PAY10 - Security Compliance Manager - PIM/PAM

Description :

Role Purpose

• Own the end-to-end implementation, hardening, and governance of Microsoft 365 E5 across Pay10 India, aligning to RBI requirements and relevant local regulations.
• Establish Zero-Trust controls, identity governance (PIM/PAM), information protection, and audit-ready compliance operations.
  

Key Responsibilities

Architecture & Rollout :

• Design the M365 E5 security architecture (Identity, Access, Devices, Data, Threat, Governance).
• Implement Entra ID P2, PIM/PAM, Conditional Access, MFA, SSPR, Break-glass strategy.
• Deploy Defender for Office 365, Defender for Endpoint, Defender for Cloud Apps (CASB/MCAS).
• Implement Purview : Information Protection (MIP sensitivity labels), DLP, Records/Retention.
• Intune device compliance, baselines, and app protection policies (Windows, macOS, iOS/Android).
  

Compliance & Audit

• Map M365 controls to RBI IT Framework, DPDP Act 2023, ISO 27001, PCI-DSS.
• Configure Compliance Manager scorecards, assessments, evidence, and audit artifacts.
• Define data classification, legal holds, retention schedules, and cross-border data handling.
  

Operations & Governance

• Build SOPs/runbooks : joiner-mover-leaver, incident response, PIM approvals, break-glass drills.
• Establish monitoring & reporting (KQL, Power BI, Graph API) for compliance and security posture.
• Conduct KT to internal admins; lead CAB/ISMS change processes; drive continuous improvement.
  

Stakeholder & Vendor Management

• Collaborate with customers finalized vendor(s) for network security alignment and integrations.
• Manage regional rollouts; coordinate with legal/compliance for evidence packs and audits.
  

Required Experience

• 4-5+ years hands-on with M365 E5 security & compliance at enterprise scale.
• Deep expertise in Entra ID P2 (PIM/PAM), Conditional Access, Defender suite, Purview (MIP/DLP/eDiscovery), Intune.
• Proven delivery in regulated financial services Strong understanding of RBI, DPDP 2023, ISO 27001, PCI-DSS.
  

Success KPIs

• E5 controls implemented & validated (India) within agreed timeline.
• Compliance score uplift (Compliance Manager) and successful internal audit sign-off.
• MTTR for security incidents reduced; zero critical audit non-conformities.
• Successful replication to the first GCC region with documented SOPs and KT.