All roles
Compliance

Manager – Enterprise Risk Management (ERM)

NoidaFull-TimeOnsite

About AndPayments

AndPayments is building the next-generation payments stack for Indian businesses, and for businesses globally that need India-grade payments infrastructure. We operate across Payments, RegTech, B2B SaaS and Prepaid Instruments. These are not separate bets. They are a deliberate stack: compliance infrastructure that enables payment products that enable financial instruments, all built together rather than bolted together.

We move fast because we have to. We care deeply about compliance because we build on regulated infrastructure, and because we believe compliance done right is a competitive moat, not just a cost of doing business. We use AI as a primary operating layer, not as a productivity add-on. If you want to spend the next few years building something that will define how Indian businesses transact, and eventually how businesses transact globally, this is where you should be.

About the role

We are looking for a rigorous and forward-looking Manager – Enterprise Risk Management (ERM) to build and operationalise the risk management framework for our RBI-regulated fintech business. As a licensed Payment Aggregator (PA) and Prepaid Payment Instruments (PPI) operator, we are required to maintain robust risk governance structures across financial, operational, technology, and compliance risk dimensions. You will own the ERM lifecycle—from risk identification and assessment to treatment, monitoring, and Board reporting—ensuring that risk management is embedded in how we make decisions and operate at scale.

What you'll do

ERM Framework & Risk Governance

  • Design, implement, and continuously improve the Enterprise Risk Management framework—encompassing risk appetite statement, risk categories, assessment methodology, and treatment protocols.
  • Maintain the organisational risk register, ensuring risks are identified, assessed, owned, and tracked to resolution across all functions.
  • Facilitate periodic enterprise risk assessments with functional heads; challenge risk owners to provide realistic assessments and credible mitigation plans.
  • Prepare risk reports and dashboards for senior management and the Board Risk Committee, including Key Risk Indicators (KRIs) and emerging risk flags.

Operational & Technology Risk

  • Assess and monitor operational risks across payment processing, merchant operations, escrow management, and customer support—including process failures, vendor dependencies, and single points of failure.
  • Own the Business Continuity Plan (BCP) and Disaster Recovery (DR) programme; ensure plans are tested, updated, and aligned with RBI requirements for critical payment infrastructure.
  • Work with the Technology team to assess IT and cybersecurity risks, including third-party/vendor risk assessments and cloud risk considerations.

Financial & Credit Risk

  • Monitor financial risks including merchant credit risk, settlement exposure, liquidity risk in escrow operations, and concentration risk in the merchant portfolio.
  • Define and maintain merchant risk scoring models, settlement hold policies, and rolling reserve frameworks in coordination with the Merchant Operations and Finance teams.
  • Track and report financial risk indicators—chargeback rates, merchant insolvency risks, and high-value settlement exposures.

Compliance & Regulatory Risk

  • Maintain a regulatory risk register mapping RBI/NPCI requirements to internal controls; flag gaps and track remediation.
  • Coordinate with the Regulatory Compliance Manager to ensure risk assessments support the compliance policy framework and licence condition monitoring.
  • Support preparation for RBI risk-based supervision assessments and internal risk audits.

Risk Culture & Training

  • Champion a risk-aware culture across the organisation through training, communication, and embedding risk thinking in key business processes.
  • Define and maintain a risk incident reporting framework—ensuring near-misses, operational failures, and control breaches are reported, investigated, and learned from.

What we're looking for

  • Bachelor's or Master's degree in Finance, Economics, Business Administration, or a related field; FRM, CFA, CA, or PRM certification is strongly preferred.
  • 6–9 years of experience in enterprise risk management, operational risk, or financial risk at a payment company, bank, NBFC, or financial services firm.
  • Understanding of RBI's risk management guidelines for payment system operators, including BCP/DR requirements and operational risk frameworks.
  • Experience building or managing risk registers, risk appetite frameworks, and Board-level risk reporting.
  • Strong quantitative and analytical skills for risk modelling, KRI design, and scenario analysis.
  • Ability to engage credibly with senior leadership and the Board on risk topics.
  • Knowledge of ISO 31000, COSO ERM, or equivalent risk management frameworks.

Nice to have

  • Prior experience implementing ERM at a PA, PPI, or other RBI-regulated entity.
  • Familiarity with cyber risk frameworks (NIST, ISO 27001) and how they integrate with enterprise risk management.
  • Exposure to Basel risk management concepts as applied in a non-banking financial context.
  • Experience with GRC platforms (e.g. MetricStream, Riskonnect, LogicGate, or similar).
Apply