Description : M365 Security & Compliance Architect Role Purpose Own the end-to-end implementation, hardening, and governance of Microsoft 365 E5 across Pay10 India, aligning to RBI requirements and relevant local regulations. Establish Zero-Trust controls, identity governance (PIM/PAM), information protection, and audit-ready compliance operations. Key Responsibilities Architecture & Rollout : Design the M365 E5 security architecture (Identity, Access, Devices, Data, Threat, Governance). Implement Entra ID P2, PIM/PAM, Conditional Access, MFA, SSPR, Break-glass strategy. Deploy Defender for Office 365, Defender for Endpoint, Defender for Cloud Apps (CASB/MCAS). Implement Purview : Information Protection (MIP sensitivity labels), DLP, Records/Retention. Intune device compliance, baselines, and app protection policies (Windows, macOS, iOS/Android). Compliance & Audit Map M365 controls to RBI IT Framework, DPDP Act 2023, ISO 27001, PCI-DSS. Configure Compliance Manager scorecards, assessments, evidence, and audit artifacts. Define data classification, legal holds, retention schedules, and cross-border data handling. Operations & Governance Build SOPs/runbooks : joiner-mover-leaver, incident response, PIM approvals, break-glass drills. Establish monitoring & reporting (KQL, Power BI, Graph API) for compliance and security posture. Conduct KT to internal admins; lead CAB/ISMS change processes; drive continuous improvement. Stakeholder & Vendor Management Collaborate with customers finalized vendor(s) for network security alignment and integrations. Manage regional rollouts; coordinate with legal/compliance for evidence packs and audits. Required Experience 4-5+ years hands-on with M365 E5 security & compliance at enterprise scale. Deep expertise in Entra ID P2 (PIM/PAM), Conditional Access, Defender suite, Purview (MIP/DLP/eDiscovery), Intune. Proven delivery in regulated financial services Strong understanding of RBI, DPDP 2023, ISO 27001, PCI-DSS. Success KPIs E5 controls implemented & validated (India) within agreed timeline. Compliance score uplift (Compliance Manager) and successful internal audit sign-off. MTTR for security incidents reduced; zero critical audit non-conformities. Successful replication to the first GCC region with documented SOPs and KT. (ref:hirist.tech)
Description Job Title : Senior Product Designer Location : Delhi, India Company Overview We are a leading global payments technology company providing innovative solutions for both B2B and B2C customers across the globe. Our comprehensive suite of payment products includes a secure payment gateway, money transfer services, digital wallets, and a wide range of other payment solutions. With a focus on cutting-edge technology and exceptional user experiences, we are committed to simplifying payments and empowering businesses and individuals to thrive in the digital economy. Position Overview We are seeking a talented and experienced Product Designer to join our dynamic team. As a Product Designer, you will play a key role in designing intuitive and user-friendly interfaces for our payments solutions. You will collaborate closely with cross-functional teams including product leads, product managers, analysts, engineers, and stakeholders to create innovative solutions that meet the needs of our customers and drive business growth. Responsibilities Lead the design process from concept to implementation, including ideation, wireframing, prototyping, and visual design. Develop user flows, journey maps, and interactive prototypes to effectively communicate design concepts and functionality. Conduct user research, usability testing, and gather feedback to inform design decisions and iterate on designs. Collaborate with product managers and engineers to translate business requirements and technical constraints into elegant and intuitive designs. Create high-fidelity mock-ups, UI designs, and design specifications that adhere to brand guidelines and design best practices. Work closely with developers during the implementation phase to ensure design integrity and provide support as needed. Stay up-to-date with industry trends, design tools, and emerging technologies to continuously improve our design process and : Bachelors degree in design, HCI, or related field; or equivalent professional certificate with experience. Proven experience as a Product Designer, UX/UI Designer, or similar role, preferably in the fintech or payments industry. 5+ years of experience in a start-up, or a multinational business environment Strong portfolio showcasing your design process, problem-solving skills, and ability to deliver high-quality designs. Proficiency in design and prototyping tools such as Figma, Sketch and Adobe Creative Suite. Solid understanding of user-centered design principles, interaction design, and information architecture. Excellent communication skills with the ability to articulate design decisions and collaborate effectively with cross-functional teams. Familiarity with front-end development technologies (HTML, CSS, JavaScript) is a plus. Passion for fintech, payments, and solving complex design challenges in a fast-paced environment. Creative, innovative, tech-savvy and have a can-do mindset with energetic and open-minded personality (ref:hirist.tech)
Description Job Title - Technical Security Manager Location - Delhi Role Overview The Technical Security Manager Information Security will play a pivotal role in safeguarding Pay10s technology infrastructure, applications, and network ecosystem across all operations within India. This role combines hands-on cybersecurity expertise with strong technical control implementation and compliance oversight under RBIs IT and Cybersecurity Framework for Payment System Operators. The incumbent will be responsible for monitoring, detection, and response to threats, defining network and infrastructure controls, and ensuring compliance with relevant standards such as RBI IT Framework, PCI DSS, ISO 27001, SOC 2, and data localization requirements. Key Operations & Monitoring Lead Security Operations Centre (SOC) activities, ensuring proactive detection, investigation, and response to security incidents. Monitor and correlate events using SIEM platforms (e.g., Splunk, Sentinel, QRadar). Conduct incident triage, root cause analysis, and coordinate timely containment and recovery. Ensure adherence to RBIs cyber incident reporting timelines (e.g., within 26 hours for major incidents). Maintain incident management workflows and escalation processes in line with RBI standards. Collaborate with Managed Security Service Providers (MSSPs) for continuous monitoring and log management. Network & Infrastructure Security Design, configure, and manage secure network architecture including firewalls, VPNs, WAF, IDS/IPS, and segmentation. Ensure compliance with RBI-prescribed controls on hardening, patching, and security logging for payment systems. Perform infrastructure vulnerability assessments and oversee timely patch management. Maintain network topology, baseline configurations, and documentation for audit readiness. Ensure all regulated data (cardholder, transaction, and PII) is stored, processed, and maintained only in data centers located in India, in compliance with RBI data localization mandates. Cloud & Application Security Oversee implementation of cloud security controls (CSPM, CWPP, IAM policies) for Pay10s AWS, Azure, or hybrid environments. Partner with DevOps to embed DevSecOps practices, including automated code reviews, SAST/DAST scanning, and secure CI/CD pipelines. Conduct application security reviews and validate controls aligned to OWASP Top 10 and PCI DSS 4. Secure APIs and integrations used in payment processing and fintech applications. Review application security configurations for compliance with RBI and PCI-DSS encryption and key management requirements. Threat & Vulnerability Management Lead the end-to-end vulnerability management program, ensuring prompt detection, prioritization, and remediation. Conduct periodic vulnerability scans, penetration testing, and red team assessments as required by RBI. Maintain a central vulnerability register and track closure with IT, DevOps, and business teams. Establish patch governance framework and periodic reporting to the CISO office. Integrate threat intelligence sources to anticipate and mitigate emerging risks. Access Control & Identity Management Define and enforce Identity and Access Management (IAM) and Privileged Access Management (PAM) policies. Implement least-privilege principles, multi-factor authentication (MFA), and SSO across all systems. Conduct quarterly access reviews and entitlement audits to ensure compliance with RBIs access control guidelines. Maintain logs and reports for all privileged account activities as part of RBIs audit trail requirements. Compliance, Audit & Risk Management Ensure compliance with : RBI Cyber Security Framework for Payment System Operators RBI Master Direction on IT Governance, Risk, Controls & Assurance Practices PCI DSS, ISO 27001, and SOC 2 frameworks Coordinate internal and external IT and cybersecurity audits. Prepare and submit quarterly and annual IT & Cyber Risk reports to the CISO and Compliance Committee. Support banking partner and regulator-driven audits with evidence, control documentation, and remediation tracking. Maintain an up-to-date Information Security Risk Register and report risk status to management. Conduct vendor risk assessments and due diligence before onboarding third-party service providers, ensuring alignment with RBIs Third-Party Risk Management Guidelines. Incident Response & Business Continuity Maintain the Incident Response Plan (IRP) and ensure regular testing and updates. Conduct incident simulations and tabletop exercises for critical applications. Lead post-incident reviews and document lessons learned and preventive measures. Ensure Business Continuity (BCP) and Disaster Recovery (DR) drills are conducted periodically, meeting RTO/RPO objectives. Document and maintain all DR test results for submission during RBI or partner bank audits. Awareness, Documentation & Reporting Conduct security awareness and phishing simulation programs for Pay10 employees. Maintain Detailed Documentation For Incident response Risk registers Vulnerability remediation Audit evidence and compliance matrices Develop and present cybersecurity posture dashboards and KPI reports for the CISO and management. Conduct secure coding workshops and sessions for development and operations teams. Required Qualifications Bachelors degree in Cybersecurity, Computer Science, or Information Technology, or equivalent hands-on experience. 6 to 10 years of experience in technical cybersecurity operations and risk management. Proven experience working in FinTech, banking, or other RBI-regulated financial environments. Strong understanding of RBI IT & Cybersecurity Framework, PCI DSS, and ISO 27001. Experience in incident management, network security, and vulnerability management. Preferred Certifications CISSP, CISM, or CISA (for governance and audit readiness). CompTIA Security+, CEH, or GSEC (for technical skills). ISO 27001 Lead Implementer/Auditor or PCI DSS ISA (for compliance management). AWS Certified Security Specialty or Azure Security Engineer Associate (for cloud security controls). Technical Skills Expertise with SIEM, EDR, and SOAR platforms (e.g., Splunk, Sentinel, CrowdStrike, Defender). Strong command of network and infrastructure security tools (e.g., Fortinet, Palo Alto, Check Point). Proficiency with vulnerability management tools (e.g., Qualys, Nessus, Rapid7, Tenable). Familiarity with container orchestration and API security (Kubernetes, Docker). Working knowledge of infrastructure-as-code tools (Terraform, Ansible). Soft Skills & Attributes Strong analytical and decision-making skills under pressure. Excellent communication and stakeholder management abilities. Proactive and organized approach to security control execution and compliance. Collaborative and detail-oriented, capable of working closely with IT, DevOps, and Compliance teams (ref:hirist.tech)
Description : M365 Security & Compliance Architect Role Purpose Own the end-to-end implementation, hardening, and governance of Microsoft 365 E5 across Pay10 India, aligning to RBI requirements and relevant local regulations. Establish Zero-Trust controls, identity governance (PIM/PAM), information protection, and audit-ready compliance operations. Key Responsibilities Architecture & Rollout : Design the M365 E5 security architecture (Identity, Access, Devices, Data, Threat, Governance). Implement Entra ID P2, PIM/PAM, Conditional Access, MFA, SSPR, Break-glass strategy. Deploy Defender for Office 365, Defender for Endpoint, Defender for Cloud Apps (CASB/MCAS). Implement Purview : Information Protection (MIP sensitivity labels), DLP, Records/Retention. Intune device compliance, baselines, and app protection policies (Windows, macOS, iOS/Android). Compliance & Audit Map M365 controls to RBI IT Framework, DPDP Act 2023, ISO 27001, PCI-DSS. Configure Compliance Manager scorecards, assessments, evidence, and audit artifacts. Define data classification, legal holds, retention schedules, and cross-border data handling. Operations & Governance Build SOPs/runbooks : joiner-mover-leaver, incident response, PIM approvals, break-glass drills. Establish monitoring & reporting (KQL, Power BI, Graph API) for compliance and security posture. Conduct KT to internal admins; lead CAB/ISMS change processes; drive continuous improvement. Stakeholder & Vendor Management Collaborate with customers finalized vendor(s) for network security alignment and integrations. Manage regional rollouts; coordinate with legal/compliance for evidence packs and audits. Required Experience 4-5+ years hands-on with M365 E5 security & compliance at enterprise scale. Deep expertise in Entra ID P2 (PIM/PAM), Conditional Access, Defender suite, Purview (MIP/DLP/eDiscovery), Intune. Proven delivery in regulated financial services Strong understanding of RBI, DPDP 2023, ISO 27001, PCI-DSS. Success KPIs E5 controls implemented & validated (India) within agreed timeline. Compliance score uplift (Compliance Manager) and successful internal audit sign-off. MTTR for security incidents reduced; zero critical audit non-conformities. Successful replication to the first GCC region with documented SOPs and KT. (ref:hirist.tech)