Manager - Technology Risk & Compliance

Manager, Technology Risk & Compliance

About PhonePe Limited:

Headquartered in India, its flagship product, the PhonePe digital payments app, was launched in Aug 2016. As of April 2025, PhonePe has over 60 Crore (600 Million) registered users and a digital payments acceptance network spread across over 4 Crore (40 million) merchants. PhonePe also processes over 33 Crore (330 Million) transactions daily with an Annualized Total Payment Value (TPV) of over INR 150 lakh crore.

PhonePe's portfolio of businesses includes the distribution of financial products (Insurance, Lending, and Wealth) as well as new consumer tech businesses (Pincode - hyperlocal e-commerce and Indus AppStore Localized App Store for the Android ecosystem) in India, which are aligned with the company's vision to offer every Indian an equal opportunity to accelerate their progress by unlocking the flow of money and access to services.

Culture:

At PhonePe, we go the extra mile to make sure you can bring your best self to work, Everyday. And that starts with creating the right environment for you. We empower people and trust them to do the right thing. Here, you own your work from start to finish, right from day one. PhonePe-rs solve complex problems and execute quickly; often building frameworks from scratch. If you're excited by the idea of building platforms that touch millions, ideating with some of the best minds in the country and executing on your dreams with purpose and speed, join us

Role - Manager - IT Audit & Compliance

Roles and Responsibilities: -

Maintenance:

- Ensure Review of policies and procedures on a periodic basis or whenever there is change and place it for Management approvals to board on a timely fashion

- Preparation of architectural diagrams and technical documentations for audit and regulatory purposes along with stakeholders and consultants

- Ensure the Business Impact Assessment of new businesses, applications etc.

- Ensure Risk assessments for all IT assets and processes periodically and ensure RA/ RT is in place.

- Run project management for implementation of various security controls by liaising with different teams.

- Renewal of certifications on time (ISO 27001 and PCI DSS)

- Review all merchant and IT vendor contracts for clauses w.r.t information security and regulatory requirements

Monitoring and Guidance:

- Exception management, review (periodic) controls, analyse and make appropriate recommendation

- Provide guidance to the stakeholders with respect to the contractual obligation on IT policy management and process implementations.

- Provide guidance to stakeholders on Periodic updates to BCP strategy, liaising with teams to perform drills etc. Guide team members on planning Phishing and other information security drills

- Evaluation of vendors, review of internal tool reviews for SRE /Engg. teams /PhonePe functions from Data security angle

Regulatory and Compliance audits:

- Interpret IT control requirements from regulatory guidelines and circulars and prepare a detailed framework for implementation and Advisory on implementation of information security controls

- Ensure that IT regulatory requirements are tracked and continuously monitored.

- Plan audit calendars and schedule the same.

- Manage all internal and external audits related to IT and Non IT .

- Plan and Overseeing all IT audits (including CISA (PPI) ,RBI/ ReBIT Audit, ISNP &; CIS (insurance), PCI DSS, System Audits, partner bank audits, ISO 27k ,Stat audits ,NPCI audits etc.

- Fore fronting all the audits and act as POC for all escalations for any audit related activities

- Liaise with auditors to explain infosec posture, org structure, provide technical architecture overview, process understanding on IT controls etc.

- Support management to provide audit finding responses, implementation of controls as per audit recommendations etc and ensure all IT audit observations are taken to closure

Must Haves -

- 7 to 10 years of work experience, BE / relevant experience in Group 4 consultancies, or likes of Group 4 . CISA / DISA / CIA preferred.

- Has high ethical standards and are able to work diligently to complete your duties.

- Has an analytical mind able to "see" the complexities of procedures and regulations.

- Demonstrate the ability to plan and execute projects with minimal management support.

PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles)

• Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance
• Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System
• Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program
• Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy
• Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment
• Other Benefits - Higher Education Assistance, Car Lease, Salary Advance Policy

Our inclusive culture promotes individual expression, creativity, innovation, and achievement and in turn helps us better understand and serve our customers. We see ourselves as a place for intellectual curiosity, ideas and debates, where diverse perspectives lead to deeper understanding and better quality results. PhonePe is an equal opportunity employer and is committed to treating all its employees and job applicants equally; regardless of gender, sexual preference, religion, race, color or disability. If you have a disability or special need that requires assistance or reasonable accommodation, during the application and hiring process, including support for the interview or onboarding process, please fill out this form.

Read more about PhonePe on our blog.

Life at PhonePe

PhonePe in the news

Experience LevelSenior Level

---