About The Team
The Compliance team at Meesho is like the Avengers safeguarding Meesho's S.H.I.E.L.D. As an Associate Compliance Manager, you’ll take the lead in fortifying our systems and ensuring they remain secure and compliant.After all, when 5% of Indian households shop with us, it’s important to build resilient systems to manage millions of orders every day. We’ve done this – with zero downtime! 😎Sounds impossible? Well, that’s the kind of Engineering muscle that has helped Meesho become the e-commerce giant that it is today. We value speed over perfection, and see failures as opportunities to become better. We’ve taken steps to inculcate a strong ‘Founder’s Mindset’ across our engineering teams, making us grow and move fast.We place special emphasis on the continuous growth of each team member - and we do this with regular 1-1s and open communication. As an AssociateCompliance Manager, you will be part of self-starters who thrive on teamwork and constructive feedback.We know how to party as hard as we work! If we aren’t building unparalleled tech solutions, you can find us debating the plot points of our favourite books and games – or even gossipping over chai. So, if a day filled with building impactful solutions with a fun team sounds appealing to you, join us.
About The Role
As an
Associate Manager
, you’ll play a key individual contributor role in driving security policies, ensuring adherence to compliance frameworks, and mitigating risks within Meesho’s internal and external environments. You’ll manage end-to-end compliance activities, oversee audits, and contribute to building a secure and compliant ecosystem.As part of the Security Compliance team, you’ll own and be accountable for the overall Information Security framework and program, helping to uphold the highest standards of security and privacy.
What You Will Do
- Lead and own the end-to-end security compliance and certification charter.
- Define, roll out, and enforce Information Security policies and procedures.
- Define and ensure adherence to data privacy and data protection laws (e.g., DPDP).
- Collaborate with third-party vendors to maintain robust third-party security practices.
- Ensure compliance with IT Act, e-commerce guidelines, and regulations related to cryptography, information security, and data privacy.
- Conduct periodic information security awareness training programs for employees.
- Oversee information security risk management and privacy impact assessments.
- Develop and maintain Business Continuity Plans (BCP) and conduct Business Impact Assessments (BIA) to ensure organizational resilience
- Draft and enforce Data Protection Agreements and Information Security Agreements.
- Manage and coordinate internal and external audit-related activities.
- Collect and present audit evidence to ensure successful compliance assessments.
- Develop, implement, and maintain internal audit policies and procedures in line with standards such as ISO 27001, SOC 2, PCI DSS, or any other opted frameworks.
- Audit data, systems, and processes for policy and regulatory compliance.
- Provide actionable insights and reporting on the effectiveness of compliance programs.
- Conduct vendor audits and produce comprehensive reports.
- Plan and execute ad-hoc audits as necessary.
What You Will Need
- Educational Qualification: Bachelor's/Master's degree in Computer Science, Information Security, or a related technical field.
- Experience: 4–7 years in information security, compliance, or audit roles.
- Demonstrated experience in startup environments or knowledge of regulatory frameworks (e.g., PCI DSS, ISO 27001).
- Strong problem-solving skills and hands-on experience implementing compliance standards.
- Familiarity with frameworks like ISO27001, NIST, Cyber Kill Chain, and MITRE ATT&CK.
- Working knowledge of cloud platforms (AWS, GCP) is highly advantageous.
- Excellent project planning, stakeholder management, and communication skills.
- Ability to adapt to evolving regulatory landscapes and implement best practices.
- Certifications like ISO Lead Auditor/Implementer, CISSP, CISM, CISA, or CCSP are a plus.
