Privacy & Security Lead | Scrabble
Posted on February 12, 2026
Job Description
PRIVACY & SECURITY LEAD, EDENRED INDIA
About Edenred
Edenred is a leading digital platform for services and payments and the everyday companion
for people at work, connecting more than 60 million users and more than 2 million partner
merchants in 45 countries via 1 million corporate clients.
Edenred offers specific-purpose payment solutions for food (such as meal benefits),
engagement (such as gift cards and engagement platforms), mobility (such as multi-energy
solutions, including EV charging, maintenance, toll and parking) and corporate payments (such
as virtual cards).
Our 12,000 employees are committed to making the world of work a better place for all, one
that is safer, more efficient and more user-friendly. At Edenred, our passion for customers,
respect, imagination, simplicity and entrepreneurial spirit are our values. In 2024, the Group
managed €45 billion in business volume, primarily carried out via mobile applications, online
platforms and cards.
Edenred India is an established player in providing platform and non-platform solutions in the
space of Loyalty, Rewards and Employee Engagement. Our platform solutions are used by
clients to manage their channel, customer & employee reward programs, helping our customers
improve sales, product usage and improve Employee retention.
THE ROLE
Own the governance, risk, and compliance (GRC) program for Edenred India BU and strengthen
our security posture in alignment with global standards. You will define policies and controls, drive
audits and remediation, oversee data protection (DPDP), and coordinate security operations
(with global SOC/SIEM) to ensure secure-by-design delivery across products, cloud, and enterprise
systems.
KEY RESPONSIBILITIES
• Governance and policies
• Develop, maintain, and socialize security and compliance policies, standards,
and SOPs aligned to ISO 27001, NIST/CIS, GDPR, and India DPDP Act.
• Establish control frameworks and evidence requirements; manage RACI and
sign-off gates across Product, Tech, Ops, and Finance.
About Edenred
Edenred is a leading digital platform for services and payments and the everyday companion
for people at work, connecting more than 60 million users and more than 2 million partner
merchants in 45 countries via 1 million corporate clients.
Edenred offers specific-purpose payment solutions for food (such as meal benefits),
engagement (such as gift cards and engagement platforms), mobility (such as multi-energy
solutions, including EV charging, maintenance, toll and parking) and corporate payments (such
as virtual cards).
Our 12,000 employees are committed to making the world of work a better place for all, one
that is safer, more efficient and more user-friendly. At Edenred, our passion for customers,
respect, imagination, simplicity and entrepreneurial spirit are our values. In 2024, the Group
managed €45 billion in business volume, primarily carried out via mobile applications, online
platforms and cards.
Edenred India is an established player in providing platform and non-platform solutions in the
space of Loyalty, Rewards and Employee Engagement. Our platform solutions are used by
clients to manage their channel, customer & employee reward programs, helping our customers
improve sales, product usage and improve Employee retention.
THE ROLE
Own the governance, risk, and compliance (GRC) program for Edenred India BU and strengthen
our security posture in alignment with global standards. You will define policies and controls, drive
audits and remediation, oversee data protection (DPDP), and coordinate security operations
(with global SOC/SIEM) to ensure secure-by-design delivery across products, cloud, and enterprise
systems.
KEY RESPONSIBILITIES
• Governance and policies
• Develop, maintain, and socialize security and compliance policies, standards,
and SOPs aligned to ISO 27001, NIST/CIS, GDPR, and India DPDP Act.
• Establish control frameworks and evidence requirements; manage RACI and
sign-off gates across Product, Tech, Ops, and Finance.
• Risk management and audit
• Own the risk register (identify, assess, treat, track) and drive closure of audit
findings (A1/A2); prepare for and coordinate internal/external audits.
• Lead compliance assessments for new initiatives (ERP, integrations, data
platforms) and provide clear guidance and remediation plans.
• Own the risk register (identify, assess, treat, track) and drive closure of audit
findings (A1/A2); prepare for and coordinate internal/external audits.
• Lead compliance assessments for new initiatives (ERP, integrations, data
platforms) and provide clear guidance and remediation plans.
• Data protection and privacy
• Implement DPDP controls: data classification, consent, retention, data subject
rights, breach response; ensure lawful processing and cross-border transfer
controls with Legal.
• Security operations coordination
• Partner with global SOC to operationalize SIEM, alert triage, incident response,
and post-mortems; maintain playbooks and escalation paths.
• Oversee vulnerability management (VAPT), patching SLAs, and secure
configuration baselines across endpoints, servers, cloud, and applications.
• Implement DPDP controls: data classification, consent, retention, data subject
rights, breach response; ensure lawful processing and cross-border transfer
controls with Legal.
• Security operations coordination
• Partner with global SOC to operationalize SIEM, alert triage, incident response,
and post-mortems; maintain playbooks and escalation paths.
• Oversee vulnerability management (VAPT), patching SLAs, and secure
configuration baselines across endpoints, servers, cloud, and applications.
• Identity, access, and SoD
• Define and enforce IAM/RBAC, privileged access (PIM), and Segregation of
Duties for ERP and critical systems; run periodic access reviews.
• Define and enforce IAM/RBAC, privileged access (PIM), and Segregation of
Duties for ERP and critical systems; run periodic access reviews.
• Secure SDLC and third-party risk
• Embed security in development: code reviews, OWASP Top 10, SAST/DAST,
dependency checks (e.g., SonarQube), and release gates in CI/CD.
• Run vendor/security due diligence (contracts, DPA, NDA, security questionnaires),
and monitor third-party risks.
• Business continuity and resilience
• Coordinate BCP/DR design and tests with IT Resilience; validate RPO/RTO and
ensure recovery runbooks are current.
• Embed security in development: code reviews, OWASP Top 10, SAST/DAST,
dependency checks (e.g., SonarQube), and release gates in CI/CD.
• Run vendor/security due diligence (contracts, DPA, NDA, security questionnaires),
and monitor third-party risks.
• Business continuity and resilience
• Coordinate BCP/DR design and tests with IT Resilience; validate RPO/RTO and
ensure recovery runbooks are current.
• Training and awareness
• Plan and deliver mandatory security and compliance trainings; track completion
and effectiveness.
• Plan and deliver mandatory security and compliance trainings; track completion
and effectiveness.
QUALIFICATIONS
• 6–10 years in information security/compliance roles within enterprise or SaaS
environments, including hands-on GRC ownership.
• Strong knowledge of ISO 27001/27002, NIST/CIS controls, OWASP Top 10, and India DPDP
Act; familiarity with GDPR principles.
• Proven experience leading audits, managing risk registers, and closing findings with
measurable outcomes.
• Experience coordinating SIEM operations (Splunk or equivalent), incident management,
and vulnerability management/VAPT.
• Strong documentation and communication skills; able to translate controls into clear,
actionable requirements for cross-functional teams.
• Stakeholder management with global security/compliance teams and local business
leaders; comfortable influencing without formal authority.
• 6–10 years in information security/compliance roles within enterprise or SaaS
environments, including hands-on GRC ownership.
• Strong knowledge of ISO 27001/27002, NIST/CIS controls, OWASP Top 10, and India DPDP
Act; familiarity with GDPR principles.
• Proven experience leading audits, managing risk registers, and closing findings with
measurable outcomes.
• Experience coordinating SIEM operations (Splunk or equivalent), incident management,
and vulnerability management/VAPT.
• Strong documentation and communication skills; able to translate controls into clear,
actionable requirements for cross-functional teams.
• Stakeholder management with global security/compliance teams and local business
leaders; comfortable influencing without formal authority.
PREFERRED SKILLS
• ISO 27001 Lead Implementer/Auditor, CISSP, CISM, or equivalent certifications.
• Experience with ERP security and SoD (e.g., NetSuite/Oracle), and compliance in
regulated environments (financial/benefits).
• Hands-on with GRC tooling, DLP, EDR/XDR, and ticketing/workflow (Jira/ServiceNow).
• Knowledge of CERT-In guidelines and incident reporting requirements.
• ISO 27001 Lead Implementer/Auditor, CISSP, CISM, or equivalent certifications.
• Experience with ERP security and SoD (e.g., NetSuite/Oracle), and compliance in
regulated environments (financial/benefits).
• Hands-on with GRC tooling, DLP, EDR/XDR, and ticketing/workflow (Jira/ServiceNow).
• Knowledge of CERT-In guidelines and incident reporting requirements.
First 6 Months Challenges:
• Publish India BU security and compliance charter, policy set, and control matrix aligned
with global standards.
• Establish risk register and audit remediation plan; close or re baseline top A1/A2 actions
with clear owners and dates.
• Define ERP/critical systems SoD and access review cadence; implement an incident
response playbook with global SOC.
• Launch mandatory training cycle and achieve ≥95% completion; set monthly reporting for
KPIs (incidents, findings, training, access reviews).
• Zero critical audit findings; closure of high severity actions within agreed SLAs.
• Incident MTTR targets met; vulnerability remediation within policy timelines.
• Compliance coverage: access reviews on schedule; training completion ‚≥95%.
• Documented and tested BCP/DR for critical systems.
• Publish India BU security and compliance charter, policy set, and control matrix aligned
with global standards.
• Establish risk register and audit remediation plan; close or re baseline top A1/A2 actions
with clear owners and dates.
• Define ERP/critical systems SoD and access review cadence; implement an incident
response playbook with global SOC.
• Launch mandatory training cycle and achieve ≥95% completion; set monthly reporting for
KPIs (incidents, findings, training, access reviews).
• Zero critical audit findings; closure of high severity actions within agreed SLAs.
• Incident MTTR targets met; vulnerability remediation within policy timelines.
• Compliance coverage: access reviews on schedule; training completion ‚≥95%.
• Documented and tested BCP/DR for critical systems.
Other Details
Location: Thane, Mumbai. We follow a hybrid schedule, where employees are expected to be in
the office three days a week.
Start Date: March 2026
Position: On Roll
Location: Thane, Mumbai. We follow a hybrid schedule, where employees are expected to be in
the office three days a week.
Start Date: March 2026
Position: On Roll