Compliance Engineer

Razorpay was founded by Shashank Kumar and Harshil Mathur in 2014. Razorpay is building a new-age digital banking hub (Neobank) for businesses in India with the mission is to enable frictionless banking and payments experiences for businesses of all shapes and sizes. What started as a B2B payments company is processing billions of dollars of payments for lakhs of businesses across India. 

We are a full-stack financial services organisation, committed to helping Indian businesses with comprehensive and innovative payment and business banking solutions built over robust technology to address the entire length and breadth of the payment and banking journey for any business. Over the past year, we've disbursed loans worth millions of dollars in loans to thousands of businesses. In parallel, Razorpay is reimagining how businesses manage money by simplifying business banking (via Razorpay X) and enabling capital availability for businesses (via Razorpay Capital). 

The Role:

A Compliance Engineer  will contribute to the Plan, complete, report, and manage, program, follow-up, and ad-hoc internal audits for all areas of the business making recommendations and suggestions to staff, process owners, and the board of directors wherever applicable. Create, define and improvise processes and procedures as per industry standards and audit requirement

Roles and Responsibilities:

• Develop, implement and maintain internal audit policies and procedures in accordance with local regulations, legal requirements, PCI DSS and ISO 27001, and any other standard that the company opts to follow.
• Assist compliance manager to administer all processes and procedures and ensure working within the regulatory framework and develop and implement all policies and recommend ways to minimize risk.
• Keep current with legal and regulatory information relative to business operations Audit and monitor data, systems, and processes for compliance to policies and laws Contribute to planning and executing information security awareness programs Prepare for and participate in process-led internal, and external vendor audits, at planned intervals and to provide suitable reporting on whether the management systems conform to Legal and regulatory requirements Our own quality and information security management system requirements.
• The requirements of PCI-DSS Level 1, ISO 27001:2013 and GDPR: Follow up constantly with internal stakeholders in gathering required evidence and organize them in a folder structure at the defined location Identify if the management systems are effectively implemented and maintained Plan and complete ad-hoc audits as required (Vendor Audits).
• Produce reports for all audits undertaken identifying: Audit criteria and scope Deficiencies and non-conformities Corrective action required (after agreement with process owner) Those responsible Achievable target dates for follow-up audits Update and record the standard specific clauses and controls covered, post audit Monitor progress on corrective actions to ensure they are concluded without undue delay Assist in the preparation of new documented information as well as updates to current ones.
• Comply with legal and regulatory, contractual and business requirements

Mandatory Qualifications:

ISO 27001:2013 Internal Auditor (Good to have)

• Good understanding of the International Standards 
• Basic technical understanding of information security concepts 
• 3-5 years of experience in compliance-related activities 
• Good interpersonal skills
• Familiar with industry standards such as ITIL, PCI DSS, ISO 27001
• Self-starter and willing to roll up the sleeves and work with the team

Razorpay believes in and follows an equal employment opportunity policy that doesn't discriminate on gender, religion, sexual orientation, colour, nationality, age, etc. We welcome interests and applications from all groups and communities across the globe.
  Follow us on LinkedIn & Twitter