Senior Compliance Engineer

Razorpay was founded by Shashank Kumar and Harshil Mathur in 2014. Razorpay is building a new-age digital banking hub (Neobank) for businesses in India with the mission is to enable frictionless banking and payments experiences for businesses of all shapes and sizes. What started as a B2B payments company is processing billions of dollars of payments for lakhs of businesses across India. 

We are a full-stack financial services organisation, committed to helping Indian businesses with comprehensive and innovative payment and business banking solutions built over robust technology to address the entire length and breadth of the payment and banking journey for any business. Over the past year, we've disbursed loans worth millions of dollars in loans to thousands of businesses. In parallel, Razorpay is reimagining how businesses manage money by simplifying business banking (via Razorpay X) and enabling capital availability for businesses (via Razorpay Capital).  The Role:   A Compliance Engineer will contribute to the Plan, complete, report, and manage, program, follow-up, and ad-hoc internal audits for all areas of the business making recommendations and suggestions to staff, process owners, and the board of directors wherever applicable. Create, define and improvise processes and procedures as per industry standards and audit requirement   Responsibilities:
1. Technology Depth:

• Demonstrate an exceptional level of expertise in at least three compliance  frameworks, such as PCI(DSS/ SSF/ 3DS), SOC 1/2, ISO 27001, PAPG, PPI, and CICRA.
• Apply your deep understanding of these frameworks to assess, implement, and  maintain comprehensive compliance measures across the organization.
• Stay updated with the latest advancements, emerging trends, and evolving  compliance standards to ensure continuous improvement.

2. Compliance Expertise:

• Possess a comprehensive understanding of various types of audit reports,  including internal and external audits, as well as deviations commonly encountered during compliance assessments.
• Utilize your expertise to analyze deviations, assess their impact on the  organization's compliance status, and develop effective remediation strategies.
• Collaborate with cross-functional teams to ensure timely resolution of  compliance-related issues and drive proactive risk mitigation.

3. Security Principles and Best Practices:

• Demonstrate a strong grasp of security principles and best practices, including  access controls, data protection, encryption, incident response, and vulnerability management.
• Apply your knowledge to evaluate existing security controls, identify potential  vulnerabilities, and recommend appropriate measures to enhance the organization's security posture.
• Act as a subject matter expert and provide guidance on security-related matters  to ensure compliance with applicable regulations and industry standards.

4. Hosted Platforms and CI/CD Pipelines:

• Possess a solid understanding of hosted platforms, such as AWS or Azure, and  their associated security controls.
• Evaluate the organization's use of hosted platforms, identify potential compliance gaps, and recommend and implement necessary controls and configurations.
• Collaborate with development and operations teams to integrate compliance  requirements seamlessly into CI/CD pipelines, ensuring that security and compliance are prioritized throughout the software development lifecycle.

5. Continuous Learning and Research:

• Proactively research and stay abreast of new compliance frameworks,  regulations, emerging technologies, and industry best practices.
• Independently develop audit deviations scenarios and provide innovative and  practical solutions to address them.
• Share knowledge and insights with the team through training sessions, internal  documentation, and regular updates, fostering a culture of continuous learning and improvement.

7. Quality Deliverables:

• Take ownership of assigned tasks and features, ensuring their successful  completion within defined scopes, timelines, and quality standards.
• Collaborate with stakeholders to define clear project requirements and  deliverables, ensuring alignment with compliance objectives.
• Conduct thorough testing and validation of compliance controls, documenting  and reporting findings accurately, and recommending corrective actions where necessary.

  Requirements:

• Bachelor's degree in Computer Science, Information Security, or a related field.  Any 1 Advanced certification (e.g., CISSP, AWS/Azure Security Specialist, CISM) is must.
• Overall experience of 2-5 Years is must.
• Proven track record of working as a Compliance Engineer or similar role, with a focus on regulatory compliance and information security.
• Expert-level knowledge and experience with at least three Compliance
• Frameworks, such as PCI, SOC 2, ISO 27001, PAPG, PPI, or CICRA.
• Strong understanding of different types of audit reports (e.g., SOC 1, SOC 2, PCI DSS, PCI SSF, PCI P2PE) and deviations encountered during compliance assessments.
• In-depth knowledge of security principles, industry best practices, and frameworks (e.g., NIST, CIS, OWASP).
• Familiarity with hosted platforms, such as AWS or Azure, and experience with  CI/CD pipelines and associated tools (e.g., Jenkins, GitLab, Azure DevOps).
• Proven ability to quickly learn and adapt to new technologies, frameworks, and compliance requirements.
• Strong analytical and problem-solving skills, with a keen eye for detail and a  methodical approach to compliance assessments.
• Excellent written and verbal communication skills, with the ability to effectively  communicate complex compliance concepts to technical and non-technical stakeholders.
• Strong organizational skills and the ability to manage multiple priorities and  projects simultaneously.
• Demonstrated ability to work independently, as well as collaboratively in cross-functional teams.

Razorpay believes in and follows an equal employment opportunity policy that doesn't discriminate on gender, religion, sexual orientation, colour, nationality, age, etc. We welcome interests and applications from all groups and communities across the globe.
  Follow us on LinkedIn & Twitter