<div>PRIVACY &amp; SECURITY LEAD, EDENRED INDIA<br /> About Edenred<br /> Edenred is a leading digital platform for services and payments and the everyday companion<br /> for people at work, connecting more than 60 million users and more than 2 million partner<br /> merchants in 45 countries via 1 million corporate clients.<br /> Edenred offers specific-purpose payment solutions for food (such as meal benefits),<br /> engagement (such as gift cards and engagement platforms), mobility (such as multi-energy<br /> solutions, including EV charging, maintenance, toll and parking) and corporate payments (such<br /> as virtual cards).<br /> Our 12,000 employees are committed to making the world of work a better place for all, one<br /> that is safer, more efficient and more user-friendly. At Edenred, our passion for customers,<br /> respect, imagination, simplicity and entrepreneurial spirit are our values. In 2024, the Group<br /> managed &euro;45 billion in business volume, primarily carried out via mobile applications, online<br /> platforms and cards.<br /> Edenred India is an established player in providing platform and non-platform solutions in the<br /> space of Loyalty, Rewards and Employee Engagement. Our platform solutions are used by<br /> clients to manage their channel, customer &amp; employee reward programs, helping our customers<br /> improve sales, product usage and improve Employee retention.<br /> THE ROLE<br /> Own the governance, risk, and compliance (GRC) program for Edenred India BU and strengthen<br /> our security posture in alignment with global standards. You will define policies and controls, drive<br /> audits and remediation, oversee data protection (DPDP), and coordinate security operations<br /> (with global SOC/SIEM) to ensure secure-by-design delivery across products, cloud, and enterprise<br /> systems.<br /> KEY RESPONSIBILITIES<br /> &bull; Governance and policies<br /> &bull; Develop, maintain, and socialize security and compliance policies, standards,<br /> and SOPs aligned to ISO 27001, NIST/CIS, GDPR, and India DPDP Act.<br /> &bull; Establish control frameworks and evidence requirements; manage RACI and<br /> sign-off gates across Product, Tech, Ops, and Finance.</div> <div>&bull; Risk management and audit<br /> &bull; Own the risk register (identify, assess, treat, track) and drive closure of audit<br /> findings (A1/A2); prepare for and coordinate internal/external audits.<br /> &bull; Lead compliance assessments for new initiatives (ERP, integrations, data<br /> platforms) and provide clear guidance and remediation plans.</div> <div>&bull; Data protection and privacy<br /> &bull; Implement DPDP controls: data classification, consent, retention, data subject<br /> rights, breach response; ensure lawful processing and cross-border transfer<br /> controls with Legal.<br /> &bull; Security operations coordination<br /> &bull; Partner with global SOC to operationalize SIEM, alert triage, incident response,<br /> and post-mortems; maintain playbooks and escalation paths.<br /> &bull; Oversee vulnerability management (VAPT), patching SLAs, and secure<br /> configuration baselines across endpoints, servers, cloud, and applications.</div> <div>&bull; Identity, access, and SoD<br /> &bull; Define and enforce IAM/RBAC, privileged access (PIM), and Segregation of<br /> Duties for ERP and critical systems; run periodic access reviews.</div> <div>&bull; Secure SDLC and third-party risk<br /> &bull; Embed security in development: code reviews, OWASP Top 10, SAST/DAST,<br /> dependency checks (e.g., SonarQube), and release gates in CI/CD.<br /> &bull; Run vendor/security due diligence (contracts, DPA, NDA, security questionnaires),<br /> and monitor third-party risks.<br /> &bull; Business continuity and resilience<br /> &bull; Coordinate BCP/DR design and tests with IT Resilience; validate RPO/RTO and<br /> ensure recovery runbooks are current.</div> <div>&bull; Training and awareness<br /> &bull; Plan and deliver mandatory security and compliance trainings; track completion<br /> and effectiveness.</div> <div>QUALIFICATIONS<br /> &bull; 6&ndash;10 years in information security/compliance roles within enterprise or SaaS<br /> environments, including hands-on GRC ownership.<br /> &bull; Strong knowledge of ISO 27001/27002, NIST/CIS controls, OWASP Top 10, and India DPDP<br /> Act; familiarity with GDPR principles.<br /> &bull; Proven experience leading audits, managing risk registers, and closing findings with<br /> measurable outcomes.<br /> &bull; Experience coordinating SIEM operations (Splunk or equivalent), incident management,<br /> and vulnerability management/VAPT.<br /> &bull; Strong documentation and communication skills; able to translate controls into clear,<br /> actionable requirements for cross-functional teams.<br /> &bull; Stakeholder management with global security/compliance teams and local business<br /> leaders; comfortable influencing without formal authority.</div> <div>PREFERRED SKILLS<br /> &bull; ISO 27001 Lead Implementer/Auditor, CISSP, CISM, or equivalent certifications.<br /> &bull; Experience with ERP security and SoD (e.g., NetSuite/Oracle), and compliance in<br /> regulated environments (financial/benefits).<br /> &bull; Hands-on with GRC tooling, DLP, EDR/XDR, and ticketing/workflow (Jira/ServiceNow).<br /> &bull; Knowledge of CERT-In guidelines and incident reporting requirements.</div> <div>First 6 Months Challenges:<br /> &bull; Publish India BU security and compliance charter, policy set, and control matrix aligned<br /> with global standards.<br /> &bull; Establish risk register and audit remediation plan; close or re baseline top A1/A2 actions<br /> with clear owners and dates.<br /> &bull; Define ERP/critical systems SoD and access review cadence; implement an incident<br /> response playbook with global SOC.<br /> &bull; Launch mandatory training cycle and achieve &ge;95% completion; set monthly reporting for<br /> KPIs (incidents, findings, training, access reviews).<br /> &bull; Zero critical audit findings; closure of high severity actions within agreed SLAs.<br /> &bull; Incident MTTR targets met; vulnerability remediation within policy timelines.<br /> &bull; Compliance coverage: access reviews on schedule; training completion &sbquo;&ge;95%.<br /> &bull; Documented and tested BCP/DR for critical systems.</div> <div>Other Details<br /> Location: Thane, Mumbai. We follow a hybrid schedule, where employees are expected to be in<br /> the office three days a week.<br /> Start Date: March 2026<br /> Position: On Roll</div>