Compliance and Risk Manager

Description: Compliance & Risk Manager – Bangalore

SmartStream Technologies · Full-time · Bangalore, India

Reporting to the Global Head of Risk & Compliance, the Compliance & Risk Manager is responsible for maintaining, improving and updating the group's compliance and risk-management framework across SmartStream's managed services, SaaS and product delivery organisations. The role monitors regulatory and client compliance obligations, oversees control design and testing, and partners with business, technology and operations teams to identify, assess and mitigate risks. The Manager acts as a delegate of the Global Head of Risk & Compliance in his/her absence, representing the function in internal governance forums and with clients, regulators and external auditors.

Job Responsibilities

• Maintain, continuously improve and update the enterprise compliance framework, control library, Enterprise Risk Register and supporting policies and procedures, in line with industry best practice.
• Maintain a master control list with clearly written failure points, key controls and testing procedures that effectively address compliance, operational and technology risks.
• Conduct periodic compliance and control assessments across business units, managed services and product delivery; document findings and drive remediation to closure.
• Ownership of SmartStream's Attestation program - undertake risk assessments, gap analysis and control mapping against regulatory and client obligations (DORA, SOC 1/2/3, ISO 27001, ISO 22301, C5, PCI-DSS, GDPR, ANZ/APAC regulations).
• Maintain and improve governance dashboards and management reporting; maintain and improve governance cadence to drive closure of open findings, actions and incidents.
• Prepare and present compliance and risk updates at executive and client governance forums.
• Act as the primary interface between internal teams, internal audit, external auditors and clients; compile and prepare supporting artefacts and evidence.
• Respond to customer RFPs, RFIs and due-diligence questionnaires on compliance, risk and control posture.
• Conduct contract reviews for compliance, risk and regulatory obligations; partner with procurement on the third-party risk management programme.
• Engage with broader operations and technology teams to identify process gaps and design controls to mitigate and monitor them.
• Perform ad-hoc audit and risk projects in response to emerging risks, regulatory changes and management requests.
• Deputise for the Global Head of Risk & Compliance in internal forums and client meetings as required.

Key Skills

• Very strong knowledge of financial industry attestations, including at least 3 of the 5 SmartStream attestations: SOC 1/2/3, ISO 27001, ISO 22301, C5, PCI-DSS, plus DORA, GDPR, and ANZ/APAC regulations.
• Very strong background in compliance audit, control design, gap and risk assessment, and mitigation planning.
• Deep experience of operating a GRC framework and control-testing cycle in a regulated financial-services or fintech environment.
• Excellent stakeholder engagement with proven ability to communicate effectively at all levels, including executive and client forums.
• Strong written and verbal communication; able to produce executive-quality compliance and risk decks.
• Advanced MS Excel (pivots, lookups, large data sets) and strong PowerPoint skills for governance reporting.
• Analytical with solid problem-solving skills; able to identify hot spots, assess impact and propose tactical and strategic controls.
• Ability to multi-task, prioritise and deliver in a rapidly changing environment with tight deadlines.
• Client focus, priority setting, integrity and trust; self-starter with a strong sense of accountability.
• Experience working with or delegating for a senior risk/compliance leader.

Technical competencies

• Cyber risk concepts: inherent vs residual risk, risk appetite, control effectiveness, treatment options.
• Control frameworks: ISO 27001 Annex A, NIST CSF/800-53 concepts, CIS Controls mapping.
• Control testing: design vs operating effectiveness, sampling, evidence quality, issue grading.
• Core domains familiarity: IAM, network, endpoint, logging/SIEM, vulnerability management, backup/DR, change management.
• Third-party assurance: due diligence questionnaires, interpreting SOC 2 Type II and certifications, contract security requirements.
• Metrics & reporting: control maturity scoring, audit issue aging, risk heatmaps, KRIs/KPIs.
• Documentation discipline: policies, standards, procedures, exception registers, audit trails.

Desired Skills

• Compliance certification from a reputed organisation or university (e.g., CAMS, ICA, CCEP).
• Risk/audit certifications such as CISA, CRISC, CIA or CISM.
• Prior experience in post-trade, payments, capital markets, treasury or fund-services fintech.
• Agile / project-management experience.
• Flexibility to work global hours with limited in-country travel.

Experience

• 10+ years of total experience with a focus on compliance, risk assessment, controls and audit in financial services, fintech or a regulated BPM environment.
• Proven track record of designing and operating compliance frameworks and control libraries.
• 3+ years leading a compliance/risk workstream, squad or small team.
• Hands-on experience in compliance assessments, internal audits, client due-diligence and regulatory reporting.
• Experience partnering with technology, operations and product teams to embed controls into business processes.
• Knowledge of IT general controls, SDLC and third-party risk management is an advantage.

Qualifications

• Minimum 15 years of regular, full-time education (10 + 2 + 3).
• Graduate or post-graduate in Engineering or Finance (BE, B.Tech, M.Tech, MBA Finance and Systems).
• CISA, CISM, CISSP qualified is preferred.
• Preferred compliance or risk certification from a reputed organisation or university.

Other Requirements

• Flexibility to work global hours aligned to UK, EU, US and ANZ client operating windows, with limited international travel.
• Positive attitude, professional demeanour and ability to uphold the independence of the compliance and risk function.