Job description: Lead the design process from concept to implementation, including ideation, wireframing, prototyping, and visual design. Develop user flows, journey maps, and interactive prototypes to effectively communicate design concepts and functionality. Conduct user research, usability testing, and gather feedback to inform design decisions and iterate on designs. Collaborate with product managers and engineers to translate business requirements and technical constraints into elegant and intuitive designs. Create high-fidelity mock-ups, UI designs, and design specifications that adhere to brand guidelines and design best practices. Work closely with developers during the implementation phase to ensure design integrity and provide support as needed. Stay up-to-date with industry trends, design tools, and emerging technologies to continuously improve our design process and deliverables.
Job description: 1. Security Operations & Monitoring: Lead Security Operations Centre (SOC) activities, ensuring proactive detection, investigation, and response to security incidents. Monitor and correlate events using SIEM platforms (e.g., Splunk, Sentinel, QRadar). Conduct incident triage, root cause analysis, and coordinate timely containment and recovery. Ensure adherence to RBIs cyber incident reporting timelines (e.g., within 26 hours for major incidents). Maintain incident management workflows and escalation processes in line with RBI standards. Collaborate with Managed Security Service Providers (MSSPs) for continuous monitoring and log management. 2. Network & Infrastructure Security: Design, configure, and manage secure network architecture including firewalls, VPNs, WAF, IDS/IPS, and segmentation. Ensure compliance with RBI-prescribed controls on hardening, patching, and security logging for payment systems. Perform infrastructure vulnerability assessments and oversee timely patch management. Maintain network topology, baseline configurations, and documentation for audit readiness. Ensure all regulated data (cardholder, transaction, and PII) is stored, processed, and maintained only in data centers located in India, in compliance with RBI data localization mandates. 3. Cloud & Application Security: Oversee implementation of cloud security controls (CSPM, CWPP, IAM policies) for Pay10's AWS, Azure, or hybrid environments. Partner with DevOps to embed DevSecOps practices, including automated code reviews, SAST/DAST scanning, and secure CI/CD pipelines. Conduct application security reviews and validate controls aligned to OWASP Top 10 and PCI DSS 4.0. Secure APIs and integrations used in payment processing and fintech applications. Review application security configurations for compliance with RBI and PCI-DSS encryption and key management requirements. 4. Threat & Vulnerability Management: Lead the end-to-end vulnerability management program, ensuring prompt detection, prioritization, and remediation. Conduct periodic vulnerability scans, penetration testing, and red team assessments as required by RBI. Maintain a central vulnerability register and track closure with IT, DevOps, and business teams. Establish patch governance framework and periodic reporting to the CISO office. Integrate threat intelligence sources to anticipate and mitigate emerging risks. 5. Access Control & Identity Management: Define and enforce Identity and Access Management (IAM) and Privileged Access Management (PAM) policies. Implement least-privilege principles, multi-factor authentication (MFA), and SSO across all systems. Conduct quarterly access reviews and entitlement audits to ensure compliance with RBI's access control guidelines. Maintain logs and reports for all privileged account activities as part of RBI's audit trail requirements. 6. Compliance, Audit & Risk Management: Ensure compliance with: RBI Cyber Security Framework for Payment System Operators RBI Master Direction on IT Governance, Risk, Controls & Assurance Practices PCI DSS, ISO 27001, and SOC 2 frameworks Coordinate internal and external IT and cybersecurity audits. Prepare and submit quarterly and annual IT & Cyber Risk reports to the CISO and Compliance Committee. Support banking partner and regulator-driven audits with evidence, control documentation, and remediation tracking. Maintain an up-to-date Information Security Risk Register and report risk status to management. Conduct vendor risk assessments and due diligence before onboarding third-party service providers, ensuring alignment with RBI's Third-Party Risk Management Guidelines. 7. Incident Response & Business Continuity Maintain the Incident Response Plan (IRP) and ensure regular testing and updates. Conduct incident simulations and tabletop exercises for critical applications. Lead post-incident reviews and document lessons learned and preventive measures. Ensure Business Continuity (BCP) and Disaster Recovery (DR) drills are conducted periodically, meeting RTO/RPO objectives. Document and maintain all DR test results for submission during RBI or partner bank audits. 8. Awareness, Documentation & Reporting: Conduct security awareness and phishing simulation programs for Pay10 employees. Maintain detailed documentation for: Incident response Risk registers Vulnerability remediation Audit evidence and compliance matrices Develop and present cybersecurity posture dashboards and KPI reports for the CISO and management. Conduct secure coding workshops and sessions for development and operations teams.
Job Description: Own the end-to-end implementation, hardening, and governance of Microsoft 365 E5 across Pay10 India , aligning to RBI requirements and relevant local regulations. Establish Zero-Trust controls, identity governance (PIM/PAM), information protection, and audit-ready compliance operations. Key Responsibilities Architecture & Rollout Design the M365 E5 security architecture (Identity, Access, Devices, Data, Threat, Governance). ImplementEntra ID P2,PIM/PAM,Conditional Access,MFA,SSPR,Break-glassstrategy. DeployDefender for Office 365, Defender for Endpoint, Defender for Cloud Apps (CASB/MCAS). ImplementPurview: Information Protection (MIP sensitivity labels),DLP,Records/Retention. Intune device compliance, baselines, and app protection policies (Windows, macOS, iOS/Android). Compliance & Audit Map M365 controls toRBI IT Framework, DPDP Act 2023, ISO 27001, PCI-DSS ConfigureCompliance Managerscorecards, assessments, evidence, and audit artifacts. Definedata classification, legal holds, retention schedules, and cross-border data handling. Operations & Governance Build SOPs/runbooks: joiner-mover-leaver, incident response, PIM approvals, break-glass drills. Establishmonitoring & reporting(KQL, Power BI, Graph API) for compliance and security posture. Conduct KT to internal admins; lead CAB/ISMS change processes; drive continuous improvement. Stakeholder & Vendor Management Collaborate with customers finalized vendor(s) for network security alignment and integrations. Manage regional rollouts; coordinate with legal/compliance for evidence packs and audits. Required Experience: 4-5+ years hands-on withM365 E5security & compliance at enterprise scale. Deep expertise inEntra ID P2 (PIM/PAM), Conditional Access, Defender suite, Purview (MIP/DLP/eDiscovery), Intune. Proven delivery inregulated financial services(banks/NBFC/fintech/payments). Strong understanding ofRBI,DPDP 2023,ISO 27001,PCI-DSS
Job description: At Pay10 we are Hiring 4 years java developer, should have below expertise. Java 8 + Tomcat 10+ Angular Spring boot MongoDB Linux basics Immediate Joiner required Employment Type: Full Time, Permanent Role Category: Technology / IT Education UG: B.Tech/B.E. in Any Specialization
Job description: Strategic Leadership: Develop and implement the enterprise-wide information security strategy, policies, and frameworks. Provide thought leadership on emerging cyber risks, threats, and technologies. Establish an enterprise security architecture aligned with business objectives. Represent information security at executive leadership meetings and board-level discussions. Governance, Risk & Compliance (GRC): Ensure compliance with relevant regulations, standards, and frameworks (e.g., ISO 27001, NIST CSF, GDPR, PCI DSS). Lead risk assessments, security audits, and penetration testing programs. Develop incident response, disaster recovery, and business continuity plans. Oversee vendor risk management and third-party security due diligence. Leadership & People Management: Build and lead a high-performing information security team, including SOC analysts, security engineers, and risk specialists. Define roles, responsibilities, and career development paths within the security function. Foster a culture of security awareness across the organization through training and communication. Collaborate with IT, Legal, Compliance, and Risk teams to integrate security into all business processes. DevSecOps & Application Security: Integrated security into CI/CD pipelines with automated tools: SSO SAST (e.g., SonarQube) DAST (e.g., OWASP ZAP) Dependency scanning (e.g., Snyk) Conducting secure code reviews, threat modelling, and application pen tests. Leding developer security awareness programs and secure coding bootcamps. Threat Intelligence & Vulnerability Management: Set up continuous vulnerability management workflows using the relevant VM tools. Consumed and actioned threat intelligence feeds (CTI) to proactively defend against APTs and fraud campaigns. Correlating TI with internal telemetry to identify emerging threats specific to fintech and digital banking. Data Protection & Privacy: Implemented technical and organizational measures (TOMs) for India DPDP compliance. Overseeing DLP, data classification, and encryption policies across Pay10 cloud environment. Preparing to conduct DPIAs and privacy-by-design assessments for new fintech products. Initiation of RoPA activities to document all records with Pay10 environment. Stakeholder & External Engagement: Serve as the primary point of contact for regulators, auditors, and external security partners. Engage with business leaders to balance security requirements with operational needs. Build strong relationships with law enforcement, cybersecurity forums, and industry associations. Incident Response & Business Continuity: Own the Incident Response Plan (IRP) and ensure proper training, testing, and refinement. Lead investigations into data breaches or security incidents and coordinate responses. Support business continuity and disaster recovery (BC/DR) planning and exercises.