Fampay7d ago

Head of Compliance - Infosec & Product Regulations

BengaluruFull Timeexecutive

Legal & ComplianceCompliance

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

About Fam (previously FamPay) Fam is India’s first payments app for everyone above 11. FamApp helps make online and offline payments through UPI and FamCard. We are on a mission to raise a new,

Technical Tools

awscybersecurityfintechi18n

About Fam (previously FamPay)

Fam is India’s first payments app for everyone above 11. FamApp helps make online and offline payments through UPI and FamCard. We are on a mission to raise a new, financially aware generation, and drive 250 million+ young users in India to kickstart their financial journey super early in their life.

We’re reimagining how the next generation experiences fintech—going beyond payments to build a lifestyle brand that blends money, identity, and everyday experiences into one seamless, intuitive journey.

Founded in 2019 by IIT Roorkee alumni, Fam is backed by some of the most respected investors around the world like Elevation Capital, Y-Combinator, Peak XV (Sequoia Capital) India, Venture Highway, Global Founder’s Capital and the likes of Kunal Shah, Amrish Rao as angel investors.

About the Role

~4 min read

We're looking for a Lead Compliance to build and own Fam's tech, product, and infosec compliance function from the ground up. This is a 0→1 role — you'll define the framework, manage regulatory obligations end-to-end, and make sure compliance is a competitive advantage, not a bottleneck. This role sits at the intersection of product, engineering, and regulation, and demands someone who can translate a dense RBI circular into a product decision. You'll be working directly with leadership to make Fam the most trusted fintech platform for India's next generation.

Own RBI Tech Compliance End-to-End: Be the single owner for all RBI-mandated tech and product compliance obligations — IS Audit coordination, CERT-In incident reporting, circular tracking, and regulatory correspondence on tech matters

Product Compliance Partnership: Work closely with Product and Engineering during the design and launch of new features to flag regulatory risks early — data collection practices, consent flows, KYC/AML product requirements, and minor-specific compliance needs (FamPay's core user base)

Infosec Governance: Define and maintain the information security policy framework, conduct or commission periodic risk assessments, manage vulnerability disclosure processes, and ensure security controls meet regulatory and internal standards — coordinate with the engineering team rather than operate as a practitioner

Audit Readiness & Management: Prepare the organization for internal and external audits (IS Audit, RBI reviews, PCI-DSS assessments) — run pre-audit readiness checks, manage auditor interactions, and drive closure of observations

Incident & Breach Response (Compliance Lens): Lead the compliance response to security incidents — CERT-In breach notifications, RBI reporting timelines, internal escalation protocols, and post-incident documentation

Third-Party & Vendor Compliance: Build and run a vendor risk assessment process; ensure tech partners, cloud providers, and data processors meet FamPay's compliance and regulatory requirements

Regulatory Tracking & Advisory: Monitor RBI, NPCI, MeitY, and DPDPA-related regulatory developments; translate new circulars/guidelines into actionable requirements for Product, Engineering, and the broader team with minimal lag

Security Awareness & Compliance Culture: Drive a compliance-aware culture — conduct periodic training for internal teams, manage compliance acknowledgements, and ensure teams understand obligations without it being a blocker to velocity

7–10 years of overall experience in tech/IT compliance, regulatory compliance, or information security — with at least 4–5 years specifically in a fintech, payments company, or banking/NBFC environment

Hands-on familiarity with RBI's tech and product regulations — including Master Directions on PPIs, UPI operational guidelines, CERT-In compliance requirements, and the RBI IS Audit framework

Experience managing or preparing for regulatory audits (IS Audits, CERT-In audits, RBI thematic reviews) end-to-end — from gap assessments to closure of findings

Working knowledge of India's data protection landscape — DPDP Act 2023, data localization requirements, and consent framework design for digital products

Familiarity with PCI-DSS standards, especially as they apply to payment product infrastructure

Strong grasp of cloud security concepts (particularly AWS) sufficient to evaluate architecture decisions, review security controls, and engage meaningfully with engineering teams — does not need to be a hands-on practitioner

Bachelor's degree in Computer Science, Information Security, Law (Tech), or a related field

Experience drafting, implementing, and maintaining security & compliance policies, SOPs, and internal control frameworks

Prior exposure to product compliance — app store policies (Google/Apple), age-gating/minor-specific consent flows, consumer protection guidelines (RBI's Customer Protection Circular)

Experience working with third-party risk management — onboarding due diligence, vendor security assessments, and contractual compliance requirements for technology partners

Relevant certifications: CISA, CISSP, ISO 27001 Lead Auditor/Implementer, or AWS Security – Specialty — these are strongly preferred signals

Familiarity with SEBI or IRDAI tech regulations (useful if FamPay expands into investment or insurance products)

Prior work at an early-to-mid stage fintech where compliance infrastructure had to be built, not just inherited — people who've written the first policy doc from scratch tend to thrive here

Work in a lean, high-ownership team where your work is visible and impactful
Take end-to-end ownership of compliance and infosec
Shape the trust, security & compliance function at one of India's most recognised fintech brands
Grow as a leader in tech & product compliance at the intersection of fintech, regulation, and product building