Compliance Manager

Key Responsibilities

• Regulatory Compliance and Standards Management
• Ensure compliance with PCI DSS, ISO 27001, SOC2, DPDPA, SAR DLA, NPCI and RBI guidelines.
• Lead internal and external audits related to security and compliance frameworks.
• Vulnerability Management & Security Testing:
• Conduct regular vulnerability assessments, penetration testing (VAPT), and security audits
• Collaborate with development teams to ensure that identified vulnerabilities
• Data Protection & Privacy:
• Ensure adherence to the standards for data protection regulations, including DPDPA and Indian Regulations for personal data,
• Collaborate with cross-functional teams to safeguard personal data and sensitive financial information, ensuring data encryption and secure transaction protocols.
• Cybersecurity Best Practices:
• Implement and maintain information security best practices in line with frameworks such as ISO/IEC 27001 and the NIST Cybersecurity Framework.
• Assist in designing and deploying security controls for cloud and on-premise environments, protecting sensitive business and financial data.
• Incident Response and Risk Management:
• Assist in developing and managing incident response plans for security breaches and vulnerabilities, ensuring regulatory reporting requirements are met.
• Work closely with IT teams to identify, respond to, and resolve security incidents quickly and effectively.
• Security Documentation and Reporting:
• Create and maintain detailed reports of security status, vulnerabilities, risks, and compliance audits.
• Report on the effectiveness of security measures and ensure continuous monitoring of security incidents
• Develop and implement internal legal policies, ethics guidelines
• Collaboration and Training:
• Collaborate with internal teams to integrate security practices into the software development lifecycle (SDLC).
• Provide training to internal stakeholders on compliance and security practices.
• Stay informed and ensure adherence to financial transaction regulations, such as FATF recommendations and GST compliance in India.

Educational Qualifications & Skills

• Bachelor's or Master’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Relevant certifications like CEH, CISSP, CompTIA Security+, CISM, or ISO 27001 Lead Implementer are a plus.
• Strong understanding of VAPT tools and methodologies (e.g., Nessus, Burp Suite).
• Knowledge of compliance regulations including PCI DSS, GDPR, CCPA, PDPB, FATF, and RBI guidelines.
• Hands-on experience with cloud security and network security tools and frameworks (e.g., firewalls, SIEM, IDS/IPS, endpoint protection).

Skills:

• Ability to conduct risk assessments, manage security audits, and ensure compliance with regulatory requirements.
• Strong problem-solving and analytical skills with attention to detail.
• Excellent communication skills, both written and verbal, for reporting and liaising with stakeholders.
• A deep understanding of financial transaction security and regulatory guidelines for payment platforms.

Experience:

• Minimum 1 years of experience in information security, cybersecurity, or risk management.
• Experience working with security frameworks and compliance in financial, payment, or similar regulated industries is a plus.