Risk & Compliance PnE CC – Infosec Tech /
At Zeta, we are accelerating the world towards invisible payments. We rethink payments - from the core to the edge, The algorithms to form factors, The applications to solutions - For banks, corporates, merchants, and users.
This role is part of the Risk and Compliance team, a division of Zeta. The Privacy and Compliance Leader is responsible to ensure all enterprise and cloud infra and services with respect to various privacy regulations applicable as per geo requirements.
What is the job like?
- Strategize and provide vision, governance, and roadmap for privacy.
- Build and Design privacy programs including processes, policies, and guidelines as per various privacy regulations like GDPR (EU & UK), CCPA, IDPR, LGPD, and PDPB.
- Perform auditing and compliance activities to ensure privacy framework effectiveness and provides recommendations for improvement.
- Conducting Privacy Assessment/Privacy Impact Assessment, suggest suitable corrections.
- Define various processes and implement controls applicable to privacy and data protection requirements for various country-specific privacy laws including but not limited to i.e., GDPR, LGPD, CCPA, PDPB, ISO 27701, and SOC 2 Type 2 (SSAE 18).
- Provide necessary training and charter to all the Zeta teams, stakeholder management, legal and marketing, and Business.
- Close coordination for Business Support, agreements, and contracts.
- Responsible for third-party risk assessments with respect to privacy.
- Privacy GRC Implementation and automation.
- Drive Organization towards ISO 27701 certification, also ensures compliance and improvements for SOC 2 Type 2 Privacy trust principle (SSAE 18).
- Ensure all the services, as well as operations, are Privacy compliant from processor and controller perspectives.
- Review relevant data privacy laws and provide inputs on product implementation on Privacy as Subject Matter Expert and address various data privacy on a continuous basis.
- Review and implementation of Privacy guidelines from RBI and NPCI.
- Monitor and measure privacy program implementation through internal audits, management reviews, and metrics.
- Act as DPO, handling privacy incident management, breach management, and data subject rights (DSR) management.
- Liaising with customers, external entities, and regulators for privacy and data protection-related issues.
- Management reporting and escalation management and timely intervention to avoid privacy incidents or breaches.
- Represent Zeta and Privacy forums.
- Contribute to maintaining ISO 27001, PCI DSS, SSAE 18, GDPR, UIDAI, etc. Security and Compliance Standards.
- Soft Skills: People Management, developing the team, and budgeting.
Who should apply ?
- Thorough understanding of various Data privacy regulations and privacy concepts.
- Experience in General Data Protection Regulation (GDPR) implementation.
- Experience in performing PIA, DPIA Data mapping, etc.
- Privacy Certifications like CIPP, CIPT, DCPP, and DCPLA preferably.
- Experience in Privacy Assessment & Vendor Risk Assessment and responding to client Request for Proposal (RFP).
- 15 years of overall experience in Security and Privacy implementation in the BFSI/Fin-tech/Payments domain especially the last 5 years as a Privacy Officer/ Privacy Manager or as a DPO.
- A good understanding of ISO 27001/2, ISO 27018, NIST CSF, etc is desirable.
- Bachelor of Technology (BE/B.Tech), M.Tech or ME in Computer Science, MCA or equivalent is preferred.
- Excellent written and oral communication and penchant for technical documentation.
Good to have skills
- Good Understanding of Risk Assessment Frameworks
- Experience in Enterprise Risk Assessment and Application risk Assessment
- Experience with Audits and Standards ( PCI DSS, PCI PA-DSS/SSF, SSAE 18, ISO 27001, GDPR, ISO 31000, NIST Risk framework) is desirable.
Co-founded by Bhavin Turakhia (CEO) and Ramki Gaddipati (CTO), Zeta® is on a mission to make digital payments easy, inclusive, and valuable for corporations, employees, and merchants globally. Our products revolve around the key idea that spending and receiving money should be easy, fast, and trouble-free.
Our business comprises:
1) Zeta® Banking - We are in the business of providing a full-stack, cloud-native, API-first neo-banking platform including a digital core and a payment engine for the issuance of credit, debit, and prepaid products that enable legacy banks and new-age fintech to launch modern retail and corporate fintech products.
2) Zeta Benefits - We started our business as an ‘employee benefits provider in India, with technology at the core of the offering. The Zeta BRS business today exists as a merged entity, with Sodexo, in India. On the global level, we are working with various Sodexo geographies as their technology partner, providing a customizable suite of frontend and backend solutions for the BRS industry. We currently engage with Sodexo in Brazil, Vietnam, and The Philippines; and are continuously expanding to more countries.
3) Enterprise Payments - our enterprise payments solution helps financial institutions simplify payment flows using full-stack, cloud-native, API-first technology. From reward and recognition programs to gifting to expense management, we aim to make all enterprise payments hassle-free while delivering a tangible business impact to the end-user.
Zeta currently provides its platform and products to BFSI issuers in India, Asia, and LATAM. The product offerings are used by banks like RBL Bank, IDFC First Bank, and Kotak Mahindra Bank, 14000 corporates, and over 2 million users. Zeta is a SOC 2, ISO 27001, ISO 9008, PCI DSS certified company. The company has over 500 employees and clocks over 1 million transactions per day.
Zeta® was awarded the best B2B platform and the best Payment App at the Payments and Cards Summit 2018. The company was also recognized as one of India’s most innovative product companies at NASSCOM Emerge 50 awards 2017 and was named the Fintech Rising Star for 2017 by the India FinTech forum.