We're hiring a GRC & Privacy Lead to own our compliance roadmap end-to-end, partner closely with engineering on cloud and application security, and be the face of security to our customers, auditors, and regulators. You'll build and mentor the GRC & Privacy team as the function scales.

We are the perfect match if you have…

• 10+ years in Information Security, with a strong focus on Governance, Risk, Compliance, Data Privacy, and Cloud Security.
• Deep, working knowledge of ISO 27001:2022, SOC 2 Type II, ISO 42001, ISO/IEC 27701, India's DPDPA, RBI regulations (e.g., V-CIP, outsourcing guidelines), and sector-specific requirements like SAR reporting and data localization.
• A solid understanding of cloud security — including the ability to contribute to cloud architecture reviews and offer security design recommendations across multi-cloud environments (AWS, GCP).
• Working fluency in application security, SIEM/SOC, VAPT, security & privacy by design, leveraging AI for security — enough to be a credible partner to Engineering.
• Strong privacy program exposure — DPIAs, consent management, data subject rights handling, breach notification, and privacy-by-design.
• Genuine comfort with client-facing security conversations — articulating controls, handling auditor scrutiny, and building trust with BFSI, fintech, and enterprise customers.
• Confidence reviewing MSAs, DPAs, RFPs, TPRM, DPIA, AI questionnaires, and aligning contractual obligations with internal security practices.
• The judgment to balance compliance rigor with business agility, and the ability to translate complex regulatory requirements into practical, actionable controls.
• A collaborative, cross-functional style, and experience building and mentoring a team.

Here's what your day would look like -

Lead GRC & own the compliance roadmap -

• Own our compliance roadmap across ISO 27001:2022, SOC 2 Type II, ISO 42001, ISO/IEC 27701, and DPDPA.
• Interpret new regulations and advisories — RBI circulars, BFSI-sector guidance, data localization, SAR/ CERT-In requirements — and drive timely program updates.
• Run internal risk assessments, policy governance, incident response readiness, BCP/DR governance, and the TPRM program end-to-end.
• Maintain an audit-ready posture year-round; lead external/ client audits, internal audits, and regulatory assessments.

Build client trust -

• Represent security in customer calls, audits, assessments, and RFPs — articulating our controls and compliance stance clearly to some of the most scrutinising buyers in BFSI and enterprise.
• Review and negotiate security and privacy clauses in client MSAs, DPAs, and vendor agreements, and respond to client TPRM & Security questionnaires.

Partner with engineering on cloud & application security -

• Provide governance oversight across cloud security posture, application security (SAST/DAST/SCA), VAPT, SIEM/SOC operations, and the use of AI for security.
• Contribute to architecture reviews and offer security design recommendations across our multi-cloud footprint.
• Champion cloud security, shift-left, secure-by-default, and privacy-by-design with Engineering and DevSecOps - making security the path of least resistance.

Lead the team & the conversation -

• Build, mentor, and grow the GRC & Privacy team.
• Regularly brief senior leadership and business units on compliance posture, top risks, and mitigation plans.
• Champion a culture where compliance enables business agility — not slows it down.