About the Team

Join PayU's Legal and privacy team and work in a dynamic intersection of privacy and fintech laws. The Legal and Compliance team at PayU plays a strategic role in enabling business growth while ensuring adherence to regulatory and legal frameworks.

About the Role

To support PayU’s growth plans in India for credit, payments and fintech opportunities, PayU is looking for a privacy legal counsel with strong background in privacy with exposure to banking, finance, technology and general corporate (and vendor contracts) related legal work together with a possible background in payments, credit and/or other financial services.

We are seeking a dynamic Manager - Privacy to lead Digital Personal Data Protection Act, 2023 (“DPDP Act”) implementation across PayU group of companies. The role will be to assist in implementation of the privacy program for PayU group of companies, embed privacy by design across products, platforms and go-to-market initiatives. Ensure compliance with Indian laws (DPDP Act, IT Act), sectoral requirements (RBI/NPCI/PCI DSS), and applicable global standards (e.g., GDPR).

Responsibilities:

• Operationalize privacy controls across credit journeys: consent capture, purpose limitation, data minimization, retention/deletion, and grievance redressal.
• Conduct DPIAs/PIAs for lending use cases (modeling, profiling, alternative data, bureau/KYC data), and document risk treatments.
• Maintain end‑to‑end data flow diagrams/inventories/RoPA across systems, APIs, data lakes, and vendors.
• Assist in Data Principal requests/DSARs wherever necessary; implement ticketing/automation and quality checks.
• Lead vendor privacy due diligence, DPAs, ongoing monitoring.
• Coordinate with InfoSec (where necessary) on incident/breach management and table‑top exercises; support regulatory engagement and audits.
• Align privacy practices with RBI digital lending guidelines, outsourcing, KYC/Aadhaar/UIDAI obligations, and credit bureau codes.
• Partner with Data/Engineering on anonymization/pseudonymization, PETs, lineage, and role-based access.
• Deliver periodic training to business, collections, and operations; publish dashboards and risk metrics.
• Technical fluency with data architectures, APIs, logs, and data lifecycle; ability to read data flow diagrams and collaborate with engineering.
• Working knowledge of DPDP Act, RBI/MeitY guidance, UIDAI/Aadhaar norms, GDPR fundamentals.
• Hands‑on with DPIA/PIA, DSAR, vendor risk, incident response; experience with privacy tools (OneTrust/TrustArc/BigID) a plus.
• Strong stakeholder management across product, risk, data science, operations, and legal.

Requirements:

Essential Qualifications:

• 4–6 years in privacy, security, or risk within fintech/NBFC, with demonstrable exposure to digital lending/credit data.

• Bachelor's degree in law
• Excellent verbal and written communication skills in English and Hindi with professional demeanour.

Preferred Qualifications

• LLB/LLM
• IAPP certifications (CIPP/A or CIPP/E, CIPM), ISO 27001 LA/LI (desired, but not mandatory)
• PCI DSS exposure preferred

Key Competencies:

• The ideal candidate will be an independent, result oriented, self-motivated individual who enjoys working in a fast paced, international, dynamic, and diverse environment.
• Ability to work in a highly dynamic environment and collaborate with various internal and external stakeholders.
• Drafting and reviewing data processing agreements, updating policies and processes, and assisting in overall implementation of the organizations data privacy framework.
• Work independently and liaise with business stakeholders and clients to understand and evaluate their respective data privacy & security requirements.
• Provide legal and regulatory advice relating to data privacy in order to minimize financial, legal and reputational risks. This will include advise on potential products / services proposed to be launched, potential business arrangements with partners / merchants and negotiating contracts with counterparties.
• Handle queries and issues relating to data privacy laws / regulations.
• Establish template standard documents for frequently used documentation.
• Liaising with international consultants / advisors to advise the organization on global data protection laws and its requirements,
• Assist the organization by keeping abreast of new legislation and regulatory developments that may impact the business of the organization
• Strong drafting and communication (both written and oral) skills in English.
• Efficient, punctual, responsible, transparent, reliable and accountable.

What we offer?

• A positive, get-things-done workplace.
• A dynamic, constantly evolving space (change is par for the course – important you are comfortable with this).
• An inclusive environment that ensures we listen to a diverse range of voices when making decisions.
• Ability to learn cutting edge concepts and innovation in an agile start-up environment with a global scale.

About us:

PayU, one of India's leading digital financial services providers with Prosus as an investor, operates businesses that are regulated by the Reserve Bank of India and offers advanced solutions to meet the digital payment and digital lending requirements of the Indian market. PayU India companies aim to create a full-stack digital financial services platform to serve all (tapped and untapped) financial needs of customers through technology solutions.

PayU Finance India Private Limited, is a non-deposit taking systemically important non-banking financial company registered with the Reserve Bank of India(“RBI”) vide certificate of registration (CoR) number 13.00127 dated 21 February 2019.

PayU Finance is engaged inter alia in the business of providing products, enterprise lending and specific lending, apart from providing certain technology related services, financial services, or a combination of both.

Our Commitment to Building a Diverse and Inclusive Workforce

As a global and multi-cultural organization with varied ethnicities thriving across locations, we realize that our responsibility towards fulfilling the D&I commitment is huge. Therefore, we continuously strive to create a diverse, inclusive, and safe environment, for all our people, communities, and customers. Our leaders are committed to create an inclusive work culture which enables transparency, flexibility, and unbiased attention to every PayUneer so they can succeed, irrespective of gender, color, or personal faith. An environment where every person feels they belong, that they are listened to, and where they are empowered to speak up. At PayU we have zero tolerance towards any form of prejudice whether a specific race, ethnicity, or of persons with disabilities, or the LGBTQ communities.