Head of Compliance - Infosec & Product Regulations at fampay

About Fam (previously FamPay) Fam is India’s first payments app for everyone above 11. FamApp helps make online and offline payments through UPI and FamCard. We are on a mission to raise a new, financially aware generation, and drive 250 million+ young users in India to kickstart their financial journey super early in their life. We’re reimagining how the next generation experiences fintech—going beyond payments to build a lifestyle brand that blends money, identity, and everyday experiences into one seamless, intuitive journey. Founded in 2019 by IIT Roorkee alumni, Fam is backed by some of the most respected investors around the world like Elevation Capital, Y-Combinator, Peak XV (Sequoia Capital) India, Venture Highway, Global Founder’s Capital and the likes of Kunal Shah, Amrish Rao as angel investors. About this Role: We're looking for a Lead Compliance to build and own Fam's tech, product, and infosec compliance function from the ground up. This is a 0→1 role — you'll define the framework, manage regulatory obligations end-to-end, and make sure compliance is a competitive advantage, not a bottleneck. This role sits at the intersection of product, engineering, and regulation, and demands someone who can translate a dense RBI circular into a product decision. You'll be working directly with leadership to make Fam the most trusted fintech platform for India's next generation. On the Job • Own RBI Tech Compliance End-to-End: Be the single owner for all RBI-mandated tech and product compliance obligations — IS Audit coordination, CERT-In incident reporting, circular tracking, and regulatory correspondence on tech matters • Product Compliance Partnership: Work closely with Product and Engineering during the design and launch of new features to flag regulatory risks early — data collection practices, consent flows, KYC/AML product requirements, and minor-specific compliance needs (FamPay's core user base) • Infosec Governance: Define and maintain the information security policy framework, conduct or commission periodic risk assessments, manage vulnerability disclosure processes, and ensure security controls meet regulatory and internal standards — coordinate with the engineering team rather than operate as a practitioner • Audit Readiness & Management: Prepare the organization for internal and external audits (IS Audit, RBI reviews, PCI-DSS assessments) — run pre-audit readiness checks, manage auditor interactions, and drive closure of observations • Incident & Breach Response (Compliance Lens): Lead the compliance response to security incidents — CERT-In breach notifications, RBI reporting timelines, internal escalation protocols, and post-incident documentation • Third-Party & Vendor Compliance: Build and run a vendor risk assessment process; ensure tech partners, cloud providers, and data processors meet FamPay's compliance and regulatory requirements • Regulatory Tracking & Advisory: Monitor RBI, NPCI, MeitY, and DPDPA-related regulatory developments; translate new circulars/guidelines into actionable requirements for Product, Engineering, and the broader team with minimal lag • Security Awareness & Compliance Culture: Drive a compliance-aware culture — conduct periodic training for internal teams, manage compliance acknowledgements, and ensure teams understand obligations without it being a blocker to velocity Must-haves (Min. qualifications) • 7–10 years of overall experience in tech/IT compliance, regulatory compliance, or information security — with at least 4–5 years specifically in a fintech, payments company, or banking/NBFC environment • Hands-on familiarity with RBI's tech and product regulations — including Master Directions on PPIs, UPI operational guidelines, CERT-In compliance requirements, and the RBI IS Audit framework • Experience managing or preparing for regulatory audits (IS Audits, CERT-In audits, RBI thematic reviews) end-to-end — from gap assessments to closure of findings • Working knowledge of India's data protection landscape — DPDP Act 2023, data localization requirements, and consent framework design for digital products • Familiarity with PCI-DSS standards, especially as they apply to payment product infrastructure • Strong grasp of cloud security concepts (particularly AWS) sufficient to evaluate architecture decisions, review security controls, and engage meaningfully with engineering teams — does not need to be a hands-on practitioner • Bachelor's degree in Computer Science, Information Security, Law (Tech), or a related field • Experience drafting, implementing, and maintaining security & compliance policies, SOPs, and internal control frameworks Good to have • Prior exposure to product compliance — app store policies (Google/Apple), age-gating/minor-specific consent flows, consumer protection guidelines (RBI's Customer Protection Circular) • Experience working with third-party risk management — onboarding due diligence, vendor security assessments, and contractual compliance requirements for technology partners • Relevant certifications: CISA, CISSP, ISO 27001 Lead Auditor/Implementer, or AWS Security – Specialty — these are strongly preferred signals • Familiarity with SEBI or IRDAI tech regulations (useful if FamPay expands into investment or insurance products) • Prior work at an early-to-mid stage fintech where compliance infrastructure had to be built, not just inherited — people who've written the first policy doc from scratch tend to thrive here Why join us? • Work in a lean, high-ownership team where your work is visible and impactful • Take end-to-end ownership of compliance and infosec • Shape the trust, security & compliance function at one of India's most recognised fintech brands • Grow as a leader in tech & product compliance at the intersection of fintech, regulation, and product building   Perks That Go Beyond the Paycheck • Relocation assistance to make your move seamless. • Free office meals (lunch & dinner). • Generous leave policy, including birthday leave, period leave, paternity and maternity support, and more. • Salary advance and loan policies for any financial help. • Quarterly rewards and recognition programs, and a referral program with great incentives. • Access the latest gadgets and tools. • Comprehensive health insurance for you and your family, mental health support. • Tax benefits with options like food coupons, phone allowances, car/device leasing. • Retirement perks like PF contribution, leave encashment and gratuity.   Here’s all the tea on FamApp ☕️ FamApp focuses on financial inclusion of the next generation by providing UPI & card payments to everyone above 11 years old. Our flagship Spending Account, FamX, seamlessly integrates UPI and card payments, enabling users to manage, save, and learn about their finances effortlessly.   Revolutionizing Payments and FinTech FamApp has enabled 10 million+ users to make UPI and card payments across India, removing the inconvenience of carrying cash everywhere. Users get to customise their FamX card with doodles, which lets them add a personal touch to their payments.   Trusted by leading investors We’re proud to be supported by renowned investors like Elevation Capital, Y-Combinator, Peak XV (formerly Sequoia Capital India), Venture Highway, Global Founder’s Capital, and esteemed angels Kunal Shah and Amrish Rao.   Join Our Dynamic Team At Fam, our people-first approach is reflected in our generous leave policies, flexible work schedules, comprehensive health benefits, and free mental health sessions. We don’t mean to brag, but we promise you’ll be surrounded by some of the most fun, talented and passionate people in the startup space.   Want to see what makes life at Fam so awesome? Check out our shenanigans at @lifeatfam 😛 PS - We’re looking for someone with an AI-native mindset, who actively leverages AI in their day-to-day work, as we encourage and embed it across every level at Fam.