Stashfin
Website:
stashfin.com
Job details:
Experience : 4 to 6 years
Location : Gurgaon, India
Role Overview
We are looking for an Operational Risk professional who can drive ORM frameworks and lead implementation of Indias Digital Personal Data Protection requirements.
The role will work closely with Risk, Legal, Tech, and Product teams to ensure robust risk governance, data privacy compliance, and control effectiveness.
Key Responsibilities
Operational Risk Management (ORM) :
- Develop and maintain RCSA framework, risk registers, and control libraries
- Define and monitor KRIs/KPIs across underwriting, collections, technology, and vendor risk
- Conduct risk assessments, control testing, and gap analysis
- Track incident management (fraud, tech failures, process breaches) and drive root- cause closure
- Support Board / Risk Committee reporting and governance
Data Privacy & DPDP Implementation
- Lead implementation of the Digital Personal Data Protection (DPDP) Act across business functions
- Design and operationalize :
- Data inventory & data flow mapping
- Consent management framework
- Data retention & deletion policies
- Work with Legal/Tech to ensure privacy-by-design in systems and processes
- Manage data subject rights (access, correction, erasure) workflows
- Conduct privacy risk assessments and audits
Policy & Governance
- Draft and update :
- ORM policy
- Data privacy policy
- Vendor / outsourcing risk frameworks
- Ensure alignment with regulatory expectations (RBI, data protection norms)
- Drive policy adherence and exception management
Cross-Functional Collaboration
- Work with :
- Tech (data pipelines, access control)
- Product (customer journey compliance)
- Legal (regulatory interpretation)
- Support regulatory audits and inspections
Key Skills & Qualifications
Must Have :
- 4 to 5 years experience in :
- Operational Risk / Risk Analytics / Compliance
- Preferably in NBFC / fintech / banking
- Strong understanding of :
- ORM frameworks (RCSA, KRIs, incident management)
- Data privacy principles & DPDP requirements
- Experience in policy drafting and control frameworks
Good To Have
- Exposure to :
- Digital lending ecosystem
- Data governance / data lineage tools
- Risk analytics / SQL / Python
- Experience with regulatory audits (RBI, internal audit)
Key Competencies
- Structured problem-solving
- Strong stakeholder management
- Attention to detail (critical for compliance roles)
- Ability to translate regulation ? practical implementation
Success Metrics (KRAs)
- Timely completion of RCSA & KRI monitoring
- Successful DPDP implementation across systems & processes
- Reduction in operational incidents / control gaps
- Zero major audit / regulatory observations
- Strong data governance and privacy compliance posture
Why Join Us
- Opportunity to build end-to-end ORM + data privacy framework
- Work at intersection of risk, technology, and regulation
- High visibility role with leadership exposure
(ref:hirist.tech)
Click on Apply to know more.