InfoSec Lead- Data Team

About PayU
PayU, a leading payment and Fintech company in 50+ high-growth markets throughout Asia, Central and Eastern Europe, Latin America, the Middle East and Africa, part of Prosus group, one of the largest technology investors in the world is redefining the way people buy and sell online for our 300.000+ merchants and millions of consumers. 
As a leading online payment service provider, we deploy more than 400 payment methods and PCI-certified platforms to process approximately 6 million payments every single day. 
Thinking of becoming a PayUneer and you are curious to know more about us? Read more about the life in PayU here 

Roles & Responsibilities

• Core
• Implementing industry recommended Data Security practices in domains such as IT Risk and Security Governance, Security Awareness, Privacy and Data Protection, Cloud Security, Business Continuity, application security, Product security etc.
• Define and maintain broad range Data Security Product and Capability Governance framework, by maintaining a broad understanding of infra products and their use
• Scope, implement, and maintain compliance frameworks that caters to successfully passing relevant audits
• Design of best fit, products-specific security controls to ensure contextualized data security controls. This incorporated different facets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations.
• Coordinating & executing proactive information security consulting to business & cross functional technology teams covering Infrastructure Security, Resiliency, Data Security, Data Privacy, Network Architecture & Design, & User Access Management.

Vulnerability assessment, diagnosis, and resolution

• Conduct security assessment of infrastructure end to end i.e from design to implementation and suggest improvement for enhanced security posture in line with business requirements.
• Identify security gaps and suggest mitigating controls to minimize the associated risk to an acceptable level.
• Implement, manage, and maintain information security and compliance in-line with formulated project plans / strategic and tactical alignment of resources.
• Driving cloud security risk assessment and identify the gaps and define remediation approach by using right set of security controls to conclude the assessment.
• Conduct complete lifecycle security architecture and technical assessments for a wide range of products, including enterprise software solutions, cloud applications and mobile apps
• Identify and recommend changes to the security controls, assessing potential risks to data and systems, and provide recommendations on mitigation of these risks to acceptable levels and show ownership in following through implementation.

Audits

• Scope and implement compliance frameworks like ISO 27001, SOC 2, PCI DSS, NIST Cyber Security Framework (CSF) from scratch.
• Lead security audits in-line with industry accepted standards like PCI DSS, SOC2 Type2, ISO 27001, regulatory audits, Business continuity (ISO 22301).
• Drives Strategic Product security efforts with architecture teams to ensure that all newly developed and legacy applications and infrastructure implementations are in line with security policy and are compliance to the required frameworks (ISO, PCI, OWASP, NIST 800-53, etc.).

Subject Matter Consulting and Strategy

• Provide subject matter expert guidance on cybersecurity and product development topics.
• Advise senior management and third-party service providers of emerging compliance issues and consults and guides the organization in the establishment of controls to mitigate risks.
• Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
• Prepare an RFP/RFI response in line with the client and business expectations for InfoSec related topics.