Lead Compliance Engineer

Razorpay is one of Indias leading full-stack financial technology companies powering the way businesses move manage and grow money. Founded in 2014 by Harshil Mathur and Shashank Kumar with a simple vision to simplify payments for Indian businesses weve since grown into a fintech powerhouse driving Indias digital payment revolution.

Razorpay powers millions of businesses with a smarter scalable stack that goes beyond transactions to help them truly build and grow.

From seamless checkouts to payroll automation across India Singapore and Malaysia weve been engineering a fintech ecosystem thats redefining how money moves across Asia and were just getting started.

Today that ecosystem supports everyone from early-stage startups to some of Indias largest enterprises enabling them to accept process and disburse payments at scale while expanding into new ways of managing money more efficiently.

Our scale speaks volumes: Razorpay processes $180 billion in annualized transactions powering leading businesses like Airbnb Facebook WhatsApp Airtel CRED BookmyShow Zomato Swiggy Lenskart Mirae Asset Capital markets Indian Oil National Pension Scheme and over 100 of Indias unicorns. With strong roots in India and growing operations in Southeast Asia we are shaping the next chapter of financial technology across the region.

We are backed by global investors including GIC Peak XV Partners (formerly Sequoia Capital India & SEA) Tiger Global Ribbit Capital Matrix Partners MasterCard and Salesforce Ventures having raised over $740 million to date. Strategic acquisitions including Ezetap (POS and offline payments) Curlec (Malaysia expansion) BillMe (digital invoicing) and POP (rewards-first UPI) along with earlier moves in fraud prevention payroll and lending have further strengthened our platform and widened our footprint across Asia.

But what truly sets Razorpay apart is our culture. At Razorpay ownership is our oxygen you own what you build with no micromanagement or red tape just the runway to make your ideas fly. Learning is a lifestyle if youre curious youll feel at home here. People > Pedigree we hire for attitude hustle and hunger more than degrees. Transparency thrives over titles this is where interns question CXOs and CXOs say thank you. Guided by our values of Customer First Autonomy & Ownership Agility with Integrity Transparency Challenging the status quo and a strong belief that Razorpay grows with Razors youll be part of a 3000 strong team building not just products but the financial infrastructure of the future.

Lead Compliance Engineer (Privacy )

Data Protection & Compliance (DPDPA & GDPR Focused)

We are seeking a Lead Privacy Specialist with deep expertise in global and Indian data protection regulations specifically the Digital Personal Data Protection Act (DPDPA) and the General Data Protection Regulation (GDPR). The ideal candidate will be a subject matter expert who can lead the development implementation and maintenance of our privacy program ensuring full compliance across all business functions. This role is crucial for managing our data handling practices and protecting the privacy of our users and stakeholders.

The Role

As the Lead Compliance Engineer (Privacy ) you will be at the forefront of our privacy compliance efforts. Your responsibilities will include conducting privacy impact assessments advising on data handling practices and leading audits to ensure adherence to DPDPA GDPR and other relevant privacy frameworks. You will work closely with legal product engineering and business teams to embed a privacy-by-design and privacy-by-default approach throughout the organization. You will also be responsible for creating and refining our privacy manual policies and processes.

Key Responsibilities

Privacy & Data Protection Expertise:

• Global & Indian Privacy Frameworks: Demonstrate an exceptional level of expertise in DPDPA and GDPR. Apply your deep understanding of these regulations to assess implement and maintain a robust privacy program.
• Privacy by Design: Collaborate with product and engineering teams to integrate privacy requirements seamlessly into the software development lifecycle. Ensure that new products and features are designed with privacy in mind from the outset. Review the product designs for privacy compliance in line with DPDP/GDPR. Technical proficiency to map product tech and privacy correlation and suggest the best way forward.
• Privacy Impact Assessments (PIAs): Lead and conduct PIAs and Data Protection Impact Assessments (DPIAs) for new projects products and data processing activities. Analyze potential privacy risks and recommend effective mitigation strategies.
• Audit and Compliance: Plan execute and report on internal and external privacy audits. Identify compliance gaps and deviations and work with relevant teams to develop and manage remediation plans. Periodically assess the privacy best practices as mandated by regulators and evaluate the implementation of such practices in Razorpay. Work with Public Policy team and regulators to address the privacy requirements and incorporate the best practices within product policies and operations. Periodically assess the privacy best practices as mandated by regulators and evaluate the implementation of such practices in Razorpay.
• Policy and Process Development: Create define and continuously improve privacy-related processes and procedures including data subject request handling consent management and data retention and review Data Sharing Agreements with different parties.

Data Security & Privacy Technology:

• Data Security Controls: Possess a strong grasp of data security principles including access controls encryption and incident response. Advise on suggest and implement technical controls such as Data Loss Prevention (DLP) solutions and data masking techniques to enhance data privacy and security.
• Security Controls: Evaluate existing technical and organizational security controls to identify potential vulnerabilities that could impact personal data. Recommend appropriate measures to enhance data protection.
• Hosted Platforms: Understand the privacy implications of using hosted platforms like AWS or Azure. Evaluate vendor platforms for compliance with data protection laws and recommend necessary controls.
• Privacy-Enhancing Technologies (PETs): Advise on and evaluate the use of privacy tools and technologies to automate and streamline privacy compliance. This includes solutions for data discovery consent management and data subject access requests (DSARs).

Candidate Requirements

• Education: Bachelors degree in Computer Science Information Security Law or a related field. An advanced certification such as CIPP/E CIPP/A CIPM or CISSP is highly preferred.
• Experience: A minimum of 7-9 years of overall experience in a privacy compliance or information security role with a strong focus on data protection.
• Expertise:
• Proven track record of working as a Privacy Specialist Privacy Engineer or a similar role.
• Expert-level knowledge and practical experience with DPDPA and GDPR.
• Strong understanding of other privacy and security frameworks. Experience in implementing privacy frameworks such as ISO 27701 and NIST Privacy Framework for a Fintech is a plus.
• Familiarity with common privacy tools and platforms (e.g. OneTrust BigID TrustArc or similar tools) is essential.
• Technical & Soft Skills:
• Strong understanding of different types of audit reports and deviations encountered during assessments.
• Proven experience suggesting and implementing technical controls to enhance privacy such as DLP and data masking tokenization etc.
• Familiarity with hosted platforms (AWS/Azure) and the security controls needed to protect data.
• Proven ability to quickly learn and adapt to new technologies and privacy regulations.
• Excellent written and verbal communication skills with the ability to effectively communicate complex privacy concepts to a wide range of stakeholders.
• Strong analytical and problem-solving skills with a keen eye for detail and a methodical approach to compliance.