Odist Magazine
Website:
razorpay.com
Job details:
Key Responsibilities:
A. Privacy Programme Management & Regulatory Operations
- Own the operationalisation of DPDP Act 2023 and GDPR requirements across Razorpay products, systems, and vendor stack — in coordination with the Head
- Manage and continuously improve the Record of Processing Activities (RoPA), consent framework, data subject rights workflows, and data classification register
- Lead execution of Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) — with increasing automation over time
- Oversee cross-border data transfer compliance: SCCs, adequacy decisions, and DPDP cross-border transfer rules
- Coordinate with the Head for regulatory audits (RBI/SEBI), data privacy reviews, and incident reporting timelines
- Enforce consent, purpose limitation, data minimisation, and retention policies in live production systems
B. Technical Privacy Posture & Assessment Delivery
- Lead and conduct infrastructure privacy reviews of cloud environments (AWS/GCP/Azure) — access controls, encryption, data residency, audit logging
- Drive vendor and SaaS tool assessments beyond standard questionnaires — review actual data flows, API integrations, and technical configurations
- Own the technical quality of privacy assessments produced by the team — review, calibrate, and ensure regulatory alignment
- Monitor control effectiveness across production systems; identify gaps and partner with engineering to define remediation
- Build and maintain the team's assessment methodology, templates, and scoring frameworks
C. AI Systems Privacy & Governance (LLM-Focused)
- Own Razorpay's AI tool onboarding and privacy review process — from intake to sign-off
- Lead privacy assessments of LLM-powered tools, internal AI agents, and third-party AI integrations, with focus on data input, storage, retention, and cross-border sharing
- Build and maintain the AI privacy onboarding framework: checklists, risk registers, approval workflows, and exception management
- Define and document AI-specific privacy risks: prompt data leakage, model memory, third-party AI provider data usage, and agentic system data access
- Embed Privacy-by-Design into AI product lifecycles — engaging product and engineering teams from ideation through to inference
- Track third-party AI provider privacy policies (OpenAI, Anthropic, Google, etc.) and maintain a current compliance alignment register
D. Compliance Automation & AI-Powered Privacy Operations
- Design, build, and maintain AI-assisted compliance workflows — DPIA generation, evidence collection, control testing, and risk flagging
- Create and maintain compliance dashboards that give engineering, product, and leadership real-time visibility into privacy posture
- Develop standardised playbooks, checklists, and templates that enable product teams to self-serve privacy reviews with confidence
- Evaluate and validate the accuracy and regulatory alignment of AI-generated compliance outputs before they are accepted as formal evidence
- Continuously improve the team's tooling stack — GRC platforms, privacy management tools, AI assistants — for maximum operational leverage
E. Team Leadership & Stakeholder Management
- Directly manage, mentor, and develop the Lead Compliance Engineer — Privacy; set clear goals, unblock work, and drive their professional growth
- Act as the primary point of contact for engineering, product, legal, and business teams on day-to-day privacy matters
- Translate privacy requirements and risk findings into actionable, prioritised guidance for technical and non-technical stakeholders
- Support the Head with board-level and leadership reporting — prepare data, evidence packages, and risk summaries
- Maintain the privacy incident register, manage incident response timelines, and ensure regulatory reporting deadlines are met
- Drive a culture of privacy-as-enabler within the organisation — position compliance as a feature, not a gate
Skills Required :
- 6–8 total years in privacy, compliance, or security — with at least 2 years in a hands-on technical capacity
- Has operationalised both frameworks in production — not just mapped policies. Can identify gaps without being prompted.
- Can assess LLM data handling, prompt pipelines, model memory, RAG architectures, and third-party AI provider risks.
- Can assess cloud infra, APIs, and SaaS integrations for privacy risk — going beyond questionnaires to actual technical evidence.
- Has designed or significantly improved automated compliance workflows using AI tools, scripting, or GRC platforms.
- Has managed IC-level compliance or security professionals; can communicate privacy risk clearly to both engineers and executives.
- Working knowledge of FinTech-specific data obligations applicable to a payment aggregator context
- Understands data flow design, pseudonymisation, tokenization, encryption-at-rest and in transit, and SDLC privacy gates.
- Can read AWS/GCP/Azure architecture diagrams to identify data egress risks, misconfigured IAM, and storage issues.
- Developing familiarity with AI fairness, explainability, consent, and auditability frameworks for regulated contexts
Click on Apply to know more.