Razorpay was founded by Shashank Kumar and Harshil Mathur in 2014. Razorpay is building a new-age digital banking hub (Neobank) for businesses in India with the mission is to enable frictionless banking and payments experiences for businesses of all shapes and sizes. What started as a B2B payments company is processing billions of dollars of payments for lakhs of businesses across India.
We are a full-stack financial services organisation, committed to helping Indian businesses with comprehensive and innovative payment and business banking solutions built over robust technology to address the entire length and breadth of the payment and banking journey for any business. Over the past year, we've disbursed loans worth millions of dollars in loans to thousands of businesses. In parallel, Razorpay is reimagining how businesses manage money by simplifying business banking (via Razorpay X) and enabling capital availability for businesses (via Razorpay Capital).
The Role:
A Compliance Engineer will contribute to the Plan, complete, report, and manage, program, follow-up, and ad-hoc internal audits for all areas of the business making recommendations and suggestions to staff, process owners, and the board of directors wherever applicable. Create, define and improvise processes and procedures as per industry standards and audit requirement
Responsibilities:
1. Technology Depth:
- Demonstrate an exceptional level of expertise in at least three compliance frameworks, such as PCI(DSS/ SSF/ 3DS), SOC 1/2, ISO 27001, PAPG, PPI, and CICRA.
- Apply your deep understanding of these frameworks to assess, implement, and maintain comprehensive compliance measures across the organization.
- Stay updated with the latest advancements, emerging trends, and evolving compliance standards to ensure continuous improvement.
2. Compliance Expertise:
- Possess a comprehensive understanding of various types of audit reports, including internal and external audits, as well as deviations commonly encountered during compliance assessments.
- Utilize your expertise to analyze deviations, assess their impact on the organization's compliance status, and develop effective remediation strategies.
- Collaborate with cross-functional teams to ensure timely resolution of compliance-related issues and drive proactive risk mitigation.
3. Security Principles and Best Practices:
- Demonstrate a strong grasp of security principles and best practices, including access controls, data protection, encryption, incident response, and vulnerability management.
- Apply your knowledge to evaluate existing security controls, identify potential vulnerabilities, and recommend appropriate measures to enhance the organization's security posture.
- Act as a subject matter expert and provide guidance on security-related matters to ensure compliance with applicable regulations and industry standards.
4. Hosted Platforms and CI/CD Pipelines:
- Possess a solid understanding of hosted platforms, such as AWS or Azure, and their associated security controls.
- Evaluate the organization's use of hosted platforms, identify potential compliance gaps, and recommend and implement necessary controls and configurations.
- Collaborate with development and operations teams to integrate compliance requirements seamlessly into CI/CD pipelines, ensuring that security and compliance are prioritized throughout the software development lifecycle.
5. Continuous Learning and Research:
- Proactively research and stay abreast of new compliance frameworks, regulations, emerging technologies, and industry best practices.
- Independently develop audit deviations scenarios and provide innovative and practical solutions to address them.
- Share knowledge and insights with the team through training sessions, internal documentation, and regular updates, fostering a culture of continuous learning and improvement.
7. Quality Deliverables:
- Take ownership of assigned tasks and features, ensuring their successful completion within defined scopes, timelines, and quality standards.
- Collaborate with stakeholders to define clear project requirements and deliverables, ensuring alignment with compliance objectives.
- Conduct thorough testing and validation of compliance controls, documenting and reporting findings accurately, and recommending corrective actions where necessary.
Requirements:
- Bachelor's degree in Computer Science, Information Security, or a related field. Any 1 Advanced certification (e.g., CISSP, AWS/Azure Security Specialist, CISM) is must.
- Overall experience of 2-5 Years is must.
- Proven track record of working as a Compliance Engineer or similar role, with a focus on regulatory compliance and information security.
- Expert-level knowledge and experience with at least three Compliance
- Frameworks, such as PCI, SOC 2, ISO 27001, PAPG, PPI, or CICRA.
- Strong understanding of different types of audit reports (e.g., SOC 1, SOC 2, PCI DSS, PCI SSF, PCI P2PE) and deviations encountered during compliance assessments.
- In-depth knowledge of security principles, industry best practices, and frameworks (e.g., NIST, CIS, OWASP).
- Familiarity with hosted platforms, such as AWS or Azure, and experience with CI/CD pipelines and associated tools (e.g., Jenkins, GitLab, Azure DevOps).
- Proven ability to quickly learn and adapt to new technologies, frameworks, and compliance requirements.
- Strong analytical and problem-solving skills, with a keen eye for detail and a methodical approach to compliance assessments.
- Excellent written and verbal communication skills, with the ability to effectively communicate complex compliance concepts to technical and non-technical stakeholders.
- Strong organizational skills and the ability to manage multiple priorities and projects simultaneously.
- Demonstrated ability to work independently, as well as collaboratively in cross-functional teams.
Razorpay believes in and follows an equal employment opportunity policy that doesn't discriminate on gender, religion, sexual orientation, colour, nationality, age, etc. We welcome interests and applications from all groups and communities across the globe.
Follow us on LinkedIn & Twitter
Top Skills
What We Do
Power your finance, grow your business.
Razorpay is India’s first full-stack financial solutions company. We are on a mission to enhance the payment experience of over 300 million end consumers. And in doing so, we aim to enable Indian businesses - big and small - accept payments digitally with minimal effort and maximum ease.
Razorpay has grown from being a payment gateway provider to a solutions-driven organization boasting of an extensive products suite to accept and disburse payments as well as raise capital and park money. In a nutshell, we fit into every nook and corner where your business touches money.
#OutgrowOrdinary
We identify ourselves as disruptors in the digital payments space and our vision is to power the financial ecosystem for other disruptors. Like attracts like and Razorpay actively looks to partner with established companies and startups that have either broken the glass ceiling in their industry or are set to.
The Razorpay Product Suite today comprises verticals, along with Payment Gateway, like Payment Links, Payment Pages, Subscriptions, Smart Collect, Route, Razorpay Capital, RazorpayX, Payroll and Thirdwatch.
Razorpay was started in 2014 by two IIT Roorkee alumni, Harshil Mathur and Shashank Kumar. Just a short few years later, Razorpay has evolved into a 800-odd strong organization with some of the best talents in the country helping some of the best companies manage their money movement seamlessly.
Certified cool
We are a bunch of spirited, ambitious and fun folks. And no, we’re not saying this ourselves--leading institutions have recognized Razorpay for the high trust and high-performance culture that we maintain.
Our strength lies in the people we are and we go to great lengths to nurture a family of coders, designers, sellers, marketers, analysts, writers, runners, photographers, gamers, tinkerers, and above all, people who are dreamers and doers at the same time. Be a part of our exciting journey.
