Data Compliance and Security Lead

IDfy is Asia’s leading TrustStack, trusted by the best, with global expertise and enterprise-grade tech, we’re solving trust challenges, making compliance easy, fraud detection smarter, and onboarding seamless.Our clients include HDFC Bank, Zomato, Amazon, PhonePe, Paytm, HUL and many others. With more than 13+ years of experience and 2 million verifications per day, we are pioneers in this industry.IDfy’s three platforms- OnboardIQ, OneRisk, and Privy - come together to form one seamless solution enabling trust.Onboard IQAn onboarding platform that accelerates growth with frictionless omni-channel onboarding, while mitigating fraud and improving quality of account.OneRiskA fraud and risk management platform to mitigate financial, legal, and reputational risks and avoid losses with proactive fraud prevention. It covers individual risk, entity risk, and asset risk.PrivyA privacy and data governance platform to ensure DPDPA compliance through trust and privacy governance suite and avoid monetary and reputational loss.We are the perfect match if you...- Have 10+ years of experience in Information Security, with a strong focus on Governance, Risk, Compliance, and Data Privacy. - Are well-versed with frameworks and regulations such as ISO 27001:2022, SOC 2 Type II, India's DPDPA, RBI regulations (e.g. V-CIP), and sector-specific compliance requirements like SAR and data localization. - Enjoy building trust with customers by clearly articulating security controls, data handling practices, and participating in customer audits. - Are confident reviewing client MSAs, handling TPRM requests, and aligning contractual obligations with internal security practices. - Have a solid understanding of cloud security fundamentals and how compliance controls are mapped in cloud environments. - Know how to balance compliance needs with business agility, and can translate complex regulatory requirements into practical, actionable controls. - Thrive in cross-functional environments, working closely with internal teams (Legal, Product, Engineering, etc.) to get things done.-Here’s what your day would look like...- Lead the GRC function and own our compliance roadmap (ISO, SOC 2, etc.). - Interpret new regulations (e.g. DPDPA, RBI advisories) and drive necessary security and privacy program updates. - Represent security in customer calls, audits, and RFPs helping build client trust and confidence. - Own internal risk assessments, policy governance, and third-party risk management workflows. - Review and negotiate security-related clauses in customer contracts and vendor agreements. - Work with internal teams to ensure controls are implemented, monitored, and improved over time. - Collaborate with engineering, cloud, and DevSecOps teams to ensure security solutions align with compliance goals. - Regularly update senior leadership and business units on compliance posture, risks, and mitigation plans.Technical Skills- Deep understanding of security frameworks: ISO 27001:2022, SOC 2 Type II, DPDPA, SAR, RBI circulars (esp. for financial services), and data localization norms. - Familiarity with privacy impact assessments, DPIAs, and data retention practices. - Hands-on experience with internal audits, policy development, and third-party risk management. - Understanding of modern cloud architectures and associated compliance controls (GCP, AWS, Azure). - Exposure to security tools (SIEM, DLP, WAF2, GRC platforms, etc.) and how they support audit/compliance needs. - Ability to interpret MSA/contractual security clauses and align them with internal controls.-Soft Skills- Strong communication skills able to simplify complex security and compliance topics for non-technical stakeholders. - Confident in customer-facing discussions and audits; builds trust through clear and honest dialogue. - Comfortable working cross-functionally and influencing without authority. - Detail-oriented, organized, and able to manage multiple priorities in a fast-paced environment. - Collaborative mindset with a bias toward problem-solving and execution.