About AndPayments
AndPayments is building the next-generation payments stack for Indian businesses, and for businesses globally that need India-grade payments infrastructure. We operate across Payments, RegTech, B2B SaaS and Prepaid Instruments. These are not separate bets. They are a deliberate stack: compliance infrastructure that enables payment products that enable financial instruments, all built together rather than bolted together.
We move fast because we have to. We care deeply about compliance because we build on regulated infrastructure, and because we believe compliance done right is a competitive moat, not just a cost of doing business. We use AI as a primary operating layer, not as a productivity add-on. If you want to spend the next few years building something that will define how Indian businesses transact, and eventually how businesses transact globally, this is where you should be.
About the role
We are looking for an independent, integrity-driven Manager – Internal Compliance & Audit to build and run the internal audit and compliance testing function for our RBI-regulated fintech business. As a licensed Payment Aggregator (PA) and Prepaid Payment Instruments (PPI) operator, we are required to maintain robust internal controls and demonstrate to the RBI that our compliance framework is not only designed well but is actually operating effectively. You will be responsible for designing the internal audit programme, executing compliance reviews, and providing objective assurance to senior management and the Board.
What you'll do
Internal Audit Programme
- Design and own the annual Internal Audit Plan—risk-based and aligned with RBI requirements, covering payment operations, merchant onboarding, escrow management, KYC/AML, IT systems, and vendor management.
- Execute end-to-end internal audits: scoping, fieldwork, evidence collection, control testing, finding documentation, and management response tracking.
- Produce clear, evidence-backed audit reports with actionable recommendations; present findings to senior management and the Audit Committee.
- Track audit findings through to remediation; conduct follow-up reviews to verify that agreed management actions have been implemented effectively.
Compliance Testing & Monitoring
- Design and execute a compliance testing programme to verify that the organisation's policies, procedures, and controls are operating in line with RBI, NPCI, and internal policy requirements.
- Conduct thematic compliance reviews—KYC/AML process testing, settlement timeline compliance, grievance redressal TAT adherence, data handling controls, and merchant onboarding quality.
- Maintain a compliance deficiency log; track deficiencies, root causes, and remediation plans to closure.
Regulatory Examination Support
- Lead preparation for RBI onsite and offsite inspections—coordinating documentation requests, managing examiner interactions, and ensuring the organisation presents a complete and accurate picture of its compliance posture.
- Maintain an examination readiness tracker; ensure all regulatory returns, policy documents, and operational evidence are current and accessible.
- Coordinate with the Regulatory Compliance team on post-examination action plans and commitment fulfilment.
IS Audit & PCI-DSS
- Coordinate and support the annual IS (Information Systems) Audit as required by RBI; manage the external IS auditor relationship and ensure findings are addressed promptly.
- Track PCI-DSS compliance status; coordinate with the Technology team for scoping, gap remediation, and QSA assessment.
Governance & Reporting
- Prepare quarterly internal audit and compliance testing summaries for the Board Audit Committee.
- Maintain an audit universe and ensure coverage of all key risk areas on a rolling basis.
- Benchmark internal control frameworks against industry standards (ISO 27001, SOC 2, COSO) and identify improvement opportunities.
What we're looking for
- CA, CS, LLB, or Master's degree in Finance/Commerce; CIA (Certified Internal Auditor) or CISA certification is strongly preferred.
- 5–8 years of experience in internal audit, compliance testing, or external audit with a focus on fintech, payments, or financial services.
- Strong knowledge of RBI PA/PPI compliance requirements, KYC/AML norms, and PMLA obligations from an audit perspective.
- Hands-on experience designing and executing risk-based audit programmes and control testing frameworks.
- Experience supporting RBI inspections or statutory/IS audits; familiarity with examiner expectations and audit evidence standards.
- Excellent report writing skills—ability to produce concise, evidence-supported audit reports for senior and Board audiences.
- High personal integrity, independence of judgment, and the professional confidence to raise findings with senior management.
Nice to have
- CIA (Certified Internal Auditor) or CISA (Certified Information Systems Auditor) qualification.
- Prior experience managing PCI-DSS QSA assessments or IS audits for a payment company.
- Familiarity with data analytics tools for audit (ACL, IDEA, Python-based sampling, or SQL).
- Experience working with the Audit Committee of a Board in a regulated financial services entity.