PRIVACY & SECURITY LEAD

Own the governance, risk, and compliance (GRC) program for Edenred India BU and strengthen

our security posture in alignment with global standards. You will define policies and controls, drive

audits and remediation, oversee data protection (DPDP), and coordinate security operations

(with global SOC/SIEM) to ensure secure-by-design delivery across products, cloud, and enterprise

systems.

Responsibilities

Governance and policies

Develop, maintain, and socialize security and compliance policies, standards,

and SOPs aligned to ISO 27001, NIST/CIS, GDPR, and India DPDP Act.

Establish control frameworks and evidence requirements; manage RACI and

sign-off gates across Product, Tech, Ops, and Finance. Risk management and audit

Own the risk register (identify, assess, treat, track) and drive closure of audit

findings (A1/A2); prepare for and coordinate internal/external audits.

Lead compliance assessments for new initiatives (ERP, integrations, data

platforms) and provide clear guidance and remediation plans.

Data protection and privacy

Implement DPDP controls: data classification, consent, retention, data subject

rights, breach response; ensure lawful processing and cross-border transfer

controls with Legal.

Security operations coordination

Partner with global SOC to operationalize SIEM, alert triage, incident response,

and post-mortems; maintain playbooks and escalation paths.

Oversee vulnerability management (VAPT), patching SLAs, and secure

configuration baselines across endpoints, servers, cloud, and applications.

Identity, access, and SoD

Define and enforce IAM/RBAC, privileged access (PIM), and Segregation of

Duties for ERP and critical systems; run periodic access reviews.

Secure SDLC and third-party risk

Embed security in development: code reviews, OWASP Top 10, SAST/DAST,

dependency checks (e.g., SonarQube), and release gates in CI/CD.

Run vendor/security due diligence (contracts, DPA, NDA, security questionnaires),

and monitor third-party risks.

Business continuity and resilience

Coordinate BCP/DR design and tests with IT Resilience; validate RPO/RTO and

ensure recovery runbooks are current.

Training and awareness

Plan and deliver mandatory security and compliance trainings; track completion

and effectiveness.

Qualifications

610 years in compliance and Information Security roles within enterprise or SaaS

environments, including hands-on GRC ownership.

Strong knowledge of ISO 27001/27002, NIST/CIS controls, OWASP Top 10, and India DPDP

Act; familiarity with GDPR principles.

Proven experience leading audits, managing risk registers, and closing findings with

measurable outcomes.

Experience coordinating SIEM operations (Splunk or equivalent), incident management,

and vulnerability management/VAPT.

Strong documentation and communication skills; able to translate controls into clear,

actionable requirements for cross-functional teams.

Stakeholder management with global security/compliance teams and local business

leaders; comfortable influencing without formal authority.

Preferred Skills

ISO 27001 Lead Implementer/Auditor, CISSP, CISM, or equivalent certifications.

Experience with ERP security and SoD (e.g., NetSuite/Oracle), and compliance in

regulated environments (financial/benefits).

Hands-on with GRC tooling, DLP, EDR/XDR, and ticketing/workflow (Jira/ServiceNow).

Knowledge of CERT-In guidelines and incident reporting requirements.