Search Jobs
Search by job, company or skills
Search by job, company or skills
About the Team
Meesho's Security & Compliance team safeguards a platform that 5% of Indian households shop with - millions of orders, billions of data points, zero downtime as a baseline. We own the Information Security Management System, drive every external certification, and shape how Meesho earns trust with sellers, buyers, partners and regulators. We move fast, default to automation, and obsess over evidence.
About the Role
This is a hands-on individual contributor role for someone who wants to drive - not just oversee - a multi-framework compliance program. You'll be the DRI for ISO 27001:2022 and SOC 2 Type II, run end-to-end ITGC and TPRM cycles, and help operationalise India's DPDP Rules 2025 across a product organisation that processes data at meaningful scale. You'll work directly with Engineering, IT, Legal, Product, and external auditors.
Certifications & external audits
Own the certification and surveillance cycle for ISO 27001:2022 and SOC 2 Type II act as the single point of contact for external auditors.
Plan and execute readiness assessments, gap closure, evidence collection, control walkthroughs, and management responses.
Maintain audit calendars, evidence repositories, and bridge letters between audit windows.
Drive PCI DSS v4.0.1 scope-reduction and assessment activities for in-scope environments.
ISMS, policies & frameworks
Maintain Meesho's ISMS aligned to ISO 27001:2022 - all 93 Annex A controls mapped across Organizational, People, Physical and Technological themes, with named owners and live evidence.
Author, review, version-control and socialise security policies, standards, and procedures.
Map controls across frameworks: ISO 27001:2022, SOC 2 TSC, PCI DSS v4.0.1, NIST CSF 2.0, CIS Controls v8, DPDP.
ITGC & internal audits
Design, test and continuously improve IT General Controls: access management, change management, IT operations, and SDLC.
Plan and execute internal audits track findings to closure with engineering and IT.
Build and maintain the enterprise risk register run RCSA, define KRIs, drive risk treatment plans and residual-risk acceptance with leadership.
Third-Party Risk Management (TPRM)
Run the full vendor lifecycle: intake → tiering → security due diligence (SIG / CAIQ / SOC 2 / ISO reviews) → contractual controls → continuous monitoring → offboarding.
Partner with Legal and Procurement to embed security clauses in MSAs, DPAs, and sub-processor agreements.
Conduct on-site / virtual vendor audits for tier-1 vendors and report to the security council.
Privacy & data protection
Operationalise the DPDP Act 2023 + DPDP Rules 2025 across the business: DPIAs, consent and notice flows, data-principal rights, 72-hour breach notification, and Records of Processing Activity.
Prepare Meesho for likely Significant Data Fiduciary (SDF) obligations: independent data-auditor coordination, DPO interfacing, algorithmic transparency, and children's-data safeguards.
Track IT Act, CERT-In directions, and sector-specific guidelines as relevant.
Business continuity
Maintain BCP and DR aligned to ISO 22301 - BIAs, RTO/RPO definitions, and annual DR / failover testing.
Awareness & culture
Run organisation-wide security and privacy awareness: onboarding, refreshers, phishing simulations, and role-based modules.
Partner & customer trust
Respond to seller, partner and enterprise security questionnaires maintain the Trust Center and security collateral.
4-6 years in security compliance, IT audit, or GRC at a product company (SaaS, fintech, e-commerce, payments, consumer internet).
Hands-on experience driving ISO 27001:2022 end-to-end: gap → implementation → certification → surveillance.
Hands-on experience driving SOC 2 Type II end-to-end, including auditor management.
Strong ITGC experience: access, change, ops, and SDLC control design and testing.
Strong TPRM experience across the full vendor lifecycle.
Working knowledge of cloud (AWS and/or GCP) - shared-responsibility model, CIS benchmarks, native services for evidence (AWS Config, GCP SCC, CloudTrail, IAM Analyzer).
Demonstrated stakeholder management with Engineering, IT, Legal, Product, and external auditors.
Excellent written communication - you'll author policies, audit responses, and risk reports read by senior leadership.
Nice to have
DPDP Act 2023 / DPDP Rules 2025 implementation experience familiarity with GDPR or ISO 27701.
Hands-on with a GRC platform: Sprinto, Vanta, Drata, OneTrust, AuditBoard, MetricStream, ServiceNow GRC, or Archer.
ISO 22301 BCMS experience.
Exposure to RBI / SEBI / IRDAI sectoral compliance.
PCI DSS v4.0.1 experience.
Certifications
ISO 27001:2022 Lead Auditor / Lead Implementer
CISA
CIPP/E or DCPP (privacy)
Welcome to Meesho, where every story begins with a spark of inspiration and a dash of entrepreneurial spirit. We're not just a platform we're your partner in turning dreams into realities.
Curious about life at Meesho Explore our Glassdoor - our people have a lot to say and they've helped us become a loved workplace in India.
Democratising internet commerce for everyone - Meesho (Meri Shop) started with a single idea in mind: to be an e-commerce destination for Indian consumers and to enable small businesses to succeed online.
We provide our sellers with benefits such as zero commission and affordable shipping solutions in the market. Today, sellers nationwide are growing their businesses by tapping into Meesho's large and diverse customer base, state-of-the-art tech infrastructure, and pan-India logistics network through trusted third-party partners.
Affordable, relatable merchandise that mirrors local markets has helped us connect with internet users and serve customers across urban, semi-urban, and rural India. Our unique business model and continuous innovation have established us as a part of India's e-commerce ecosystem.
Our focus is on cultivating a dynamic workplace characterized by high impact and performance excellence. We prioritize a people-centric culture, dedicated to hiring and developing exceptional talent.
Total rewards at Meesho comprise a comprehensive set of elements - monetary, non-monetary, tangible, and intangible. Our 9 guiding principles, or Mantras, are the backbone of how we operate, influencing everything from recognition and evaluation to growth discussions. Daily rituals and processes like Problem First Mindset, Listen or Die, our Internal Mobility Program, Talent Reviews, and Continuous Performance Management embody these principles.
We offer competitive compensation - both cash and equity-based - tailored to job roles, individual experience, and skill, along with employee-centric benefits and a supportive work environment. Our holistic wellness program, MeeCare, includes benefits across physical, mental, financial, and social wellness. This includes extensive medical insurance for employees and their families, wellness initiatives like telehealth, wellness events, and fitness-related perks.
To support work-life balance, we offer generous leave policies, parental support, retirement benefits, and learning and development assistance. Through personalized recognition, gratitude for stretched work, and engaging activities, we promote employee delight at the workplace. Additional benefits such as salary advance support, relocation assistance, and flexible benefit plans further enrich the Meesho experience.
At Meesho, we are committed to creating an inclusive and accessible workplace where every individual can thrive. In compliance with the Rights of Persons with Disabilities Act, 2016, we uphold the following principles:
Equal Opportunity: We ensure that employment opportunities are never denied on the grounds of disability if the candidate is otherwise competent to perform the job.
Accessible Workplace: Our facilities are designed to be fully accessible, with amenities and assistive devices provided to support differently abled individuals in their work.
Inclusive Hiring Process: We adopt a transparent and non-discriminatory selection process, including providing application forms in alternate formats and offering reasonable accommodations during interviews upon request.
Career Growth: We provide adequate training post-recruitment and pre-promotion, with training materials available in accessible formats to enable equal career progression.
Support & Confidentiality: A dedicated liaison officer/committee addresses concerns and grievances, while maintaining strict confidentiality of disability-related information.
Awareness & Inclusion: We conduct awareness programs to promote a culture of inclusivity across the organization.
Meesho welcomes applicants and employees of all abilities and is dedicated to fostering an environment where differently abled persons can achieve their full potential.
Know more about Meesho here :
Meesho is India’s fastest growing internet commerce company. We want to make eCommerce accessible to all. Our vision is to enable 100 million small businesses in India, including individual entrepreneurs, to succeed online. Our mission is to democratise internet commerce by bringing a range of products & new customers online. What started, six years ago, as a reseller-focused platform enabling millions to sell online, has now emerged as a single ecosystem connecting sellers, to consumers and entrepreneurs.
Job ID: 148306555
Skills:
it risk management , Security Controls, Cism, Gdpr, Vulnerability Management, AWS, Information Security, Grc, Vapt, Security reviews, GRC Security and compliance automation tools, Iso, Cloud security fundamentals, SOC 2, Cybersecurity regulatory audits, Project management, Cisa, Audit concepts, ISO 27001 LA, nist, IAM access controls
We don’t charge any money for job offers
