Senior Associate Audit & InfoSec(DT_765)

Associate Audit and Infosec

2 to 4 years of work experience Bangalore

Setu is working to reimagine financial products for the next billion users.

How do you put a dent in India s economy when most of her population cannot afford insurance, credit, investments, etc. through the formal channels that you and I take for grantedOur auto-wallas cannot use Cred, our security guards cannot use Zerodha. There are several examples you get the idea.

How can we enable them to get on such platforms

By reducing the cost of distribution. If we break down financial products such as loans, insurance and investments into their fundamental building blocks, and offer them as APIs to businesses, they then package these APIs into highly custom apps, tailor-made for their specific customers, instead of a generic one-size-for-all approach that is the norm today.

This also enables them to go live with a fintech product or service in a matter of days, not months.

We believe that fintech will be a core part of every company s offering. And at Setu, we re building the

fintech infrastructure that will accelerate this.

More about Setu

Setu is an acquired entity of Pine Labs, one of the fastest growing fintech companies in India and rapidly expanding its footprint in Asia, UAE, and the US. At Pine Labs, we re looking for those who share our core belief Every Day is Game Day . We bring our best selves to work each day to realise our mission of enriching the world through the power of digital commerce and financial services. Know more about Pine Labs here.

We are seeking a dedicated and skilled Associate Audit and Infosec. At Setu, we believe that every company can become a fintech company.

Financial services is a highly regulated sector, which means our mission of being a bridge between regulated financial institutions (who we refer to as asset partners) and fast-growing technology companies (who we refer to as developers) comes with a significant set of responsibilities, including in the areas of audit and compliance. We aim to make the

infrastructure of our asset partners easily available to third-party developers, so they can easily build innovative new financial products and services.

As a result, our asset partners (including some of India s largest private and public sector banks) have very high expectations when it comes to a partner like us, who have direct access to their technical infrastructure. This includes vendor audits and certifications at the start of a relationship, as well as continuing audits that happen on a set schedule. Any breach or compromise of our systems would cause serious business, reputational, and legal repercussions. All of this means that we take audits extremely seriously. At present, we have an ISO 27001 certification, and are compliant with the data localisation requirements, and intend to build on this base to complete more relevant certifications.

Your role will require you to work with the Audit & Compliance Team, and, along with them, be the guardian of Setu s reputation as a dependable and responsible player in the eyes of our asset partners and regulators. You will help manage this while making sure the compliance requirements are not being a deterrent for the other teams in the organisation.

This role reports to the Audit & Compliance Head, and your key objective will be to ensure that Setu s technical systems are secure from malicious actors and that we achieve and maintain the gold standard in audit and preparedness. You ll spend your time working on the below

In this role, you ll spend your time

• Implement, maintain, and improve a best-in-class information security, risk & compliance management framework.

• This will cover Setu at both the company and individual product level - spanning across internal infrastructure and customer-facing elements.

• Help in managing and improving Setu s security, compliance, assessment, and penetration testing programs.

• Establish, in consultation with management, the level of risk Setu is willing to take in the normal course of business and ensure these are not breached.

• Work with your colleagues in Engineering, Customer Success, and elsewhere to improve security compliance and reduce risks.

• Review and update security policies and standards regularly to keep pace with new threats and changing industry practices based on security and compliance requirements.

• Monitor internal and external security advisories that impact security, risk, and compliance requirements.

• Plan, prepare for, and conduct process led internal, external, and vendor audits.
  

• Work with our partners (including asset partners) to efficiently complete vendor audits and other external audits required for a partnership to go live.

• Ensure that Setu achieves and maintains relevant certifications such as ISO 27001:2022, SOC2 Type 2, Data localisation and other relevant certifications, and proactively recommend and plan for new certifications/ audits that will be helpful for Setu from a business and technical perspective.

• Coordinate regular internal system and network audits, reviews, and tests to verify compliance with security policies and standards.

To excel in this role you will need

• You ve done this before: Minimum 2-4 years of prior experience in managing all aspects of audit and compliance outlined above, at a fintech or a regulated financial institution. You should have specific experience with frameworks and audits such as ISO 27001:2022, SOC, ReBIT, SOX and PCI DSS, and have completed bank/financial institution vendor and technical audits in the past.

• You are both patient and detail-oriented: Errors lead to rework, which can lead to a loss of time, effort, and capital. You will be the last line of defence. Once the audit and compliance team approves something, that means it s bulletproof. At the same time, we work with large financial institutions that may have legacy infrastructure and a lot of bureaucracy. You will have to be patient in dealing with stakeholders, and smart in how you manage timelines and expectations.

• Process is your religion: You live and breathe processes. You re the type of person who enjoys thinking of and implementing processes that can streamline complex and intricate handovers.

• You understand how to bring accountability into your processes: Checklists, TATs, and sanity checks. You are obsessed with creating accountability in your processes. Any exception, no matter how small, must be dealt with systematically.

• You know the tools of the trade: You are well versed in the prevalent tools that are used in this domain.

• You value intelligent automation: Since throwing bodies at the problem is not an option.

We will spare no efforts to ensure that Setu empowers you to do the most important and impactful work of your career

• Opportunity to work closely with the founding team who built and scaled public infrastructure such as UPI, GST, Aadhaar, etc.

• We care deeply about your growth. So we work hard to provide you with

• A fully stocked library and unlimited book budget.

• Tickets to conferences and industry events.
  

• Learning sessions where we invite both team members and external experts to teach you something new.

• Learning and development allowance that gives access to subscriptions, courses, certifications, music classes, and much more. Grow, learn, and improve with Setu!

• Kick-ass benefits including comprehensive health insurance for you and your family,

personal accident and term life insurance, access to mental health counsellors, extraordinary coffee, and a beautiful office with lots of solid wood and natural light.

• We work hard to make sure our team is diverse and varied. We interview and hire purely on merit, skill, and competence everything else is irrelevant.

Our culture code How We Move, defines the behaviours we expect from our people. When you display any of the six culture code elements, you demonstrate Every Day is Game Day . The six elements of our culture code

• Take the shot: You decide fast and deliver right.

• Sign your work like an artist: You master what you do and take pride in it.

• Be the sherpa: You lead your crew on every expedition.

• Be the CEO of what you do: You own it and make things happen.

• Care with tough love: You empower others with trust, respect, and openness.

• Own tomorrow: You innovate for the customer and beyond.

Join us if you want to be part of a company that s building infrastructure that will directly impact financial inclusion and improve millions of lives. No cashbacks, no growth-hacks, no gimmicks. Just an audacious mission, and an obsession with craftsmanship in code.