Security Lead

Role:
Data Compliance and Security Lead

Experience: 10-15 years

Salary: Confidential (based on experience)

Opportunity Type: Office (Mumbai)

Placement Type: Full time Permanent Position

(*Note: This is a requirement for one of Uplers Clients)

About the Role:

Our client is Asias leading TrustStack, trusted by the best, with global expertise and enterprise-grade tech, were solving trust challenges, making compliance easy, fraud detection smarter, and onboarding seamless.

The three platforms- OnboardIQ, OneRisk, and Privy - come together to form one seamless solution enabling trust.

1. OnboardIQ is an onboarding platform that accelerates growth with frictionless omni-channel onboarding, while mitigating fraud and improving quality of account.

2. OneRisk is a fraud and risk management platform to mitigate financial, legal, and reputational risks and avoid losses with proactive fraud prevention. It covers individual risk, entity risk, and asset risk.

3. Privy is a privacy and data governance platform to ensure DPDPA compliance through trust and privacy governance suite and avoid monetary and reputational loss.

We are the perfect match if you

• Have 10+ years of experience in Information Security, with a strong focus on Governance, Risk, Compliance, and Data Privacy.
• Are well-versed with frameworks and regulations such as ISO 27001:2022, SOC 2 Type II, India's DPDPA, RBI regulations (e.g. V-CIP), and sector-specific compliance requirements like SAR and data localization.
• Enjoy building trust with customers by clearly articulating security controls, data handling practices, and participating in customer audits.
• Are confident reviewing client MSAs, handling TPRM requests, and aligning contractual obligations with internal security practices.
• Have a solid understanding of cloud security fundamentals and how compliance controls are mapped in cloud environments.
• Know how to balance compliance needs with business agility, and can translate complex regulatory requirements into practical, actionable controls.
• Thrive in cross-functional environments, working closely with internal teams (Legal, Product, Engineering, etc.) to get things done.

Heres what your day would look like

• Lead the GRC function and own our compliance roadmap (ISO, SOC 2, etc.).
• Interpret new regulations (e.g. DPDPA, RBI advisories) and drive necessary security and privacy program updates.
• Represent security in customer calls, audits, and RFPs helping build client trust and confidence.
• Own internal risk assessments, policy governance, and third-party risk management workflows.
• Review and negotiate security-related clauses in customer contracts and vendor agreements.
• Work with internal teams to ensure controls are implemented, monitored, and improved over time.
• Collaborate with engineering, cloud, and DevSecOps teams to ensure security solutions align with compliance goals.
• Regularly update senior leadership and business units on compliance posture, risks, and mitigation plans.

Technical Skills

• Deep understanding of security frameworks: ISO 27001:2022, SOC 2 Type II, DPDPA, SAR, RBI circulars (esp. for financial services), and data localization norms.
• Familiarity with privacy impact assessments, DPIAs, and data retention practices.
• Hands-on experience with internal audits, policy development, and third-party risk management.
• Understanding of modern cloud architectures and associated compliance controls (GCP, AWS, Azure).
• Exposure to security tools (SIEM, DLP, WAF2, GRC platforms, etc.) and how they support audit/compliance needs.
• Ability to interpret MSA/contractual security clauses and align them with internal controls.