Senior Compliance Engineer
Bangalore
Applications have closed
Razorpay
Online Payments India: Start Accepting Payments Instantly with Razorpay's Payment Suite, which Supports Netbanking, Credit Card & Debit Cards, UPI etc.Razorpay was founded by Shashank Kumar and Harshil Mathur in 2014. Razorpay is building a new-age digital banking hub (Neobank) for businesses in India with the mission is to enable frictionless banking and payments experiences for businesses of all shapes and sizes. What started as a B2B payments company is processing billions of dollars of payments for lakhs of businesses across India.
We are a full-stack financial services organisation, committed to helping Indian businesses with comprehensive and innovative payment and business banking solutions built over robust technology to address the entire length and breadth of the payment and banking journey for any business. Over the past year, we've disbursed loans worth millions of dollars in loans to thousands of businesses. In parallel, Razorpay is reimagining how businesses manage money by simplifying business banking (via Razorpay X) and enabling capital availability for businesses (via Razorpay Capital). The Role: A Compliance Engineer will contribute to the Plan, complete, report, and manage, program, follow-up, and ad-hoc internal audits for all areas of the business making recommendations and suggestions to staff, process owners, and the board of directors wherever applicable. Create, define and improvise processes and procedures as per industry standards and audit requirement Responsibilities:1. Technology Depth:
- Demonstrate an exceptional level of expertise in at least three compliance frameworks, such as PCI(DSS/ SSF/ 3DS), SOC 1/2, ISO 27001, PAPG, PPI, and CICRA.
- Apply your deep understanding of these frameworks to assess, implement, and maintain comprehensive compliance measures across the organization.
- Stay updated with the latest advancements, emerging trends, and evolving compliance standards to ensure continuous improvement.
- Possess a comprehensive understanding of various types of audit reports, including internal and external audits, as well as deviations commonly encountered during compliance assessments.
- Utilize your expertise to analyze deviations, assess their impact on the organization's compliance status, and develop effective remediation strategies.
- Collaborate with cross-functional teams to ensure timely resolution of compliance-related issues and drive proactive risk mitigation.
- Demonstrate a strong grasp of security principles and best practices, including access controls, data protection, encryption, incident response, and vulnerability management.
- Apply your knowledge to evaluate existing security controls, identify potential vulnerabilities, and recommend appropriate measures to enhance the organization's security posture.
- Act as a subject matter expert and provide guidance on security-related matters to ensure compliance with applicable regulations and industry standards.
- Possess a solid understanding of hosted platforms, such as AWS or Azure, and their associated security controls.
- Evaluate the organization's use of hosted platforms, identify potential compliance gaps, and recommend and implement necessary controls and configurations.
- Collaborate with development and operations teams to integrate compliance requirements seamlessly into CI/CD pipelines, ensuring that security and compliance are prioritized throughout the software development lifecycle.
- Proactively research and stay abreast of new compliance frameworks, regulations, emerging technologies, and industry best practices.
- Independently develop audit deviations scenarios and provide innovative and practical solutions to address them.
- Share knowledge and insights with the team through training sessions, internal documentation, and regular updates, fostering a culture of continuous learning and improvement.
- Take ownership of assigned tasks and features, ensuring their successful completion within defined scopes, timelines, and quality standards.
- Collaborate with stakeholders to define clear project requirements and deliverables, ensuring alignment with compliance objectives.
- Conduct thorough testing and validation of compliance controls, documenting and reporting findings accurately, and recommending corrective actions where necessary.
- Bachelor's degree in Computer Science, Information Security, or a related field. Any 1 Advanced certification (e.g., CISSP, AWS/Azure Security Specialist, CISM) is must.
- Overall experience of 2-5 Years is must.
- Proven track record of working as a Compliance Engineer or similar role, with a focus on regulatory compliance and information security.
- Expert-level knowledge and experience with at least three Compliance
- Frameworks, such as PCI, SOC 2, ISO 27001, PAPG, PPI, or CICRA.
- Strong understanding of different types of audit reports (e.g., SOC 1, SOC 2, PCI DSS, PCI SSF, PCI P2PE) and deviations encountered during compliance assessments.
- In-depth knowledge of security principles, industry best practices, and frameworks (e.g., NIST, CIS, OWASP).
- Familiarity with hosted platforms, such as AWS or Azure, and experience with CI/CD pipelines and associated tools (e.g., Jenkins, GitLab, Azure DevOps).
- Proven ability to quickly learn and adapt to new technologies, frameworks, and compliance requirements.
- Strong analytical and problem-solving skills, with a keen eye for detail and a methodical approach to compliance assessments.
- Excellent written and verbal communication skills, with the ability to effectively communicate complex compliance concepts to technical and non-technical stakeholders.
- Strong organizational skills and the ability to manage multiple priorities and projects simultaneously.
- Demonstrated ability to work independently, as well as collaboratively in cross-functional teams.
Follow us on LinkedIn & Twitter
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits AWS Azure Banking CI/CD CISM CISSP Compliance Computer Science DevOps Encryption Full stack GitLab Incident response ISO 27001 Jenkins NIST OWASP PCI DSS SDLC SOC SOC 1 SOC 2 Vulnerabilities Vulnerability management
Perks/benefits: Career development
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.