PRIVACY & SECURITY LEAD

WHAT IS EDENRED?

Edenred is a leading digital platform for services and payments and the everyday companion for people at work, connecting more than 60 million users and more than 2 million partner merchants in 45 countries via 1 million corporate clients. Edenred offers specific-purpose payment solutions for food (such as meal benefits), engagement (such as gift cards and engagement platforms), mobility (such as multi-energy solutions, including EV charging, maintenance, toll and parking) and corporate payments (such as virtual cards). 

True to the Group's purpose, "Enrich connections. For good.", these solutions enhance users’ well-being and purchasing power. They improve companies’ attractiveness and efficiency, and vitalize the employment market and the local economy. They also foster access to healthier food, more environmentally friendly products and sustainable mobility.

Edenred’s 12,000 employees are committed to making the world of work a connected ecosystem that is safer, more efficient and more responsible every day. In 2024, thanks to its global technology assets, the Group managed close to €45 billion in business volume, primarily carried out via mobile applications, online platforms and cards.

Edenred is listed on the Euronext Paris stock exchange and included in the following indices: CAC 40, CAC 40 ESG, CAC Large 60, Euronext 100, Euronext Tech Leaders, FTSE4Good, DJSI Europe Index, DJSI World Index, and MSCI Europe.

YOUR ROLE

Own the governance, risk, and compliance (GRC) program for Edenred India BU and strengthen our security posture in alignment with global standards. You will define policies and controls, drive audits and remediation, oversee data protection (DPDP), and coordinate security operations (with global SOC/SIEM) to ensure secure-by-design delivery across products, cloud, and enterprise systems.

Key Responsibilities

• Governance and policies

 • Develop, maintain, and socialize security and compliance policies, standards, and SOPs aligned to ISO 27001, NIST/CIS, GDPR, and India DPDP Act.

 • Establish control frameworks and evidence requirements; manage RACI and sign‑off gates across Product, Tech, Ops, and Finance.

• Risk management and audit

 • Own the risk register (identify, assess, treat, track) and drive closure of audit findings (A1/A2); prepare for and coordinate internal/external audits.

 • Lead compliance assessments for new initiatives (ERP, integrations, data platforms) and provide clear guidance and remediation plans.

• Data protection and privacy

 • Implement DPDP controls: data classification, consent, retention, data subject rights, breach response; ensure lawful processing and cross‑border transfer controls with Legal.

• Security operations coordination

 • Partner with global SOC to operationalize SIEM, alert triage, incident response, and post‑mortems; maintain playbooks and escalation paths.

 • Oversee vulnerability management (VAPT), patching SLAs, and secure configuration baselines across endpoints, servers, cloud, and applications.

• Identity, access, and SoD

 • Define and enforce IAM/RBAC, privileged access (PIM), and Segregation of Duties for ERP and critical systems; run periodic access reviews.

• Secure SDLC and third‑party risk

 • Embed security in development: code reviews, OWASP Top 10, SAST/DAST, dependency checks (e.g., SonarQube), and release gates in CI/CD.

 • Run vendor/security due diligence (contracts, DPA, NDA, security questionnaires), and monitor third‑party risks.

• Business continuity and resilience

 • Coordinate BCP/DR design and tests with IT Resilience; validate RPO/RTO and ensure recovery runbooks are current.

• Training and awareness

 • Plan and deliver mandatory security and compliance trainings; track completion and effectiveness.

QUALIFICATIONS

• 6–10 years in information security/compliance roles within enterprise or SaaS environments, including hands‑on GRC ownership.

• Strong knowledge of ISO 27001/27002, NIST/CIS controls, OWASP Top 10, and India DPDP Act; familiarity with GDPR principles.

• Proven experience leading audits, managing risk registers, and closing findings with measurable outcomes.

• Experience coordinating SIEM operations (Splunk or equivalent), incident management, and vulnerability management/VAPT.

• Strong documentation and communication skills; able to translate controls into clear, actionable requirements for cross‑functional teams.

• Stakeholder management with global security/compliance teams and local business leaders; comfortable influencing without formal authority.

PREFERRED SKILLS

• ISO 27001 Lead Implementer/Auditor, CISSP, CISM, or equivalent certifications.

• Experience with ERP security and SoD (e.g., NetSuite/Oracle), and compliance in regulated environments (financial/benefits).

• Hands‑on with GRC tooling, DLP, EDR/XDR, and ticketing/workflow (Jira/ServiceNow).

• Knowledge of CERT‑In guidelines and incident reporting requirements.

FIRST 6 MONTHS CHALLENGES

• Publish India BU security and compliance charter, policy set, and control matrix aligned with global standards.

• Establish risk register and audit remediation plan; close or re baseline top A1/A2 actions with clear owners and dates.

• Define ERP/critical systems SoD and access review cadence; implement an incident response playbook with global SOC.

• Launch mandatory training cycle and achieve ≥95% completion; set monthly reporting for KPIs (incidents, findings, training, access reviews).

• Zero critical audit findings; closure of high severity actions within agreed SLAs.

• Incident MTTR targets met; vulnerability remediation within policy timelines.

• Compliance coverage: access reviews on schedule; training completion ≥95%.

• Documented and tested BCP/DR for critical systems.

OTHER DETAILS

Location: Thane, Mumbai. We follow a hybrid schedule, where employees are expected to be in the office three days a week.

Start Date: March 2026

Position: On Roll

OUR COMMITMENT

Edenred is all about meritocracy. You come as you are, and you contribute. Indeed, the Edenred Group recognizes, recruits and develops all talents and singularities. We are committed to preventing all forms of discrimination and to providing all our candidates with equal opportunities regardless of their gender and gender expression, disability, origin, religious belief and sexual orientation or any other criteria.

‍

‍

‍

‍