Lead Compliance Engineer

The Role

As the Lead Compliance Engineer (Privacy Specialist), you will be at the forefront of our privacy compliance efforts. Your responsibilities will include conducting privacy impact assessments, advising on data handling practices, and leading audits to ensure adherence to DPDPA, GDPR, and other relevant privacy frameworks. You will work closely with legal, product, engineering, and business teams to embed a "privacy-by-design" and "privacy-by-default" approach throughout the organization. You will also be responsible for creating and refining our privacy manual, policies and processes.

Key Responsibilities

Privacy & Data Protection Expertise:

- Global & Indian Privacy Frameworks: Demonstrate an exceptional level of expertise in DPDPA and GDPR. Apply your deep understanding of these regulations to assess, implement, and maintain a robust privacy program.
- Privacy by Design: Collaborate with product and engineering teams to integrate privacy requirements seamlessly into the software development lifecycle. Ensure that new products and features are designed with privacy in mind from the outset. Review the product designs for privacy compliance in line with DPDP/GDPR. Technical proficiency to map product, tech and privacy correlation and suggest the best way forward.
- Privacy Impact Assessments (PIAs): Lead and conduct PIAs and Data Protection Impact Assessments (DPIAs) for new projects, products, and data processing activities. Analyze potential privacy risks and recommend effective mitigation strategies.
- Audit and Compliance: Plan, execute, and report on internal and external privacy audits. Identify compliance gaps and deviations, and work with relevant teams to develop and manage remediation plans. Periodically assess the privacy best practices as mandated by regulators and evaluate the implementation of such practices in Razorpay. Work with Public Policy team and regulators to address the privacy requirements and incorporate the best practices within product, policies and operations. Periodically assess the privacy best practices as mandated by regulators and evaluate the implementation of such practices in Razorpay.
- Policy and Process Development: Create, define, and continuously improve privacy-related processes and procedures, including data subject request handling, consent management, and data retention policies.Draft and review Data Sharing Agreements with different parties.

Data Security & Privacy Technology:

- Data Security Controls: Possess a strong grasp of data security principles, including access controls, encryption, and incident response. Advise on, suggest, and implement technical controls such as Data Loss Prevention (DLP) solutions and data masking techniques to enhance data privacy and security.
- Security Controls: Evaluate existing technical and organizational security controls to identify potential vulnerabilities that could impact personal data. Recommend appropriate measures to enhance data protection.
- Hosted Platforms: Understand the privacy implications of using hosted platforms like AWS or Azure. Evaluate vendor platforms for compliance with data protection laws and recommend necessary controls.
- Privacy-Enhancing Technologies (PETs): Advise on and evaluate the use of privacy tools and technologies to automate and streamline privacy compliance. This includes solutions for data discovery, consent management, and data subject access requests (DSARs).

Candidate Requirements

- Education: Bachelor's degree in Computer Science, Information Security, Law, or a related field. An advanced certification such as CIPP/E, CIPP/A, CIPM, or CISSP is highly preferred.
- Experience: A minimum of 6-9 years of overall experience in a privacy, compliance, or information security role, with a strong focus on data protection.
- Expertise:
- Proven track record of working as a Privacy Specialist, Privacy Engineer, or a similar role.
- Expert-level knowledge and practical experience with DPDPA and GDPR.
- Strong understanding of other privacy and security frameworks. Experience in implementing privacy frameworks such as ISO 27701 and NIST Privacy Framework for a Fintech, is a plus.
- Familiarity with common privacy tools and platforms (e.g., OneTrust, BigID, TrustArc or similar tools) is essential.
- Technical & Soft Skills:
- Strong understanding of different types of audit reports and deviations encountered during assessments.
- Proven experience suggesting and implementing technical controls to enhance privacy, such as DLP and data masking, tokenization, etc.
- Familiarity with hosted platforms (AWS/Azure) and the security controls needed to protect data.
- Proven ability to quickly learn and adapt to new technologies and privacy regulations.
- Excellent written and verbal communication skills, with the ability to effectively communicate complex privacy concepts to a wide range of stakeholders.
- Strong analytical and problem-solving skills, with a keen eye for detail and a methodical approach to compliance.