Senior Consultant

About the Job

Who we are and what do we do

India has witnessed a journey of Innovation in Digital Payments and today it leads the world with over 45% of the Global digital transaction volume. At NPST, we believe that our decade long journey has carved an opportunity for building future roadmap for the world to follow.

We are determined to contribute immensely to nation’s growth story with our vision “to provide digital technology across financial value chain” and our mission to create leadership position in digital payment space.

Founded in 2013, NPST is a leading fintech firm in India, part of the Make in India initiative and listed on BSE and National Stock Exchange. We specialize in Digital Payments operating as Technology Service Provider to Regulated entities and providing Payment Platform to Industry – empowered by payment processing engine, Financial Super app, Risk Intelligence engine and digital merchant solution.

While we drive 3% of global digital transaction volume for over 100+ clients, we aim to increase our market share by 5X in next five years through innovation and industry first initiatives.

What will you do

This role directly supports NPST’s vision of delivering secure, scalable, and trusted digital payment solutions by translating security governance and regulatory requirements into practical, technically embedded controls across platforms and engineering workflows.

Job Responsibilities:

Security Governance & Control Design

• Support the development, maintenance, and refinement of enterprise-wide information security policies, standards, and control objectives.

• Translate high-level policies into technically prescriptive, measurable, and auditable security controls.

• Align governance artifacts with RBI, NPCI, SEBI guidelines, and security frameworks such as ISO 27001, NIST, SOC 2, PCI DSS, and FedRAMP.

• Ensure policies and standards remain current, practical, and risk-aligned.

IT Risk Management

• Perform technical risk assessments across infrastructure, networks, applications, cloud platforms, and data.

• Identify control gaps, assess risk impact and likelihood, and recommend risk treatment options.

• Track remediation activities and monitor residual risk.

• Update risk assessments to reflect changes in systems, threats, and regulatory expectations.

Compliance & Regulatory Management

• Support compliance with RBI, NPCI, SEBI, and other applicable regulatory requirements.

• Conduct internal compliance assessments and readiness reviews for ISO 27001, PCI DSS, SOC 2, and NIST-aligned controls.

• Assist in updating security policies and standards based on regulatory or framework changes.

• Support education and awareness on compliance requirements across technical teams.

Internal & External Audit Support

• Act as a key contributor for internal audits, external audits, and regulatory inspections.

• Support audit walkthroughs, evidence collection, and responses to auditor queries.

• Perform pre-audit technical assurance reviews to identify gaps before formal audits.

• Track audit observations, support remediation plans, and monitor closure of findings.

Security Awareness & Enablement

• Support the design and execution of security awareness and policy education programs.

• Conduct training sessions, workshops, and phishing simulations as required.

• Measure effectiveness of awareness initiatives using metrics, assessments, and incident trends.

Metrics, KPI & Reporting

• Define and track KPIs and KRIs for governance, risk, compliance, and audit activities.

• Utilize GRC tools and dashboards to provide visibility into control implementation and effectiveness.

• Prepare concise security and risk reports for senior stakeholders.

• Use metrics and findings to drive continuous improvement.

What are we looking for:

• Strong experience in information security governance, risk, and compliance (GRC).

• In-depth knowledge of RBI & NPCI guidelines, ISO 27001, NIST, PCI DSS, and related standards.

• Ability to translate governance requirements into engineering-ready, technically actionable controls.

• Proven experience supporting internal and external audits in regulated environments.

• Strong written and verbal communication skills.

• Ability to engage effectively with engineering, audit, and business stakeholders.

• Detail-oriented, analytical, and well-organized.

• Proactive, ownership-driven mindset with a consultative approach.

• Collaborative team player with strong influencing skills.

Experience – 6 to 10 years

Certifications- CISM, ISO 27001LA

Industry - IT/Software/BFSI/ Banking /Fintech

Work arrangement – 5 days working from office

Location – Bangalore/ Noida

What do we offer:

• An organization where we strongly believe in one organization, one goal.
• A fun workplace which compels us to challenge ourselves and aim higher.
• A team that strongly believes in collaboration and celebrating success together.
• Benefits that resonate ‘We Care’.

If this opportunity excites you, we invite you to apply and contribute to our success story. If your resume is shortlisted, you will hear back from us.