS compliance training for employees, focusing on secure handling of payment card data.
Promote a culture of payment security awareness across the organization.
Required Qualifications:
Education: Bachelor’s degree in IT, Cybersecurity, Risk Management, or related fields.
Certifications:
Mandatory: PCI Professional (PCIP) or PCI DSS Implementer.Preferred: CISA, CISSP, or CISM.
Experience:
5-10 years in governance, risk, and compliance roles, with significant experience in PCI DSS compliance programs.Proven track record in managing audits and certification processes related to payment security.