P5 Senior Lead - Legal

About the Team:

Join PayU's Legal and privacy team and work in a dynamic intersection of privacy and fintech laws. The Legal and Compliance team at PayU plays a strategic role in enabling business growth while ensuring adherence to regulatory and legal frameworks.

About the Role:

PayU is a leading fintech company and one of the largest payment service providers globally. We enable merchants and consumers to transact seamlessly through our comprehensive suite of financial services and payment solutions. Our mission is to build a world where everybody can access financial services, and we're committed to delivering exceptional customer experiences at every touchpoint. We are seeking a dynamic Senior Manager - Privacy to lead Digital Personal Data Protection Act, 2023 (“DPDP Act”) implementation across PayU group of companies. The role will be to assist in implementation of the privacy program for PayU group of companies, embed privacy by design across products, platforms and go-to-market initiatives. Ensure compliance with Indian laws (DPDP Act, IT Act), sectoral requirements (RBI/NPCI/PCI DSS), and applicable global standards (e.g., GDPR).

Responsibilities:

• Implement and maintain privacy governance (policies, SOPs, playbooks) and drive adoption with product, engineering, tech and other relevant teams.
• Review new products from a privacy perspective;
• Frontend, negotiate and close privacy related clauses and contracts including Data Processing Agreements.
• Advise on privacy aspects of new product/features, run DPIAs/PIAs, recommend mitigations, and track closure.
• Maintain and operationalize data inventories/maps and Records of Processing (RoPA) with all departments.
• Draft/review privacy notices, consent language and marketing/privacy communications.
• Negotiate and maintain privacy terms in contracts and DPAs, including cross-border transfer mechanisms and vendor risk controls.
• Advise on Data Principal/ DSAR processes (access, correction, portability, deletion) wherever necessary.
• Oversee third‑party and processor assessments from a privacy perspective.
• Deliver privacy training/awareness and report program metrics/ KPIs.
• Track regulatory changes (DPDP rules, RBI/NPCI/MeitY guidance) and translate into action items.
• Partner with InfoSec on technical controls (encryption, tokenization, retention/deletion, and DLP aligned to PCI DSS/NPCI requirements).

Requirements:

Essential Qualifications:

• 5-9 years in privacy/technology law or in-house legal focusing on data protection (preferably in payments/fintech or technology sector).
• Bachelor's degree in law
• Excellent verbal and written communication skills in English and Hindi with professional demeanor

Preferred Qualifications:

• LLB/LLM
• IAPP certifications (CIPP/A or CIPP/E, CIPM), ISO 27001 LA/LI (desired, but not mandatory)
• PCI DSS exposure preferred

Key Competencies:

• The ideal candidate will be an independent, result oriented, self-motivated individual who enjoys working in a fast paced, international, dynamic, and diverse environment.
• Ability to work in a highly dynamic environment and collaborate with various internal and external stakeholders.
• Drafting and reviewing data processing agreements, updating policies and processes, and assisting in overall implementation of the organizations data privacy framework.
• Work independently and liaise with business stakeholders and clients to understand and evaluate their respective data privacy & security requirements.
• Provide legal and regulatory advice relating to data privacy in order to minimise financial, legal and reputational risks. This will include advise on potential products / services proposed to be launched, potential business arrangements with partners / merchants and negotiating contracts with counterparties.
• Handle queries and issues relating to data privacy laws / regulations.
• Establish template standard documents for frequently used documentation.
• Liaising with international consultants / advisors to advise the organization on global data protection laws and its requirements,
• Assist the organization by keeping abreast of new legislation and regulatory developments that may impact the business of the organization
• Strong drafting and communication (both written and oral) skills in English.
• Efficient, punctual, responsible, transparent, reliable and accountable.

What we offer?

• A positive, get-things-done workplace
• A dynamic, constantly evolving space (change is par for the course – important you are comfortable with this)
• An inclusive environment that ensures we listen to a diverse range of voices when making decisions.
• Ability to learn cutting edge concepts and innovation in an agile start-up environment with a global scale

About us:

PayU, India's leading diversified fintech platform with Prosus as an investor, operates businesses that are regulated by the Reserve Bank of India and offers advanced solutions to meet the digital financial services needs of customers (merchants, banks, and consumers).

PayU provides payment gateway solutions to online businesses through its cutting-edge and award-winning technology and has empowered 4.5 lakhs+ businesses, including India’s leading enterprises, e-commerce giants and SMBs. It enables businesses to collect digital payments across 100+ online payment methods such as Credit Cards, Debit Cards, Net Banking, EMIs, pay-later, QR, UPI, Wallets, and more. It’s a preferred partner in the affordability ecosystem, offering the maximum coverage of issuers and easy-to-implement integrations across card-based EMIs, pay-later options and new-age cardless EMIs. PayU offers e-commerce brands best-in-industry success rates while ensuring a seamless checkout experience. PayU’s through its PayTech division, Wibmo provides market leading authentication and risk TSP services to leading banks in India and 30+ countries and through its NBFC, PayU Finance, it empowers 3.5 lakh+ merchants and 6 million consumers offering innovative and flexible credit solutions. Please visit: www.payu.in for more information.

Our Commitment to Building A Diverse and Inclusive Workforce

As a global and multi-cultural organization with varied ethnicities thriving across locations, we realize that our responsibility towards fulfilling the D&I commitment is huge. Therefore, we continuously strive to create a diverse, inclusive, and safe environment, for all our people, communities, and customers. Our leaders are committed to create an inclusive work culture which enables transparency, flexibility, and unbiased attention to every PayUneer so they can succeed, irrespective of gender, color, or personal faith. An environment where every person feels they belong, that they are listened to, and where they are empowered to speak up. At PayU we have zero tolerance towards any form of prejudice whether a specific race, ethnicity, or of persons with disabilities, or the LGBTQ communities.