Bestkaam Logo
Back to Jobs
Razorpay

Data Privacy Manager

Actively Reviewing

Razorpay

Bengaluru Full-Time 4–8 yrs exp Posted 1 month ago  · Apply by Jul 18, 2026

Key Responsibilities:


A. Privacy Programme Management & Regulatory Operations

  • Own the operationalisation of DPDP Act 2023 and GDPR requirements across Razorpay products, systems, and vendor stack — in coordination with the Head
  • Manage and continuously improve the Record of Processing Activities (RoPA), consent framework, data subject rights workflows, and data classification register
  • Lead execution of Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) — with increasing automation over time
  • Oversee cross-border data transfer compliance: SCCs, adequacy decisions, and DPDP cross-border transfer rules
  • Coordinate with the Head for regulatory audits (RBI/SEBI), data privacy reviews, and incident reporting timelines
  • Enforce consent, purpose limitation, data minimisation, and retention policies in live production systems


B. Technical Privacy Posture & Assessment Delivery

  • Lead and conduct infrastructure privacy reviews of cloud environments (AWS/GCP/Azure) — access controls, encryption, data residency, audit logging
  • Drive vendor and SaaS tool assessments beyond standard questionnaires — review actual data flows, API integrations, and technical configurations
  • Own the technical quality of privacy assessments produced by the team — review, calibrate, and ensure regulatory alignment
  • Monitor control effectiveness across production systems; identify gaps and partner with engineering to define remediation
  • Build and maintain the team's assessment methodology, templates, and scoring frameworks


C. AI Systems Privacy & Governance (LLM-Focused)

  • Own Razorpay's AI tool onboarding and privacy review process — from intake to sign-off
  • Lead privacy assessments of LLM-powered tools, internal AI agents, and third-party AI integrations, with focus on data input, storage, retention, and cross-border sharing
  • Build and maintain the AI privacy onboarding framework: checklists, risk registers, approval workflows, and exception management
  • Define and document AI-specific privacy risks: prompt data leakage, model memory, third-party AI provider data usage, and agentic system data access
  • Embed Privacy-by-Design into AI product lifecycles — engaging product and engineering teams from ideation through to inference
  • Track third-party AI provider privacy policies (OpenAI, Anthropic, Google, etc.) and maintain a current compliance alignment register


D. Compliance Automation & AI-Powered Privacy Operations

  • Design, build, and maintain AI-assisted compliance workflows — DPIA generation, evidence collection, control testing, and risk flagging
  • Create and maintain compliance dashboards that give engineering, product, and leadership real-time visibility into privacy posture
  • Develop standardised playbooks, checklists, and templates that enable product teams to self-serve privacy reviews with confidence
  • Evaluate and validate the accuracy and regulatory alignment of AI-generated compliance outputs before they are accepted as formal evidence
  • Continuously improve the team's tooling stack — GRC platforms, privacy management tools, AI assistants — for maximum operational leverage


E. Team Leadership & Stakeholder Management

  • Directly manage, mentor, and develop the Lead Compliance Engineer — Privacy; set clear goals, unblock work, and drive their professional growth
  • Act as the primary point of contact for engineering, product, legal, and business teams on day-to-day privacy matters
  • Translate privacy requirements and risk findings into actionable, prioritised guidance for technical and non-technical stakeholders
  • Support the Head with board-level and leadership reporting — prepare data, evidence packages, and risk summaries
  • Maintain the privacy incident register, manage incident response timelines, and ensure regulatory reporting deadlines are met
  • Drive a culture of privacy-as-enabler within the organisation — position compliance as a feature, not a gate


Skills Required :

  • 6–8 total years in privacy, compliance, or security — with at least 2 years in a hands-on technical capacity
  • Has operationalised both frameworks in production — not just mapped policies. Can identify gaps without being prompted.
  • Can assess LLM data handling, prompt pipelines, model memory, RAG architectures, and third-party AI provider risks.
  • Can assess cloud infra, APIs, and SaaS integrations for privacy risk — going beyond questionnaires to actual technical evidence.
  • Has designed or significantly improved automated compliance workflows using AI tools, scripting, or GRC platforms.
  • Has managed IC-level compliance or security professionals; can communicate privacy risk clearly to both engineers and executives.
  • Working knowledge of FinTech-specific data obligations applicable to a payment aggregator context
  • Understands data flow design, pseudonymisation, tokenization, encryption-at-rest and in transit, and SDLC privacy gates.
  • Can read AWS/GCP/Azure architecture diagrams to identify data egress risks, misconfigured IAM, and storage issues.
  • Developing familiarity with AI fairness, explainability, consent, and auditability frameworks for regulated contexts